Professional Documents
Culture Documents
FEB 2021
ITNE2005R Lab Tutorial 3
Objective
Configure logging.
Verify IPS
Please provide the screenshot of your work as an evidence. Also, save and keep the packet tracer file. It may be
asked later for the verification
Background / Scenario
Your task is to enable IPS on R1 to scan traffic entering the 192.168.1.0 network. The server labeled
Syslog is used to log IPS messages. You must configure the router to identify the syslog server to receive
logging messages. Displaying the correct time and date in syslog messages is vital when using syslog to
monitor the network. Set the clock and configure the timestamp service for logging on the routers.
Finally, enable IPS to produce an alert and drop ICMP echo reply packets inline.
Figure 1 Topology
First, we checked to see if our security technology package was turned on, but it wasn't.
The security technology package was then activated, and the user licensing agreement was
approved. We then reloaded the router in order to activate the security license.
The connection of my topology was then tested by pinging from PC-C to PC-A and conversely,
and then both pings were successful.
Then, in flash, we established an IOS IPS configuration directory and specified the IPS signature
storage location. Then we added an IPS rule, enabled logging, and adjusted the clock.
Finally, we set up IOS IPS to employ signature categories and assigned an IPS rule to an interface.
Then we altered the signature event action by un-retiring the echo request signature and altering
the action to alert and drop, as seen below.
Then, using the show ip ips all command, we checked all of the setups and obtained the proper
summary.
We then pinged from PC-C to PC-A, but it failed since the IPS rule for event action of an echo
request was set to reject packet inline. However, the ping between PC-A and PC-C worked since the
IPS rule does not cover echo response?
References:
https://itexamanswers.net/: https://ccnasec.com/