Scribd Logo
Upload

Welcome to Scribd!

  • Enterprise Secure Network

    Uploaded by

    Kijek TR
    9 views20 pages

    Original Title

    Esn

    Copyright

    © © All Rights Reserved

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    9 views20 pages

    Enterprise Secure Network

    Uploaded by

    Kijek TR

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 20

    ESN

    Enterprise Secure Network


    CONTENTS

    01 Project Description

    02 Network Topology

    03 Requirements
    Project Description
    The Enterprise is an IT solutions that has three branches as the followings:
    · Cairo-Site
    · Alex-Site
    · DC-Site
    And it's ordered their network engineers for designing and implementing its
    networks on each site, connecting them together with a DMVPN over GRE WAN
    link.
    Looking at Cairo-Site, it has four departments separated by four VLANs as
    the following table:

    VLAN Name Network


    10 IT 172.16.0.0/27
    20 SALES 172.16.0.32/27

    30 PR 172.16.0.64/27

    40 HR 172.16.0.96/27
    Looking at Alex-Site, it has two departments separated by
    two VLANs as the following table:

    VLAN Name Network

    10 Technical-Support 192.168.0.0/25

    20 Customer-Service 192.168.0.128/25
    Looking at Data Center, it has the following servers:

    Domain Controller + DHCP Server

    Backup Domain Controller + DHCP Server

    CUCM-Server

    ACS-Server

    And they all rely at 192.168.2.0/25 network.


    Network Topology
    Requirements
    Notice:

    Cairo-GW, ALEX-GW, DC-GW-1 and DC-GW-2, are connected to the I


    SP for an internet connection with a public IP assigned to each, and u
    sing this mechanism of connection, they've been configured in a GRE
    +DMVPN WAN link, making Cairo-GW is a hub, and all the rest are co
    nsidered as peripherals spokes.
    • Configure WAN links between Cairo-Core-1, Cairo-Core-2, Cairo-DSW-1 and Cairo-DSW-2.

    • Configure OSPF between Cairo-Core-1, Cairo-Core-2, Cairo-DSW-1 and Cairo-DSW-2 to be in a


    rea 0.

    • Configure trunk ports on Cairo-DSW-1 and Cairo-DSW-2, Cairo-Access-1, Cairo-Access-2, Cair


    o-Access-3 and Cairo-Access-4.

    • Configure VTP versi on 3 “fee@fee.com" on Cairo-DSW-1 to be in the primary server mode with
    an authenti cation key with cisco.

    • Configure VTP versi on 3 " fee@fee.com" on Cairo-DSW-2, Cairo-Access-1, Cairo-Access-2, Cair


    o-Access-3 and Cairo-Access-4 to be in the client mode with an authentication key with cisco.

    • Configure VLANs as shown in the table for Cairo-Site, on Cairo-DSW-1

    • Configure Cai ro-DSW-1 to be the default-gateway for VLAN 10 and VLAN 20.

    • Configure Cai ro-DSW-1 to be the default-gateway for VLAN 30 and VLAN 40.
    • Configure helper-address on Cairo-DSW-1 and Cairo-DSW-2 so all hosts on Cairo-Site can get a
    n IP from the D.C+DHCP-Server and Backup D.C+DHCP-Server as an alternate DHCP-Server.

    • Configure access-ports on Cairo-Access-1, Cairo-Access-2,Cairo-Access-3 and Cairo-Access-4.

    • Permit for VLAN 10, VLAN 20, VLAN 30 and VLAN 40 only to go into trunk ports.

    • Configure interfaces IP configuration on Sophos-UTM, setting the default-gateway for eth1 and
    eth2.

    • Configure OSPF on eth1, eth0 and eth2 on Sophos-UTM to be on area 0.

    • Configure default-route to be announced from Sophos-UTM to Cairo-Switches.

    • Configure load-balanci ng between eth1 and eth2 on Sophos-UTM putting eth1 as an active link
    and eth2 as a standby link.

    • Configure interfaces IP configuration on ISP, NAT configuration and default route configuration
    so any site can connect to the internet.
    • Configure interfaces IP configuration on Cairo-GW, NAT configuration, OSPF configuration and
    default route configuration so Cairo-Site can go to the internet.

    • Configure interfaces IP configuration on Alex-GW, NAT configuration, OSPF configuration and d


    efault route configuration so Alex-Site can go to the internet.

    • Configure interfaces IP configuration on DC-GW-1 and DC-GW-2, NAT confi guration, RIPv2 conf
    iguration and default route configuration so DC-Site can go to the internet.

    • Configure GRE+DMVPN on Cairo-GW, Alex-GW, DC-GW-1 and DC-GW-2 so ALEX-Site, Cairo-Si


    te and DC-Site can be connected together.

    • Configure EIGRP over DMVPN network between Alex-Site, Cairo-Site and DC-Site.

    • Configure interfaces IP configuration on Alex-Master-GW, OSPF configuration and VRRP configu


    ration to be master for VLAN 10 and backup for VLAN 20 with an authentication key with cisco.

    • Configure interfaces IP configuration on Alex-Backup-GW, OSPF configuration and VRRP config


    uration to be master for VLAN 20 and backup for VLAN 10 with an authentication key with cisco.
    • Configure helper-address on Alex-Master-GW and Alex-Backup-GW.

    • Configure trunk ports on Alex-Core, Alex-Access-1 and Alex-Access-2.

    • Configure VTP versi on 3 “fee@fee.com" on Alex-Core and set it as a primary server with an aut
    hentication key wi th cisco.

    • Configure VTP versi on 3 “fee@fee.com" on Alex-Access-1 and Alex-Access-2 and set them as a
    client with an authentication key with cisco.

    • Configure Port-Channel on Alex-Core, Alex-Access-1 and Alex-Access-2 to be operating on PAg


    P.

    • Configure access-ports on Alex-Access-1 and Alex-Access-2.

    • Configure interfaces IP configuration on DC-GW-3 and RIPv2.

    • Inject ASDM on ASA-Firewall and configure i nterfaces IP configuration.


    • Set security level with 100 for all ASA-Firewall interfaces.

    • Enable ICMP on ASA-Firewall.

    • Configure domain control ler on D.C+DHCP Server and DHCP pools for al l VLANs on the other t
    wo sites.

    • Configure backup domain controller on Backup D.C+DHCP Server and backup DHCP pools for a
    ll VLANs on the other two sites.

    • Configure OUs for each site and OUs for each VLAN on A.D on D.C+DHCP-Server.

    • Configure group policy so deny access for USB ports, CD-Room, control panel for each VLAN.

    • Add the domain controller in the Sophos-UTM as an authentication server and synchronize Soph
    os with active directory.

    • Enable web-filter for each VLAN on Cairo-Site so VLAN 10 can't access the any website without
    authenticating, VLAN 20 can't access only to www.facebook.com, VLAN 30 can't access only to
    www.twitter.com, and VLAN 40 can't access any HTTP/HTTPs websi te.
    • Configure ACS-Server to be a TACACS+ authenticator.

    • Configure AAA model on Cairo-GW, Alex-GW, Alex-Master-W, Alex-Backup-GW, DC-GW-1, DC-G


    W-2 and DC-GW-3 so any console access can be authenticated via ACS-Server or local passwor
    d access.

    • Configure CME-Server to be a call-manager for VLAN 10, VLAN 20, VLAN 30 and VLAN 40 on C
    airo-Site.

    • Configure CUCM-Server to be a call-manager on DC-Site.

    • Configure dial-peer between CME-Server and CUCM-Server so any phone from VLAN 10, VLAN
    20, VLAN 30 and VLAN 40 can contact any phone from DC-Site.
    THANKS

    You might also like