Cisco Packet Tracer 8.x labs
What is Cisco Context-Based Access Control ?
Cisco's Context-Based Access Control (CBAC) is a security component similar to reflexive ACL available in ISR routers. This feature has been implemented in Packet Tracer since version 5.3
CBAC enables dynamic modification of inbound access lists to allow some incoming flows even if a "deny any any" ACL has been implemented by first inspecting and recording flows initiated from the protected internal network. The main difference with reflexive ACLs is that whereas reflexive ACLs act solely on L2-L4 protocol attributes, CBAC is able to inspect all the way to the application layer (layer 7), taking into consideration characteristics of a flow on a per-protocol (or context) basis.
This lab will show you how to configure site-to-site IPSEC VPN using the Packet Tracer 8.2 ASA 5505 firewall. By default, the Cisco ASA 5505 firewall denies the traffic entering the outside interface if no explicit ACL has been defined to allow the traffic. This default behaviour helps protecting the enterprise network from the internet during the VPN configuration.
Packet Tracer 8.2 also features the newest Cisco ASA 5506-X firewall.
In this lab, a small branch office will be securely connected to the enterprise campus over the internet using a broadband DSL connection to demonstrate ASA 5505 site-to-site VPN capabilities. Not dynamic routing protocol will be configured between the two sites.
Campus addressing scheme :
- Campus IP addresses : 172.16.0.0/17
- DC : 172.16.0.0/18
- Users : 172.16.64.0/20
- DMZ : 172.16.96.0/21
- Network devices : 172.16.252.0/23
- L3 P2p links : 172.16.254.0/24
Branch office 1 IP subnet : 172.16.129.0/24
Enterprise internet IP addresses : 18.104.22.168/28
IPSEC VPN configuration to apply :
- ESP Encryption : AES-256
- AH hash algorithm : SHA
- Pre shared key : SHAREDSECRET
A new switch just purchased from Cisco contains no default configuration. You need to configure the switch with setup mode or from scratch using the command line interface (CLI) before connecting it in your network environment.
As a Cisco CCNA certified professional, it is very important to know the basic Cisco switch configuration commands to improve the performances and the security of the enterprise network.
HDLC is a data link protocol used on synchronous serial data links. Because the standardized HDLC cannot support multiple protocols on a single link (lack of a mechanism to indicate which protocol is carried), Cisco developped a proprietary version of HDLC, called cHDLC, with a proprietary field acting as a protocol field. This field makes it possible for a single serial link to accommodate multiple network-layer protocols.
Cisco’s HDLC is a point-to-point protocol that can only be used on serial links or leased lines between two Cisco devices. PPP has to be used when communicating with non-Cisco devices. HDLC is the default encapsulation on serial links in a Cisco router. However, to change the encapsulation back to HDLC from PPP, use the following command from interface configuration mode:
With a back-to-back serial connection, the ISR router connected to the DCE end of the serial cable provides the clock signal for the serial link. This clock is received by the DTE device. The clock rate command in the interface configuration mode enables the router at the DCE end of the cable to provide the clock signal for the serial link. The default clock rate is 64000.