Scribd
Upload
6 views5 pages

Assignment #1 - Final Version

The document outlines the requirements for a network design and configuration assignment for Doha consulting company, including creating a specific network topology and configuring various devices such as routers, switches, and an ASA device. Key tasks include setting up IP addresses, DHCP services, NTP synchronization, and implementing security measures like AAA authentication and NAT services. The assignment also includes a grading scheme based on different components of the network setup and configuration.

Uploaded by

amal98.alaskari
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
6 views5 pages

Assignment #1 - Final Version

The document outlines the requirements for a network design and configuration assignment for Doha consulting company, including creating a specific network topology and configuring various devices such as routers, switches, and an ASA device. Key tasks include setting up IP addresses, DHCP services, NTP synchronization, and implementing security measures like AAA authentication and NAT services. The assignment also includes a grading scheme based on different components of the network setup and configuration.

Uploaded by

amal98.alaskari
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 5

Assignment #1

You have been hired by Doha consulting company to design the following network design and configuration.

Page | 1
Instructions
1. Create the topology as above.
2. The number xxx is a number that will be assigned to you by your instructor.
3. Use the following configurations
Private Network
192.168.xxx.0/24
S1 IP 192.168.xxx.200/24
AAA Server (Radius)
Admin1 password admin1
Adam password adam
PC1, PC2 and PC 3 DHCP Clients

DMZ Network
10.10.xxx.0/24
DMZ-S1 10.10.xxx.100/24
200.200.200.10 (public)
DNS
DMZ-S2 10.10..xxx.200/24
200.200.200.11 (public)
WWW.udst.edu.qa

4. Configure the routers


 Configure the interfaces as outlined
 Configure static and OSPF as needed.
 Synchronize the time from NTP server
5. Configure NTP Server on R1
 The authentication key is key 1 with the password realmadrid
 Synchronize all the switches, routers and firewall with the NTP Server
6. Configure Device Hardening for the switches
 Configure Switches to protect against STP attacks.
 Configure switches port security and disable unused ports.
 Synchronize the time from NTP server

Page | 2
7. Configure Basic Device Hardening for the ASA device.
 Configure the inside, outside, and dmz interfaces with the following
information:
 IP address 192.168.xxx.1/24, nameif inside, security-level 100
 IP address 200.200.xxx.1/28, nameif outside, security-level 0
 IP address 10.10.xxx.1/24, nameif dmz, security-level 70
8. Configure DHCP service on the ASA device for the internal network.
 The DHCP pool is 192.168.xxx.30 – 192.168.xxx.40.
 DHCP service should provide DNS server and domain name information.
 Verify that the internal users (PC0 and PC1) obtain the dynamic
addressing information correctly.
9. Configure Secure Network Management for the ASA Device.
NTP Client
 Enable NTP client on the firewall
.AAA Configuration
 Configure the ASA device with AAA authentication and verify its
functionality:
 Configure AAA to use the local database for SSH connections to the
console port.
 Generate a RSA key pair to support with modulus size of 1024 bits.
 Configure ASA to accept SSH connections only from the PC1–
Configure SSH session timeout to be 20 minutes.
10.NAT Configuration
 Configure NAT Service for the ASA device for both inside and DMZ
networks.
 Create an object inside-nat with subnet 192.168.xxx.0/24 and enable the
IP addresses of the hosts in the internal network to be dynamically
translated to access the external network via the outside interface.
 Create an object dmz-S1to statically translate the DNS server in the
DMZ to the public IP address
 Create an object dmz-S2 to statically translate the web server in the DMZ
to the public IP address.

11.ACL Configuration

Page | 3
 Configure ACL and firewall on the ASA device to implement the
Security Policy.
12.Group Policy Configuration
 Modify the default MPF application inspection global service policy to
enable hosts in the Internal network to access the web servers on the
Internet
 – Create a class inspection_default that matches default-inspection-
traffic.
 – Create a policy-map global_policy and specify the inspect with dns,
ftp, http, and icmp.
 – Attach the policy map globally to all interfaces.
 b. Configure an ACL to allow access to the DMZ servers from the
Internet.

Assignment Grading Scheme

Page | 4
Name: Student ID:
Items Allocated Mark Earned Mark Comments
Topology Setup 5
Router Configuration 10
Interfaces
Routing Protocols
NTP Synchronization
Switch Hardening 15
Port Security, dot1x
Configuration
NTP Synchronization
NTP Configuration on R2 10
AAA Configuration 5
Basic Device Hardening for 10
the ASA device.
Zone Configuration
the inside, outside,
and dmz interfaces
DHCP Services on ASA 5
NAT Services on ASA 5
ACL on ASA 5
Group Policy Configuration 10
on ASA
Testing 5
Individual Interview 15

Total 100

Page | 5

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy