Sunday, June 9, 2013

CCNA Security Review

CCNA Security: Implementation
In the next post, I'll be picking up where I left off with the ASA lab, but I want to list out what I'll primarily be focusing on in the next series of posts.  I'll still be reviewing the configuration for the lab, but focusing in on these key topics from the CCNA Security Syllabus:

Implement security on Cisco routers
Implement AAA
Implement IP ACLs
Implement secure network management
Implement VLANs and trunking
Implement spanning tree
Implement zone based firewall policy using CCP
Implement ASA
Implement NAT and PAT
Configure Cisco IOS IPS using CCP
Implement IOS IPSec site-site VPN with PSK auth
Implement SSL VPN using ASDM


We've performed the basic setup of the ASA, now we need to configure a few access control functions, and then configure NAT and PAT, and besides the VPN configurations, we'll have the ASA covered.

Moving on from there, I'll be reviewing configuring the datacenter, corp, and branch routers following the CCNA Security implementation topics-secured following the network foundation protection topics, locally hardened, and an example of ZBF configuration using CCP.  The datacenter edge router will have NAT/PAT configured via CCP.  The ISP router will be configured with an IP ACL to review on access lists.

The internal switches will be configured following what is expected of the exam blueprint- secure management, spanning tree protection, port security.  VLANs and trunks will of course be setup, this goes without saying considering the topology.

All devices will be configured for snmp logging, and a later date, this data will be fed to a network monitoring system.  For now, AAA local will be used until I have a tacacs server setup, but I will review the tacacs commands.

As a demonstration, I will configure IOS IPsec site to site with PSK between two of the routers, but will tear this down and replace it with a full mesh site to site tunnels between the routers and the ASA using digital certificates for authentication instead of PSK.

A SSL VPN will be configured for remote users using the ASDM

I don't have a router capable of running IOS IPS so I won't be able to demonstrate that implementation step.

That covers most if not all of the implementation topics listed on the exam blueprint as of today.
Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)