Configure asa basic management and firewall settingsnote default

Practice assessment

Required Resources

• 3 Routers (Cisco 1941 with Cisco IOS Release 15.2(4)M3 universal image or comparable)

• Ethernet and Serial cables as shown in the topology

Verify Network Connectivity

Configuration Task	Specification	Points
	See Topology for specific settings.	1/2
Ping interface S0/0/1 on R1 from R3.		1/2

following:

Configuration Item or Task	Specification	Points
Set minimum password length.		1
		1
	Username: Admin01 Privilege level: 15 Encryption type: 9 (scrypt) Password: admin01pass	1
Configure an MOTD banner.		1/2
		1/2
		4
Configure VTY lines to allow SSH access.	Allow only SSH access	1
Configure the AAA authentication and authorization settings.		2

Configuration Item or Task	Specification	Points
		2
	Class map name: INSIDE_PROTOCOLS Inspection type: match-any Protocols allowed: tcp, udp, icmp	3
Create an inspect policy map.		3
		2
	Zone pair name: IN_TO_OUT_ZONE Policy map name: INSIDE_TO_INTERNET	2
Assign interfaces to the proper security zones.		2

Page 3 of 9

Page 4 of 9

		2
	Interface: S0/0/0 Direction: in	2
Copy the S854 signature from PC-C.		3

Note: Not all security features in this part of the exam will be configured on all switches. However, in a production network, all security features will be configured on all switches. In the interest of time, the security features are configured on only S2, except where noted.

In Part 5, you will configure security settings on S2 using the CLI. Configuration tasks include the following:

Practice assessment

Create the VLAN list.		1/2
		2
	Switch: S2 Ports: F0/18, F0/24 VLAN assignment: 10	2
Enable PortFast and BPDU guard.		2
		3
	Switch: S2 Ports: F0/3-17, F0/19-23, G0/1-2	1
Configure Loop guard.		1
		3

Troubleshoot as necessary to correct any issues.

Configure ASA Basic Management and Firewall Settings

Page 6 of 9

		3
Configure the AAA to use the local database for SSH user authentication.		1
Generate an RSA key pair to support the SSH connections.		1
		1
	VLAN 1 interface: E0/1 VLAN 2 interface: E0/0	2
Configure the default route.		1
		2
Create a network object to identify internal addresses for PAT. Dynamically bind interfaces by using the interface address as the mapped IP.	Object name: INSIDE-NET Subnet: 192.168.10.0/24 Interfaces: inside, outside	2
		1

In Part 7, you will configure an AnyConnect SSL remote access VPN on the ASA using ASDM. You will then use a browser on PC-C to connect and download the Cisco AnyConnect Secure Mobility Client software located on the ASA. After the software has downloaded, you will manually install the AnyConnect software to PC-C and use it to establish a remote SSL VPN connection to the ASA.

Step 1: Configure SSL VPN settings on the ASA using the ASDM from PC-B.

Practice assessment

		7

To establish an SSL VPN connection to the ASA, you will need to use a browser on PC-C to download the Cisco AnyConnect Secure Mobility Client software from the ASA. After the software is downloaded, you will install the AnyConnect software to PC-C and then establish an SSL VPN connection to the ASA.

The steps required are as follows:

Router Interface Summary
Router Model	Ethernet Interface #1	Ethernet Interface #2	Serial Interface #1	Serial Interface #2
1800	Fast Ethernet 0/0 (F0/0)		Serial 0/0/0 (S0/0/0)
		Gigabit Ethernet 0/1 (G0/1)	Serial 0/0/0 (S0/0/0)	Serial 0/0/1 (S0/0/1)
			Serial 0/1/0 (S0/1/0)

Page 8 of 9

2811			Serial 0/0/0 (S0/0/0)
	Gigabit Ethernet 0/0 (G0/0)	Gigabit Ethernet 0/1 (G0/1)	Serial 0/0/0 (S0/0/0)