Section 6.0: IOS Firewall Configuration (8 points)

6.1. Context-Based Access Control (CBAC) (5 points)

  1. Configure R5 with IOS Firewall to protect VLAN6.

  2. Configure the firewall to monitor all TCP and UDP traffic.

  3. The R7 ATM network should be able to Telnet, ping, and FTP to all networks beyond R5 and should not be able to initiate any traffic to the Frame Relay network.

  4. The VLAN2 network should not be able to ping the R7 ATM link, but not vice versa.

  5. Configure the number of existing half-open sessions that will cause the firewall to start deleting half-open sessions at 1500 and to stop deleting at 1200 sessions.

  6. Configure 20 seconds for a TCP session to reach the established state before the firewall starts dropping the session.

6.2. Intrusion Detection ...

Get CCIE Security Practice Labs now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial