CCNP2 Case Study

Instructions
Implement the International Travel Agency network shown in the topology diagram using the information and instructions in the scenario. Implement the design on the lab set of routers. Verify that all configurations are operational and functioning according to the guidelines.

Topology Diagram


1 - 2 CCNP: Implementing Secure Converged Wide-area Networks v5.0 - Case Study 1 Copyright © 2007, Cisco Systems, Inc
Case Study 1: CLI IPsec and Frame-Mode MPLS



Scenario
The International Travel Agency needs parts of its network set up with IPsec and Multiprotocol Label Switching (MPLS) with the given specifications and the topology shown in the diagram. This case study should be completed using the Cisco IOS command-line interface (CLI), without using the Cisco Security Device Manager (SDM).
• Configure all interfaces using the addressing scheme shown in the topology diagram.
• Run Enhanced Interior Gateway Routing Protocol (EIGRP) AS 1 in the entire International Travel Agency core network. All subnets should be included.
• Create an IPsec tunnel between R1 and R3 with an appropriate transform set and Internet Security Association and Key Management Protocol (ISAKMP) policy.
• This IPsec tunnel should only encrypt traffic between R1’s loopback network and R4’s loopback network.
• Use pre-shared keys for authentication in the ISAKMP policy.
• Do not create any new interfaces to achieve this task.
• Use any encryption algorithms desired for the tasks listed above that use the crypto suite of protocols.
• Configure MPLS on both ends of the link between R3 and R4.
• Configure R1 to send system logging messages at the error severity level to an imaginary host located at 172.16.2.200.
• Set up the correct time on R4 using the clock set command. Use the inline IOS help system if you do not know the syntax of this command.
• Configure R4 as an Network Time Protocol (NTP) master with stratum 5.
• Configure R3 as an NTP client of R4.
Questions
• Will R3 or R4 send the NTP queries as MPLS frames? Explain.
• Will R3 or R4 send any packets destined to the other router as MPLS frames? Explain.
• Will R3 or R4 send any packets at all as MPLS frames? Explain.
• Differentiate among the algorithms by explaining which algorithms in your IPsec policy apply to encryption, which to authentication, and which to message integrity. According to your reading, which of the available algorithms in each category is most secure?
• How does NTP help prepare a network for system logging? Explain. 2 - 2

CCNP: Implementing Secure Converged Wide-area Networks v5.0 -