Home

Cisco Packet Tracer 8.x labs

Introduction

A growing challenge for network administrators is to be able to control who is allowed - and who isn't - to access the organization's internal network. This access control is mandatory for critical infrastructure protection in your network. It is not on public parts of the network where guest users should be able to connect.

Port security is a feature implemented in Cisco Catalyst switches which helps network engineers in implementing network security on network boundaries.

In its most basic form, the Port Security feature remembers the MAC address of the device connected to the switch edge port and allows only that MAC address to be active on that port. If any other MAC address is detected on that port, port security feature shutdown the switch port.

The switch can be configured to send a SNMP trap to a network monitoring solution to alert that a port is disabled for security reasons.

 

Download free Cisco Packet Tracer 8.2.2 labs designed by our team for CCNA and CCNP Enterprise training.

Packet Tracer 8.2.2 supports labs created in previous Packet Tracer versions 8.1, 8.0, 7.x. However, the files created in Packet Tracer 8.2.2 are not backward compatible with previous versions. Please download the latest Cisco Packet Tracer 8.2.2 on Cisco Netacad before using our labs.

All activities included in the new CCNA v7.02 curricula are fully compatible with Packet Tracer 8.2.1. CCNA v7 students should continue to use Packet Tracer 7.2.2. It is highly recommended for CCNA Routing & Switching (v6), CCNA Discovery, CCNA Exploration, CCNA Security students to stay with Packet Tracer 7.2.2 as they could encounter a warning messages in Packet Tracer 8.2.2

 

Lab instructions

SSL VPN technology can be configured in three ways :

  • Thin Client VPN
  • SSL VPN Client
  • Clientless SSL VPN (WebVPN)

Clientless SSL VPN is a technology allowing limited but secure access to internal network ressources from any location using a web browser. No specific VPN client is needed, a remote user only needs an SSL-enabled web browser to access http- or https-enabled web servers on the internal network. This technology is available on ASA 5505 firewall and has been implemented in Packet Tracer 8.2 network simulator.


Firewall configuration to apply in this lab:

  • Outside IP : 192.168.1.1/24
  • Inside IP : 192.168.2.1/24
  • User login : test
  • User password : test.test
  • Website IP : site 1

 

Network diagram

In this lab, the AutoNAT feature of ASA 5506-X firewall is used to configure the NAT rules that allow the hosts on the LAN segments to connect to the Internet. Network Address Translation is needed because these internal hosts use private IP addresses which are not routable on the Internet. Network Address Translation makes the addresses so that they look like the ASA's outside interface IP address. AutoNAT suits best if the ASA external IP changes frequently (DHCP).

 Packet Tracer 7.2 - ASA 5506-X DMZ lab

 

Lab instructions

1. Configure NAT to allow LAN users to access the INTERNET

2. Configure NAT to allow DMZ servers to access the INTERNET

3. Configure inbound NAT rule to allow access to the 172.16.1.10 DMZ webserver from the Internet with 148.12.56.68 public IP address.

4. Configure ICMP rules to allow laptop1 to ping 148.12.56.1 internet router and any internet resource. An access-list, named OUTSIDE, will be configured to allow incoming echo-reply and unreachable ICMP replies

5.Configure the required access-lists on the internet facing interface to allow incoming trafic to the DMZ webserver

6.Test HTTP connectivity from the Public laptop to the DMZ webserver (http://148.12.56.68)

What is Cisco Context-Based Access Control ?

Cisco's Context-Based Access Control (CBAC) is a security component similar to reflexive ACL available in ISR routers. This feature has been implemented in Packet Tracer since version 5.3

CBAC enables dynamic modification of inbound access lists to allow some incoming flows even if a "deny any any" ACL has been implemented by first inspecting and recording flows initiated from the protected internal network. The main difference with reflexive ACLs is that whereas reflexive ACLs act solely on L2-L4 protocol attributes, CBAC is able to inspect all the way to the application layer (layer 7), taking into consideration characteristics of a flow on a per-protocol (or context) basis.

Lab Topology

Packet Tracer 7.2 lab 20 (CBAC) topology

Download Cisco Packet Tracer 7.2 CBAC lab

 

Trademark notice : This web site and/or material is not affiliated with, endorsed by, or sponsored by Cisco Systems, Inc. Cisco, Cisco Systems, Cisco IOS, CCNA, CCNP, Networking Academy, Linksys are registered trademarks of Cisco Systems, Inc. or its affiliates in the U.S. or certain other countries.