Assignment #1
Answer the following activity questions:
1. What are the two firewall options presented in the SDM?
Basic firewall and advanced firewall options.
2. What are the two differences between the basic and advanced configuration wizards?
Basic firewall is used to apply predefined rules to protect your network from the most common attacks. It will not allow for the configuration of DMZ services.
Advanced firewall is used to apply both the predefined rules as well your own customized rules to protect your network from the most common attacks. It allows for the configuration of DMZ services.
The advanced wizard allows for the configuration of multiple outside interfaces and inside surfaces whereas the basic configuration allows for the configuration of inside interfaces only.
3. How do you determine the untrusted interface?
We use a switch to determine untrusted abd trusted interfaces. By default the switch will consider all ports untrusted. We should therefore configure the switch to trust some ports when we enable DHCP snooping.
4. In terms of ease of configuration, how does using the SDM to configure a firewall compare to configuration using the CLI?
The Cisco SDM allows for easy configuration of Cisco IOS software security features on Cisco access router on a device-by-device basis and also enables proactive management through performance monitoring. Users can also remotely configure and monitor a set of Cisco routers.
Assignment #2
Answer the following activity questions:
1. When would you configure a GRE tunnel?
GRE tunnel is configured when you want to accomplish routing between different networks since the normal security configurations cannot transfer routing protocols.
2. When would you configure a Dynamic Multipoint VPN?
Dynamic Multipoint VPN can be configured when you want a secure scalable network
3. What does using WebVPN allow you to do that other VPN configurations do not?
It has scalability and unique virtualization capabilities.
4. What hashing algorithm and encryption algorithm does Cisco use for its site-to-site VPN implementation?
It uses 3DES encryption algorithm and an MD5 hashing algorithm for its site-site VPN implementation.