Section 6.0: IOS Firewall + IOS IDS Configuration (10 points)

6.1. CBAC (6 points)

6.1.1. Basic CBAC Configuration (2 points)
  1. Configure IOS Firewall on R2 to protect the EIGRP network. Ensure it can reach the rest of the network.

6.1.2. Firewall Filtering (2 points)
  1. No access but ICMP is allowed to R2.

  2. R1 should be able to Telnet to R2 using its loopback2 address as source. Configure ingress ACL on WAN links, including anti-spoofing technique. Do not deny RFC1918 address space.

6.1.3. Advanced CBAC Configuration (2 points)
  1. Configure prevention against TCP host-specific denial-of-service on R2. Set the threshold to 200 before the firewall engine starts deleting half-open sessions to the host.

6.2. Intrusion Detection System (IDS) (4 points)

6.2.1. ...

Get CCIE Security Practice Labs now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.