Home > Articles > Cisco > CCIE

📄 Contents

  1. Section 1: Perimeter Security and Services
  2. Section 2: Intrusion Prevention and Content Security
  • Print
  • + Share This
This chapter is from the book

This chapter is from the book

Section 2: Intrusion Prevention and Content Security

This section covers tasks applicable to some specialized Cisco appliances, the Intrusion Prevention Sensor (IPS) and the Web Services Appliance (WSA). Both devices will be initialized and deployed into the network topology as shown in Diagram 1 and Diagram 2 in Part I. The single IPS appliance will be logically partitioned using various deployment modes of operation to service distinct traffic flows in the network. The WSA will handle redirected traffic of interest via Web Cache Communication Protocol (WCCP) from the Cisco ASA. It is important to verify whether traffic is correctly flowing through the appliances before moving on to other exercises in the lab.

Exercise 2.1: Initialize and Deploy the Cisco IPS Sensor Appliance

The exercise has four tasks.

You will be required to initialize the Cisco Intrusion Prevention Sensor (IPS) appliance and make it accessible from its management interface, and then deploy the sensor in three different interface modes: Inline VLAN pair, Inline Interface pair, and Promiscuous.

The Lab Topology diagram (Diagram 2 in Part I) depicts three IPS devices; however, only one physical IPS sensor exists in the network. This requires you to pay special attention to the switches in the topology to ensure switch ports are correctly configured (switchport modes, VLANs, and so on) to support each of the three logical/virtual sensors (refer to Diagram 1 in Part I).

Use names and details exactly as they appear in the tables.

Task 1: Initialize the Cisco IPS Sensor

Use the parameters in Table 1-11 to complete the task of initializing the sensor.

Table 1-11 Initialization Parameters

Parameter

Settings

Hostname

IPS

Management

Configure the command and control Management0/0 interface in VLAN 101

Sensor IP address

192.168.2.100/24

Default gateway

192.168.2.20

Sensor ACL

192.168.2.0

Telnet

Enable Telnet management

Verify the Cisco IPS sensor configuration using the following:

  • The username and password for the Cisco IPS console are ciscoips and 123cisco123. Do not change them. Use the console to initialize the Cisco IPS sensor appliance using the details in this table.
  • Ensure that the Management0/0 interface is up and functioning (refer to the Lab Topology diagram). You can modify the Cisco Catalyst switch configuration if required.
  • Ensure that the Cisco IPS sensor can ping the default gateway:

    IPS# ping 192.168.2.5
  • Ensure that the following ping and Telnet connection is successful from SW1:

    SW1# telnet 192.168.2.100

Task 2: Deploy the Cisco IPS Sensor in Inline VLAN Pair Mode

Configure the Cisco IPS sensor appliance for the Inline VLAN pair as shown in Table 1-12.

Table 1-12 Inline VLAN Pair Parameters

Parameter

Settings

Virtual Sensor Name

Physical interface

GigabitEthernet0/2

vs0

Inline VLAN pair

Vlan1 70 (VLAN70)

Vlan2 50 (VLAN50)

Task 3: Deploy the Cisco IPS Sensor in Inline Interface Pair Mode

Configure the Cisco IPS sensor appliance for the Inline Interface pair as shown in Table 1-13.

Table 1-13 Inline Interface Pair Parameters

Parameter

Name

Settings

Switch VLANS

Virtual Sensor Name

Interface Pair

ipair

GigabitEthernet0/0,

60

vs1

GigabitEthernet0/1

80

Task 4: Deploy the Cisco IPS Sensor in Promiscuous Mode

  • Configure the Cisco IPS sensor appliance for promiscuous mode on GigabitEthernet 0/3 and assign it to virtual sensor vs2.
  • For the solution and verification information of this lab exercise, see “Solution and Verification for Exercise 2.1: Initialize and Deploy the Cisco IPS Sensor Appliance.”

Exercise 2.2: Initialize the Cisco WSA

The Cisco WSA should be pre-initialized via the CLI with an IP address of 192.168.2.50:8080 and connected via SW1 in VLAN101 as shown in Diagram 2 in Part I.

Using a browser, connect to the WSA and complete the initialization of the Cisco WSA using the system setup wizard as shown in Figure 1-1. The information to be used for system setup is outlined in Table 1-14. Aside from the username and password values, other information in the System Information parameters can be anything.

Figure 1-1

Figure 1-1 WSA System Setup Wizard

Table 1-14 WSA Initialization Parameters

Parameter

Settings

Hostname

wsa.cisco.com

Interfaces

Management (M1) to be used for data and management

IP address

192.168.2.50/24

Default gateway

192.168.2.20

System Information

username: admin; password: ironport; email: fred@foobar.com ; timezone: America/United States/Los Angeles (this will vary)

NTP server

192.168.2.5

DNS

192.168.2.25

L4 Traffic Monitoring

Duplex TAP:T1 (In/Out)

Accept all other defaults.

From ASA1/c1, verify whether you can ping the M1 interface of the Cisco WSA:

ASA1/c1# ping 192.168.2.50

For the solution and verification information of this lab exercise, see “Solution and Verification for Exercise 2.2: Initialize the Cisco WSA.”

  • + Share This
  • 🔖 Save To Your Account