IOS Site-Site VPN Conf with RSA Signature Microsoft CA Server 2003

Acquiring the certification isn’t going to be an easy task, but if you have the expertise help of the Microsoft 70 740 Dumps offered at the ExamClubs, you would be able to achieve it in a single attempt.

R1

interface fastEthernet 0/0 no shutdown ip add 192.168.101.1 255.255.255.0 no shutdown int s0/0 no shutdown ip add 101.1.1.100 255.255.255.0 no shutdown ip route 0.0.0.0 0.0.0.0 101.1.1.1 ISP interface s0/0 no shutdown ip add 101.1.1.1 255.255.255.0 no shutdown int s0/1 no shutdown ip add 102.1.1.1 255.255.255.0 no shutdown int f0/0 no shutdown ip add 192.168.105.1 255.255.255.0 no shutdown

R2

interface fastEthernet 0/0 no shutdown ip add 192.168.102.1 255.255.255.0 no shutdown int s0/0 no shutdown ip add 102.1.1.100 255.255.255.0 no shutdown ip route 0.0.0.0 0.0.0.0 102.1.1.1

R1

R1# ping 192.168.101.1 #Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.101.1, #timeout is 2 seconds: !!!!! #Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/4 ms R1#ping 192.168.105.100 #Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.105.100, timeout is 2 seconds:#.!!!! Success rate is 80 percent (4/5), round-trip min/avg/max = 8/14/24 ms R1# ping 102.1.1.100 #Type #escape sequence to abort. Sending 5, 100-byte ICMP Echos to 102.1.1.100, timeout is 2 seconds: #!!!!!#Success rate is 100 percent (5/5), round-trip min/avg/max = 4/18/44 ms

R2

R2# ping 192.168.102.1 #Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.102.1, #timeout is 2 seconds: !!!!! #Success rate is 100 percent (5/5), #round-trip min/avg/max = 4/4/4 ms R2#ping 192.168.105.100#Type #escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.105.100, timeout is 2 seconds: #!!!!! Success rate is 100 percent (5/5), #round-trip min/avg/max = 8/12/20 ms R2#ping 101.1.1.100 #Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 101.1.1.100, #timeout is 2 seconds: !!!!! #Success rate is 100 percent (5/5), #round-trip min/avg/max = 1/14/44 ms #ISP ISP#clock set 15:43:45 18 jan #2016 ISP(config)#ntp master 
R1(config)# ntp server 101.1.1.1 R2(config)# ntp server 101.1.1.1 R1#sh #clock 15:44:39.428 UTC Mon Jan 18 2016 R2#sh clock 15:44:43.644 UTC Mon Jan 18 2016 #R1 crypto ca trustpoint #ttt enrollment #url http://192.168.105.100/certsrv/mscep/mscep.dll revocation-check none exit R1(config)# crypto ca authenticate ttt #Certificate has the following attributes: Fingerprint MD5: C0952B98 #E5B8A10A A233B5A6 48DEE923 Fingerprint SHA1: D6238A4D CFC01F9F C2B23404 5E30B345 A7668E19 % #Do you accept #this certificate? [yes/no]: yes #Trustpoint CA certificate accepted. R1(config)# crypto ca enroll ttt % % #Start certificate enrollment .. % #Create a challenge password. #You will need to verbally provide this #password #to the CA Administrator in order to revoke your certificate. #For security reasons your password #will not be saved in the configuration. #Please make a note of it. Password: 05287B6712D04F84 #Jan 18 15:45:48.729: RSA key size needs to be atleast 768 bits for ssh version 2 #Jan 18 15:45:48.741: %SSH-5-#ENABLED: SSH 1.5 has been enabled #Jan 18 15:45:48.745: %CRYPTO-6-AUTOGEN: Generated new 512 bit key pair #Re-enter password: 05287B6712D04F84 % The subject name in the certificate will include: #R1.lab.local % #Include the router serial number in the subject name? [yes/no]: #n % Include an IP address in the subject #name? [no]: n Request certificate from CA? [yes/no]: yes % #Certificate request sent to Certificate #Authority % #The 'show crypto ca certificate ttt verbose' commandwill show the fingerprint. #R1(config)# Jan #18 15:46:45.774: CRYPTO_PKI: Certificate Request Fingerprint MD5: 9183CBF5 AAF82FA0 #3988E942 A484CBFF Jan #18 15:46:45.782: CRYPTO_PKI: Certificate Request Fingerprint SHA1: F5C0FD62 DF75A859 #E311818A AD8E1690 #B54D6D6C R1(config)# Jan 18 15:46:48.098: %PKI-6-CERTRET: Certificate received from Certificate Authority #Obtain OTP from 

If you wish to make your career in network, the Certifications is considered to be the best certification, to jump-start your career. But gaining this certification isn’t considered to be that much easy. You have to go through lots and lots of study process unless you have the help of the Microsoft AZ 301 Dumps offered at the ExamClubs.

ccnp exam

R1#sh crypto ca certificates Certificate Status: #Available Certificate Serial Number: 0x6108AC93000000000004 #Certificate Usage: General Purpose Issuer: #cn=CA #Subject: Name: R1.lab.local hostname=R1.lab.local CRL #Distribution Points: #http://ca/CertEnroll/CA.crl #Validity Date: start date: 10:06:45 UTC Jan 18 2016 #end date: 10:16:45 UTC Jan #18 2017 #Associated Trustpoints: ttt #CA Certificate Status: Available Certificate #Serial Number: #0x7DF36B80B94A57814E744D2283267CA4 #Certificate Usage: Signature Issuer: cn=CA #Subject: cn=CA CRL #Distribution Points: http://ca/CertEnroll/CA.crl #Validity Date: start date: 09:45:09 UTC Jan 18 2016 #end date: 09:54:59 UTC Jan 18 2021 #Associated Trustpoints: ttt R2 crypto ca trustpoint ttt enrollment url http://192.168.105.100/certsrv/mscep/mscep.dll #revocation-check none exit R2(config)#crypto ca authenticate #ttt Certificate has the following attributes: #Fingerprint MD5: C0952B98 E5B8A10A A233B5A6 48DEE923 #Fingerprint SHA1: D6238A4D CFC01F9F C2B23404 5E30B345 #A7668E19 % Do you accept this certificate? [yes/no]: #yes Trustpoint CA certificate accepted. R2(config)#crypto ca enroll ttt % % Start certificate enrollment .. #% Create a challenge password. You will need to verbally provide this password to the CA Administrator in order to revoke your certificate. #For security reasons your password will not be saved in the #configuration. #Please make a note of it. Password: Jan 18 15:54:14.652: #RSA key size needs to be atleast #768 bits for ssh version 2 #Jan 18 15:54:14.660: %SSH-5-ENABLED: #SSH 1.5 has been enabled Jan 18 #15:54:14.664: #%CRYPTO-6-AUTOGEN: Generated new 512 bit key pair Re-enter password: % #The subject name in #the certificate will include: R2.lab.local % #Include the router serial number in the subject name? #[yes/no]: n % #Include an IP address in the subject name? [no]: n Request certificate from CA? [yes/no]: yes #% Certificate request sent to Certificate Authority % #The 'show crypto ca certificate ttt verbose' #commandwill show the fingerprint. #R2(config)# Jan 18 15:54:36.721: CRYPTO_PKI: Certificate Request #Fingerprint MD5: 9059692A 18DB2D9A 8E6BA1D0 E7C91B2D Jan 18 15:54:36.729: #CRYPTO_PKI: Certificate Request #Fingerprint SHA1: 532D69C7 3220722D B82FA9A0 1BC02403 8B78A018 #R2(config)# Jan 18 15:54:39.025: %PKI-6-#CERTRET: Certificate received from Certificate Authority #R2#sh crypto ca certificates #Certificate Status: Available #Certificate Serial Number: 0x610FDC04000000000005 #Certificate Usage: General Purpose #Issuer cn=CA #Subject: Name: R2.lab.local hostname=R2.lab.local CRL #Distribution Points: http://ca/CertEnroll/CA.crl #Validity Date: start date: 10:14:36 UTC Jan 18 2016 #end date: 10:24:36 UTC Jan 18 2017 Associated #Trustpoints: ttt CA Certificate Status: Available #Certificate Serial Number: #0x7DF36B80B94A57814E744D2283267CA4 #Certificate Usage: Signature #Issuer: cn=CA Subject: cn=CA CRL #Distribution Points: http://ca/CertEnroll/CA.crl #Validity Date: start date: 09:45:09 UTC Jan 18 2016 #end date: 09:54:59 UTC Jan 18 2021 #Associated Trustpoints: ttt R1 crypto isakmp policy 1 authentication rsa-sig #encryption aes hash sha group 5 #lifetime 1800 #exit crypto #ipsec transform-set t-set esp-aes esp-sha-hmac #mode tunnel exit #crypto ipsec profile shiva #set transform-set t-set int t0 #ip add 192.168.1.1 255.255.255.0 #tunnel source serial 0/0 #tunnel destination 102.1.1.100 #tunnel mode ipsec ipv4 #tunnel protection ipsec #profile shiva R2 crypto isakmp policy 1 #authentication rsa-sig encryption aes #hash sha group 5 #lifetime #1800 #exit crypto #ipsec transform-set t-set esp-aes esp-sha-hmac #mode tunnel exit #crypto ipsec profile shiva #set transform-set t-set #int t0 ip add 192.168.1.2 255.255.255.0 #tunnel source s0/0 #tunnel destination #101.1.1.100 #tunnel mode ipsec ipv4 #tunnel protection ipsec profile shiva #R1 int t0 ip ospf 100 area 0 #int #f0/0 ip ospf 100 area 0 #R2 int t0 ip ospf 100 area 0 #int f0/0 ip ospf 100 area 0 #R1#sh ip ospf neighbor #Neighbor ID Pri State Dead Time Address Interface 192.168.102.1 0 FULL/ - 00:00:39 192.168.1.2 Tunnel0#R1#sh ip route ospf O 192.168.102.0/24 [110/11121] via 192.168.1.2, 00:00:08, #Tunnel0 R2#sh ip route ospf O 192.168.101.0/24 [110/11121] via 192.168.1.1, 00:00:52,#Tunnel0 R2#sh ip ospf neighbor Neighbor ID Pri State Dead Time Address Interface 192.168.101.1 0 FULL/ - #00:00:38 192.168.1.1 Tunnel0 R1 R1#ping 192.168.102.1 source fastEthernet 0/0 repeat 100 Type escape #sequence to abort. Sending 100, 100-byte ICMP Echos to 192.168.102.1, timeout is 2 seconds: Packet sent#with a source address of 192.168.101.1 #!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!! #Success rate is 100 percent (100/100), #round-trip min/avg/max = 40/54/72 ms #R1#sh crypto ipsec sa interface: Tunnel0 #Crypto map tag: Tunnel0-head-0, #local addr 101.1.1.100 protected vrf: (none) local ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0) #remote ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0) #current_peer 102.1.1.100 port 500 PERMIT, flags={origin_is_acl,} #pkts encaps: 119, #pkts encrypt: 119, #pkts digest: 119 #pkts decaps: 117, #pkts decrypt: 117, #pkts verify: 117 #pkts compressed: 0, #pkts decompressed: 0 #pkts not compressed: 0,#pkts compr. failed: 0 #pkts not decompressed: 0, #pkts decompress failed: 0 #send errors 0, #recv errors 0#local crypto endpt.: 101.1.1.100, #remote crypto endpt.: 102.1.1.100 path mtu 1500, ip mtu 1500, ip mtu idb#Serial0/0 current outbound spi: 0x3D1AA06C(1025155180) inbound esp sas: spi: 0xC5C37F5(207370229)#transform: esp-aes esp-sha-hmac , in use settings ={Tunnel, } conn id: 1, flow_id: SW:1, crypto map:#Tunnel0-head-0 sa timing: remaining key lifetime (k/sec): (4479465/3459) IV size: 16 bytes replay detection#support: Y Status: ACTIVE inbound ah sas: inbound pcp sas: outbound esp sas: spi: 0x3D1AA06C(1025155180)#transform: esp-aes esp-sha-hmac , in use settings ={Tunnel, } conn id: 2, flow_id: SW:2, crypto map: #Tunnel0-head-0 sa timing: remaining key lifetime (k/sec): (4479464/3458) IV size: 16 bytes replay detection #support: Y Status: ACTIVE outbound ah sas: outbound pcp sas: R1#sh crypto isakmp sa IPv4 Crypto ISAKMP SA#dst src state conn-id slot status 101.1.1.100 102.1.1.100 QM_IDLE 1001 0 ACTIVE IPv6 Crypto ISAKMP SA R2 #R2#ping 192.168.101.1 source fastEthernet 0/0 repeat 100 #Type escape sequence to abort. Sending 100, 100-byte ICMP Echos to 192.168.101.1, #timeout is 2 seconds: Packet sent with a source address of 192.168.102.1 #!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!! #Success rate is 100 percent (100/100), #round-trip min/avg/max = 44/54/72 ms #R2#sh crypto isakmp sa IPv4 Crypto ISAKMP SA dst src state conn-id slot status 101.1.1.100 102.1.1.100#QM_IDLE 1001 0 ACTIVE IPv6 Crypto ISAKMP SA R2#sh crypto ipsec sa interface: Tunnel0 Crypto map tag:#Tunnel0-head-0, local addr 102.1.1.100 protected vrf: (none) local ident (addr/mask/prot/port): #(0.0.0.0/0.0.0.0/0/0) remote ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0) current_peer 101.1.1.100 #port 500 PERMIT, flags={origin_is_acl,} #pkts encaps: 221, #pkts encrypt: 221, #pkts digest: 221 #pkts #decaps: 223, #pkts decrypt: 223, #pkts verify: 223 #pkts compressed: 0, #pkts decompressed: 0 #pkts not #compressed: 0, #pkts compr. failed: 0 #pkts not decompressed: 0, #pkts decompress failed: 0 #send errors 0, #recv errors 0 local crypto endpt.: 102.1.1.100, remote crypto endpt.: 101.1.1.100 path mtu 1500, ip mtu #1500, ip mtu idb Serial0/0 current outbound spi: 0xC5C37F5(207370229) inbound esp sas: spi: #0x3D1AA06C(1025155180) transform: esp-aes esp-sha-hmac

Now that you have known about the Salary of Network Security Engineer, you must be attracted to achieving it. If you wish to have it, you must have to do lots and lots of studies, unless you have a good and reliable Microsoft MB2 716 Dumps provider like that of the ExamClubs.

Leave Comment

Your email address will not be published. Required fields are marked *