Network Engineer Cisco-Juniper-Fortinet-CheckPoint-DrayTek

Task:
   - configure dynamic routing rip, eigrp, ospf as topology above.
  - configure authentication between Router R1, R2, R4, ASA.
  - Redistribute between Dynamic Routing protocols. 
  - ensure the network in topology can be full reachability.

On ASA, you should type command "passive interface" in RIP to suppress rmulticast updates send out interfaces e0/2 and e0/0 but will allow listerning to incomming updates. Because all interfaces on ASA have the same major network of 10.0.0.0/8.


Cisco ASA configuration
ASA Version 8.0(2)
!
hostname ciscoasa
enable password 8Ry2YjIyt7RRXU24 encrypted
names
!
interface Ethernet0/0
 no nameif
 no security-level
 no ip address
!
interface Ethernet0/0.102
 vlan 102
 nameif outside
 security-level 0
 ip address 10.1.102.10 255.255.255.0
 ospf message-digest-key 1 md5 <removed>
 ospf authentication message-digest
!
interface Ethernet0/1
 no nameif
 no security-level
 no ip address
!
interface Ethernet0/1.101
 vlan 101
 nameif inside
 security-level 100
 ip address 10.1.101.10 255.255.255.0
 rip authentication mode md5
 rip authentication key <removed> key_id 1
!
interface Ethernet0/1.104
 no vlan
 no nameif
 no security-level
 no ip address
!
interface Ethernet0/2
 no nameif
 no security-level
 no ip address
!
interface Ethernet0/2.104
 vlan 104
 nameif dmz
 security-level 50
 ip address 10.1.104.10 255.255.255.0
 authentication key eigrp 1 <removed> key-id 1
 authentication mode eigrp 1 md5
!
!
passwd 2KFQnbNIdI.2KYOU encrypted
ftp mode passive
access-list outside_in extended permit icmp any any
pager lines 24
mtu inside 1500
mtu outside 1500
mtu dmz 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
access-group outside_in in interface outside
access-group outside_in in interface dmz
!
router rip
 network 10.0.0.0
 passive-interface default
 no passive-interface inside
 redistribute ospf 1 metric 6
 redistribute eigrp 1 metric 5
 version 2
 no auto-summary
!
router ospf 1
 router-id 10.10.10.10
 network 10.1.102.0 255.255.255.0 area 0
 log-adj-changes
 redistribute rip subnets
 redistribute eigrp 1 subnets
!
router eigrp 1
 no auto-summary
 network 10.1.104.0 255.255.255.0
 redistribute rip metric 100000 100 255 1 1500
 redistribute ospf 1 metric 100000 100 255 1 1500


R1 configuration
R1#
!
key chain R1-ASA
 key 1
  key-string r1asa
!
!
interface Loopback0
 ip address 1.1.1.1 255.255.255.0
!
interface FastEthernet0/0
 no ip address
 duplex auto
 speed auto
!
interface FastEthernet0/0.101
 encapsulation dot1Q 101
 ip address 10.1.101.1 255.255.255.0
 ip rip authentication mode md5
 ip rip authentication key-chain R1-ASA
!
router rip
 version 2
 network 1.0.0.0
 network 10.0.0.0
 no auto-summary
!
ip route 0.0.0.0 0.0.0.0 10.1.101.10




R2 configuration
R2#sh
*Jun 25 23:23:39.155: %SYS-5-CONFIG_I: Configured from console by console
R2#show run
Building configuration...

Current configuration : 1139 bytes
!
!
!
interface Loopback0
 ip address 2.2.2.2 255.255.255.0
!
interface FastEthernet0/0
 no ip address
 duplex auto
 speed auto
!
interface FastEthernet0/0.102
 encapsulation dot1Q 102
 ip address 10.1.102.2 255.255.255.0
 ip ospf authentication message-digest
 ip ospf message-digest-key 1 md5 r2asa
!
router ospf 1
 router-id 2.2.2.2
 log-adjacency-changes
 network 0.0.0.0 255.255.255.255 area 0
 default-information originate always
!


R4 configuration
R4#
!
key chain R5-ASA
 key 1
  key-string r4asa
!
interface Loopback0
 ip address 4.4.4.4 255.255.255.0
!
interface FastEthernet0/0
 no ip address
 duplex auto
 speed auto
!
interface FastEthernet0/0.104
 encapsulation dot1Q 104
 ip address 10.1.104.4 255.255.255.0
 ip authentication mode eigrp 1 md5
 ip authentication key-chain eigrp 1 R5-ASA
!
router eigrp 1
 network 0.0.0.0
 no auto-summary
!

R4#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is 10.1.104.10 to network 0.0.0.0

     1.0.0.0/24 is subnetted, 1 subnets
D EX    1.1.1.0 [170/53760] via 10.1.104.10, 00:10:18, FastEthernet0/0.104
     2.0.0.0/32 is subnetted, 1 subnets
D EX    2.2.2.2 [170/53760] via 10.1.104.10, 00:09:47, FastEthernet0/0.104
     4.0.0.0/24 is subnetted, 1 subnets
C       4.4.4.0 is directly connected, Loopback0
     10.0.0.0/24 is subnetted, 3 subnets
C       10.1.104.0 is directly connected, FastEthernet0/0.104
D EX    10.1.102.0 [170/53760] via 10.1.104.10, 00:10:18, FastEthernet0/0.104
D EX    10.1.101.0 [170/53760] via 10.1.104.10, 00:10:18, FastEthernet0/0.104
D*EX 0.0.0.0/0 [170/53760] via 10.1.104.10, 00:09:47, FastEthernet0/0.104


R4#ping 1.1.1.1 source loopback 0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
Packet sent with a source address of 4.4.4.4
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 20/53/88 ms

R4#ping 2.2.2.2 source loopback 0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:
Packet sent with a source address of 4.4.4.4
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 24/42/84 ms

R2#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     1.0.0.0/24 is subnetted, 1 subnets
O E2    1.1.1.0 [110/20] via 10.1.102.10, 00:08:21, FastEthernet0/0.102
     2.0.0.0/24 is subnetted, 1 subnets
C       2.2.2.0 is directly connected, Loopback0
     4.0.0.0/24 is subnetted, 1 subnets
O E2    4.4.4.0 [110/20] via 10.1.102.10, 00:08:01, FastEthernet0/0.102
     10.0.0.0/24 is subnetted, 3 subnets
O E2    10.1.104.0 [110/20] via 10.1.102.10, 00:08:21, FastEthernet0/0.102
C       10.1.102.0 is directly connected, FastEthernet0/0.102
O E2    10.1.101.0 [110/20] via 10.1.102.10, 00:08:21, FastEthernet0/0.102

R2#ping 1.1.1.1 source loopback 0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
Packet sent with a source address of 2.2.2.2
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 16/48/92 ms
R2#ping 4.4.4.4 sour loopba 0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 4.4.4.4, timeout is 2 seconds:
Packet sent with a source address of 2.2.2.2
!!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 24/49/80 ms


R1#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is 10.1.101.10 to network 0.0.0.0

     1.0.0.0/24 is subnetted, 1 subnets
C       1.1.1.0 is directly connected, Loopback0
     2.0.0.0/32 is subnetted, 1 subnets
R       2.2.2.2 [120/6] via 10.1.101.10, 00:00:24, FastEthernet0/0.101
     4.0.0.0/24 is subnetted, 1 subnets
R       4.4.4.0 [120/5] via 10.1.101.10, 00:00:24, FastEthernet0/0.101
     10.0.0.0/24 is subnetted, 3 subnets
R       10.1.104.0 [120/1] via 10.1.101.10, 00:00:24, FastEthernet0/0.101
R       10.1.102.0 [120/1] via 10.1.101.10, 00:00:24, FastEthernet0/0.101
C       10.1.101.0 is directly connected, FastEthernet0/0.101
S*   0.0.0.0/0 [1/0] via 10.1.101.10

R1#ping 4.4.4.4 source loopback 0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 4.4.4.4, timeout is 2 seconds:
Packet sent with a source address of 1.1.1.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 8/34/88 ms
ciscoasa# show route

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
       * - candidate default, U - per-user static route, o - ODR
       P - periodic downloaded static route

Gateway of last resort is 10.1.102.2 to network 0.0.0.0

R    1.1.1.0 255.255.255.0 [120/1] via 10.1.101.1, 0:00:23, inside
O    2.2.2.2 255.255.255.255 [110/11] via 10.1.102.2, 0:05:41, outside
D    4.4.4.0 255.255.255.0 [90/158720] via 10.1.104.4, 0:17:51, dmz
C    10.1.104.0 255.255.255.0 is directly connected, dmz
C    10.1.102.0 255.255.255.0 is directly connected, outside
C    10.1.101.0 255.255.255.0 is directly connected, inside
O*E2 0.0.0.0 0.0.0.0 [110/1] via 10.1.102.2, 0:05:41, outside

Rewriter: Vigorous.nguyen
Reference: CCIE Security V4 LAB Vol. 1  www.micronicstraining.com