CCNA Security v2.0

NETLAB+ support materials for CCNA Security have been revised to provide compatibility with the recently released CCNA Security version v2.0. All labs are compatible with the MAP with ASA topology. Some labs may also be completed using the MAP topology. See the table below.

CCNA Security v2.0 labs require different console and enable secret password settings from other courses. Please review the information on enabling CCNA Security v2.0 labs.

Supported Labs

Lab Description Pod Required Comments
1.2.4.12 Social Engineering No equipment required.
1.4.1.1 Researching Network Attacks and Security Audit Tools No equipment required.
2.6.1.2 Securing the Router for Administrative Access MAP w/ASA or MAP
3.6.1.1 Securing Administrative Access Using AAA and RADIUS MAP w/ASA or MAP
4.4.1.2 Configuring Zone-Based Policy Firewalls MAP w/ASA or MAP Changed S3 port number connected to PC3.
5.4.1.1 Configure an Intrusion Prevention System (IPS) MAP w/ASA or MAP
6.3.1.1 Securing Layer 2 Switches MAP w/ASA or MAP Placed PCA and PCB IPs on the topology.
7.5.12 Exploring Encryption Methods No equipment required.
8.4.1.3 Configure a Site-to-Site VPN Using CLI MAP w/ASA or MAP
9.3.1.2 Configure ASA Basic Settings and Firewall Using CLI MAP w/ASA
10.1.4.8 Configure ASA Basic Settings and Firewall Using ASDM MAP w/ASA
10.2.1.9 Configure a Site-to-Site IPsec VPN Using ISR CLI and ASA ASDM MAP w/ASA
10.3.1.1 Configure Clientless Remote Access SSL VPNs Using ASDM MAP w/ASA
10.3.1.2 Configure AnyConnect Remote Access SSL VPN Using ASDM MAP w/ASA
11.3.1.2 CCNA Security Comprehensive Lab MAP w/ASA Corrected S3 VLAN1 IP and PC default gateway in lab addressing.
Skills A Skills-Based Assessment - A MAP w/ASA
Skills B Skills-Based Assessment - B MAP w/ASA
Enabling the Labs

CCNA Security v2.0 labs require different console and enable secret password settings from other courses. If CCNA Security v2.0 and other courses are enabled in the same class, it is likely that the NETLAB+ automation will fail to save configuration files, since the default passwords, cisco and class are not the correct passwords for CCNA Security.

MAP MAP

To avoid configuration management problems, we recommend that the CCNA Security v2.0 course be enabled in a separate class from other courses. Enabling this course within a separate class will allow you to set the appropriate console and enable secret passwords in the class settings required for CCNA Security v2.0.

Create a new class to be used for the CCNA Security v2.0 Course and select the global labs in the class settings as described in the table below, depending on the pod(s) that will be used. You may also select the Skills-Based Assessments (Skills A and/or Skills B), as indicated in the table below.

Pods Global Labs Instructions
Multi-purpose Academy Pod AE CCNAS v2.0 - MAP - English On the Global Labs section of the class settings, check the "AE CCNAS v2.0 - MAP - English" if the MAP will be used to perform the labs.
Multi-purpose Academy Pod w/ASA AE CCNAS v2.0 - MAPASA - English On the Global Labs section of the class settings, check the "AE CCNAS v2.0 - MAPASA - English" if the MAP w/ASA will be used to perform the labs.
Multi-purpose Academy Pod w/ASA AE CCNAS v2.0 SkillsA - MAPASA - English On the Global Labs section of the class settings, check "AE CCNAS v2.0 SkillsA - MAPASA - English" to select Skills A.
Multi-purpose Academy Pod w/ASA AE CCNAS v2.0 SkillsB - MAPASA - English On the Global Labs section of the class settings, check "AE CCNAS v2.0 SkillsB - MAPASA - English" to select Skills B.

Update the following settings:

  • Change the Console Password to ciscoconpass
  • Change the Enable Password to cisco12345
Using the Labs

Always select the correct lab exercise for the lab being performed. Students or teams should schedule the correct lab exercise from the catalog. NETLAB+ will only show those labs for which the required pod type is available. A lab that works on different pod types may appear more than once if your system is so equipped. Instructors should select the correct lab from the Exercise tab during instructor-led lab reservations. This can be done as many times as needed during the reservation.

Importance of Choosing the Correct Lab Exercise

Several of the labs may differ from the standard pod topologies. This is handled by NETLAB+ Dynamic VLAN Mapping technology. Always select the correct lab exercise for the actual lab. This insures that NETLAB+ will set up VLANs on the control switch such that lab devices and PCs are placed in the correct LAN segment for the exercise being performed. Selecting the correct exercise will also make the completed lab output easier to find in the archive.

NETLAB+ will configure the routers and switches with initial configuration files that include basic IP connectivity. Please verify this configuration by pinging the network interfaces before starting the lab exercise.

Requirements

Router, Switch, and IOS Requirements

The routers used must meet minimum IOS requirements specified by the curriculum. The following recommendations are based on the CCNA Security v2.0 Equipment List (available on Academy Connection). Other routers and switches models may be used. Please consult Academy Connection NetAcad Maintenance - Image & Hardware Support Assistance with Legacy Equipment and Software.

Router /
Switch
Recommended
Model(s)
Minimum
DRAM
Minimum
Flash
Minimum
IOS
Feature Set/Technology Packages
R1 CISCO1941 512 MB 256 MB 15.4(3)M2 IP Base, Security
R2 CISCO1941 512 MB 256 MB 15.4(3)M2 IP Base, Security
R3 CISCO1941 512 MB 256 MB 15.4(3)M2 IP Base, Security
S1 WS-C2960+24TC-L 128 MB 64 MB 15.0(2)SE7 LAN Base
S2 WS-C2960+24TC-L 128 MB 64 MB 15.0(2)SE7 LAN Base
S3 WS-C2960+24TC-L 128 MB 64 MB 15.0(2)SE7 LAN Base

Adaptive Security Appliance (ASA) Requirements

As indicated in the Supported Labs table above, an Adaptive Security Appliance (ASA) is required in order to complete 6 labs (9.3.1.2, 10.1.4.8, 10.2.1.9, 10.3.1.1, 10.3.1.2, 11.3.1.2) of the CCNA Security v2.0 course. These labs are the only CCNA Security v2.0 labs that require the ASA.

Please refer to the Multi-purpose Academy Pod with ASA page for details on implementation.

Device Recommended
Model(s)
Minimum
DRAM
Minimum
Flash
Recommended IOS Feature Set
ASA Cisco ASA5505-BUN-K9 512 MB 128 MB Cisco (ASA) Software Version 9.2(3)
Base License
Cisco ASDM Version 7.4(1)
anyconnect-win-4.1.00228-k9.pkg (or later) should be uploaded to flash.

Required Software

Software Name Purpose Requirements Comments / Links
AnyConnect Secure Mobility Client release 4.1.00028 Installed on the ASA 5505. Supported Microsoft Windows O/S:
  • Windows 7
  • Windows 8.1
Kiwi Syslog This software will be used as the syslog server. Tftpd32 can also be used as the syslog server. Supported O/S:
  • Windows XP or Higher
www.kiwisyslog.com
WinRadius WinRadius is a standard RADIUS server for network authentication and accounting. Windows/Linux sourceforge.net/projects/winradius/
NMAP/ZENMAP This software is used to test the lab configuration. Windows/Linux www.insecure.org
TFTP32 DHCP, TFTP, SMTP, Syslog servers, and TFTP client. http://tftpd32.jounin.net/tftpd32_download.html
IOS-S855-CLI.pkg This file is used with Lab 5.4.1.1. To obtain instructions on the file version and how to download, please see Lab 5.4.1.1.
realm-cisco.pub.key This file is used with Lab 5.4.1.1. To obtain instructions on the file version and how to download, please see Lab 5.4.1.1.