4.3.3.4 Packet Tracer – Configuring VPN Tunnel Mode (Answers)
Instructor Note: Red font color or gray highlights indicate text that appears in the instructor copy only.
Addressing Table
| Device | Private IP Address | Subnet Mask | Site |
|---|---|---|---|
| File Backup Server | 10.44.2.254 | 255.255.255.0 | Gotham Healthcare Branch |
Objectives
Part 1: Sending Unencrypted FTP Traffic
Part 2: Configuring the VPN Tunnel between Metropolis and Gotham
Part 3: Sending Encrypted FTP Traffic
Background
In this activity, you will observe the transfer of unencrypted FTP traffic between two geographic sites. You will then configure a VPN tunnel between two geographic sites and send encrypted FTP traffic. The IP addressing, network configuration, and service configurations are already complete. You will use the client devices in the differing geographic regions to transfer FTP data securely and insecurely.
Part 1: Sending Unencrypted FTP Traffic
Step 1: Access the Cyber Criminals Sniffer.
a. Click the Cyber Criminals Sniffer and click the GUI
b. Click the Clear button to remove any possible traffic entries viewed by the sniffer.
c. Minimize the Cyber Criminals Sniffer.
Step 2: Connect to the FTP Backup server using an insecure FTP connection.
a. Click the Metropolis Bank HQ site and click Phil’s laptop.
b. Click the Desktop tab and click on Command Prompt.
c. Use the ipconfig command to view the current IP address of Phil’s
d. Connect to the File Backup server at Gotham Healthcare Branch by entering ftp 10.44.2.254 in the command
e. Enter the username of cisco and password of cisco to login to the File Backup
Step 3: View the traffic on the Cyber Criminals Sniffer.
a. Maximize the Cyber Criminals Sniffer that was previously minimized.
b. Click the FTP messages displayed on the sniffer and scroll to the bottom of each one.
What information is displayed in clear text?
USER cisco PASS cisco
Part 2: Configuring the VPN Tunnel between Metropolis and Gotham
a. Within the Metropolis Bank HQ site, click the HQ_Router.
b. Copy the IPSec VPN site-to site configuration below and paste it into HQ_Router.
enable configure terminal crypto isakmp policy 10 encr aes 256 authentication pre-share group 5 ! crypto isakmp key vpnpass address 209.165.201.19 ! crypto ipsec transform-set VPN-SET esp-aes esp-sha-hmac ! crypto map VPN-MAP 10 ipsec-isakmp description VPN connection to Branch_Router set peer 209.165.201.19 set transform-set VPN-SET match address 110 ! interface GigabitEthernet0/1 crypto map VPN-MAP ! access-list 110 permit ip 10.44.1.0 0.0.0.255 10.44.2.0 0.0.0.255 ! end copy run start
c. The required mirror configuration of the IPSec VPN has already been implemented on the Branch_Router of the Gotham Healthcare Branch
Part 3: Sending Encrypted FTP Traffic
Step 1: Send FTP traffic from Sally’s PC to the File Backup server.
a. Within the Metropolis Bank HQ site, click Sally’s
b. Click the Desktop tab and then click Command Prompt.
c. Use the ipconfig command to view the current IP address of Sally’s
d. Connect to the File Backup server at Gotham Healthcare Branch by entering ftp 10.44.2.254 in the command (It may take 2-5 attempts)
e. Enter the username of cisco and password of cisco to login to the File Backup server
f. Use the put command to upload the file txt to the File Backup server.
Step 2: View the traffic on the Cyber Criminals Sniffer
a. Maximize the Cyber Criminals Sniffer that was previously minimized.
b. Click the FTP messages displayed on the sniffer.
Are there any FTP messages sourced from the IP of Sally’s computer? Explain.
No, the IPSec VPN is using encryption and the Cyber Criminals Sniffer cannot decrypt the traffic to view it.
Suggested Scoring Rubric
| Activity Section | Question Location | Possible Points | Earned Points |
|---|---|---|---|
| Part 1: Send unencrypted FTP traffic | Step 3 | 20 | |
| Part 3: Send encrypted FTP traffic | Step 2 | 30 | |
| Questions | 50 | ||
| Packet Tracer Score | 50 | ||
| Total Score | 100 | ||
Doesn’t give access to ftp from sally’s laptop. Tried more than it warned