BootCamp1:NMA Network Master Associate, Cisco, Microsoft2020

Microsoft Server 2019, Cisco ASA & ACS, VOIP CUCM & CME, Sophos Firewall, GNS3, VMware, VPN, RIPv2, OSPF and much more

Course description:

What you’ll learn

  • Integrate Microsoft server, Cisco devices, VOIP, ASA firewalls and Sophos in 1 network.
  • Design and implement real network “3 offices”.
  • GRE+DMVPN WAN link configuration by using Cisco and other vendors routers.
  • Domain controllers, DHCP & GPO of Windows Server 2019.
  • Integration of Sophos with Active directory.
  • Integration of VOIP systems with Active directory.
  • VLAN implementation.
  • Implementation of security devices like Cisco ACS, ASA.

Course Content

  • Introduction –> 6 lectures • 43min.
  • VMWare & GNS3 –> 18 lectures • 1hr 59min.
  • Cisco ASA, Sophos, CUCM, ACS –> 19 lectures • 2hr 24min.
  • DC-Site –> 14 lectures • 2hr 30min.
  • VIC-Site –> 1 lecture • 1min.
  • Sophos-UTM configuration –> 1 lecture • 1min.
  • Perth-Site –> 1 lecture • 1min.
  • ASA-Firewall –> 1 lecture • 1min.
  • Site connections –> 1 lecture • 1min.
  • Domain controllers –> 1 lecture • 1min.

BootCamp1:NMA Network Master Associate, Cisco, Microsoft2020

Requirements

  • CCNA.
  • Prior knoweledge with VMware and GNS3 is desirable.

Course description:

This course is to implement Microsoft, Cisco, Firewalls and Security devices in 1 network.

The main goal of this course is to learn how to implement a real network in IT industry from the scratch.

 

Important Note:

In this course you need to have your own images for Cisco devices like CUCM, ACS .. etc.

Otherwise; you can download the images and evaluation licenses for around $15 from this link

“The link to be send for you with automatic enrollment message once you enroll to this course”

**Please watch Lecture 2: Prerequisites for NMA Bootcamp for more details..

 

Project Description:

GravityCyber is an IT solutions that has three branch offices as the followings:

• VIC-Site

• Perth-Site

• DC-Site

And it’s ordered their network engineers for designing and implementing its networks on each site, connecting them together with a DMVPN over GRE WAN link.

 

VIC-GW, PERTH-GW, DC-GW-1 and DC-GW-2, are connected to the ISP for an internet connection with a public IP assigned to each, and using this mechanism of connection, they’ve been configured in a GRE+DMVPN WAN link, making VIC-GW is a hub, and all the rest are considered as peripherals spokes.

 

Requirements:

• Configure WAN links between VIC-Core-1, VIC-Core-2, VIC-DSW-1 and VIC-DSW-2.

• Configure OSPF between VIC-Core-1, VIC-Core-2, VIC-DSW-1 and VIC-DSW-2 to be in area 0.

• Configure trunk ports on VIC-DSW-1 and VIC-DSW-2, VIC-Access-1, VIC-Access-2, VIC-Access-3 and VIC-Access-4.

• Configure VTP version 3 “GravityCyber .com” on VIC-DSW-1 to be in the primary server mode with an authentication key with cisco.

• Configure VTP version 3 “GravityCyber .com” on VIC-DSW-2, VIC-Access-1, VIC-Access-2, VIC-Access-3 and VIC-Access-4 to be in the client mode with an authentication key with cisco.

• Configure VLANs as shown in the table for VIC-Site, on VIC-DSW-1.

• Configure VIC-DSW-1 to be the default-gateway for VLAN 10 and VLAN 20.

• Configure VIC-DSW-1 to be the default-gateway for VLAN 30 and VLAN 40.

• Configure helper-address on VIC-DSW-1 and VIC-DSW-2 so all hosts on VIC-Site can get an IP from the DC+DHCP-Server and Backup DC+DHCP-Server as an alternate DHCP-Server.

• Configure access-ports on VIC-Access-1, VIC-Access-2, VIC-Access-3 and VIC-Access-4.

• Permit for VLAN 10, VLAN 20, VLAN 30 and VLAN 40 only to go into trunk ports.

• Configure interfaces IP configuration on Sophos-UTM, setting the default-gateway for eth1 and eth2.

• Configure OSPF on eth1, eth0 and eth2 on Sophos-UTM to be on area 0.

• Configure default-route to be announced from Sophos-UTM to VIC-Switches.

• Configure load-balancing between eth1 and eth2 on Sophos-UTM putting eth1 as an active link and eth2 as a standby link.

• Configure interfaces IP configuration on ISP, NAT configuration and default route configuration so any site can connect to the internet.

• Configure interfaces IP configuration on VIC-GW, NAT configuration, OSPF configuration and default route configuration so VIC-Site can go to the internet.

• Configure interfaces IP configuration on Perth-GW, NAT configuration, OSPF configuration and default route configuration so Perth-Site can go to the internet.

• Configure interfaces IP configuration on DC-GW-1 and DC-GW-2, NAT configuration, RIPv2 configuration and default route configuration so DC-Site can go to the internet.

• Configure GRE+DMVPN on VIC-GW, Perth-GW, DC-GW-1 and DC-GW-2 so PERTH-Site, VIC-Site and DC-Site can be connected together.

• Configure EIGRP over DMVPN network between Perth-Site, VIC-Site and DC-Site.

• Configure interfaces IP configuration on Perth-Master-GW, OSPF configuration and VRRP configuration to be master for VLAN 10 and backup for VLAN 20 with an authentication key with cisco.

• Configure interfaces IP configuration on Perth-Backup-GW, OSPF configuration and VRRP configuration to be master for VLAN 20 and backup for VLAN 10 with an authentication key with cisco.

• Configure helper-address on Perth-Master-GW and Perth-Backup-GW.

• Configure trunk ports on Perth-Core, Perth-Access-1 and Perth-Access-2.

• Configure VTP version 3 “GravityCyber .com” on Perth-Core and set it as a primary server with an authentication key with cisco.

• Configure VTP version 3 “GravityCyber .com” on Perth-Access-1 and Perth-Access-2 and set them as a client with an authentication key with cisco.

• Configure Port-Channel on Perth-Core, Perth-Access-1 and Perth-Access-2 to be operating on PAgP.

• Configure access-ports on Perth-Access-1 and Perth-Access-2.

• Configure interfaces IP configuration on DC-GW-3 and RIPv2.

• Inject ASDM on ASA-Firewall and configure interfaces IP configuration.

• Set security level with 100 for all ASA-Firewall interfaces.

• Enable ICMP on ASA-Firewall.

• Configure RIPv2 on ASA-Firewall set the inside interface as a passive interface.

• Configure domain controller on DC+DHCP Server and DHCP pools for all VLANs on the other two sites.

• Configure backup domain controller on Backup D.C+DHCP Server and backup DHCP pools for all VLANs on the other two sites.

• Configure OUs for each site and OUs for each VLAN on A.D on D.C+DHCP-Server.

• Configure group policy so deny access for USB ports, CD-Room, control panel for each VLAN.

• Add the domain controller in the Sophos-UTM as an authentication server and synchronize Sophos with active directory.

• Enable web-filter for each VLAN on VIC-Site so VLAN 10 can’t access the any website without authenticating, VLAN 20 can’t access only to facebook .com, VLAN 30 can’t access only to twitter .com, and VLAN 40 can’t access any HTTP/HTTPs website.

• Configure ACS-Server to be a TACACS+ authenticator.

• Configure AAA model on VIC-GW, Perth-GW, Perth-Master-W, Perth-Backup-GW, DC-GW-1, DC-GW-2 and DC-GW-3 so any console access can be authenticated via ACS-Server or local password access.

• Configure CME-Server to be a call-manager for VLAN 10, VLAN 20, VLAN 30 and VLAN 40 on VIC-Site.

• Configure CUCM-Server to be a call-manager on DC-Site.

• Configure dial-peer between CME-Server and CUCM-Server so any phone from VLAN 10, VLAN 20, VLAN 30 and VLAN 40 can contact any phone from DC-Site.

 

 

This project is comprising of 12 Sections

Section 1

Introduction

 

Section 2

VMware Tool Installation

GNS3 Tool Installation

 

Section 3

ASA-Firewall LAB Preparation

Sophos-UTM LAB Preparation

CUCM-Server LAB Preparation

ACS-Server LAB Preparation

 

Section 4

DC-Site Configuration Part 1

 

Section 5

VIC-Site Configuration Part 1

VIC-Site Configuration Part 2

VIC-Site Configuration Part 3

 

Section 6

Sophos-UTM Basic Configuration

Sophos-UTM OSPF Configuration

Sophos-UTM Load-Balancing

 

Section 7

Perth-Site Configuration Part 1

Perth-Site Configuration Part 2

DC-Site Configuration Part 1

DC-Site Configuration Part 2

 

Section 8

ASA-Firewall Basic Configuration

ASA-Firewall RIPv2 Configuration

 

Section 9

Connecting Sites to Internet Part 1

Connecting Sites to Internet Part 2

Connecting Sites Using GRE+DMVPN

 

Section 10

Configuring Primary Domain Controller

Configuring Backup Domain Controller

Configuring Primary DHCP-Scopes

Configuring Backup DHCP-Scopes

Configuring Group-Policy Objects

 

Section 11

Configuring VOIP-Telephony using CME

Configuring VOIP-Telephony using CUCM

Configuring Dial Peers with CUCM+CME

 

Section 12

Configuring TACACS+ with ACS-Server

 

Section 13

Sophos-UTM Web-Filtering Configuration

Sophos-UTM Access-Lists Mastery

Sophos-UTM Authentication With AD

 

Section 14

By end of this bootcamp