JNCIA Question of the Week #4 – Securing Remote Access

JNCIA Question of the Week #4

After several weeks off due to heavy work load and vacation, we’re back with the JNCIA Question of the Week. And to start the week off, we’re going to be asking a more complicated question than has been customary.

Q:

This week, we want to allow telnet access only from a specific subnet.

Assume we have the following scenario:

  • Two routers directly connected through their em0 interfaces on the 172.16.0.0/30 subnet
  • R1’s lo0.0 address is 10.1.1.1
  • R2’s lo0.0 address is 10.2.2.2
  • R1 has the 192.168.1.0/24 network attached to its em1 interface
  • R2 has the 192.168.2.0/24 network attached to its em1 interface
  • We only want to allow telnet access to R1 from R2 from the 10.2.2.2/32 address.

What firewall filter(s) need to be created, to which device(s) and interface(s) must it/they be applied to and in which direction (ingress/egress), and how can we verify the firewall filter(s) work as intended?

This is a very open-ended question. Substitute IP addresses as you want. These were provided strictly as guidelines.

The answer to this week’s question will not be provided until Friday due to its complexity relative to previous questions. Also on Friday will be a Feature Lab Friday detailing how this can be accomplished and why we would want to accomplish such a thing.

[edit]

A:

Please refer to the post here for details on how to answer this question.
[/edit]

Advertisements
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: