Scenarios 585
Scenarios
Scenario 1
RouteitRight has decided to connect its headquarters to the Internet and has purchased a 2500 router.
The company has determined the following requirements. It is up to you to implement them.
·
No DMZ is needed because there are no Web servers.
·
The ISP cannot receive Layer 3 address information from CDP packets.
·
Users will be able to telnet from inside the network to the Internet but not from the Internet
to the inside network.
Scenario 2
RouteitRight has decided to implement a Web server but has been receiving many denial-of-
service attacks. The company has purchased a second router as a precautionary measure to
protect its internal users from the Internet. The company has determined the following
requirements. It is up to you to implement them.
·
A feature must be implemented that blocks DoS attacks.
·
If the DMZ becomes compromised, the internal users are still protected from the Internet.
·
RFC 1918 addresses can be used inside the network.
Scenario 3
RouteitRight has added more bastion hosts to the DMZ and needs a better solution. The
company has determined the following requirements. It is up to you to implement them.
·
Stateful firewall to the DMZ should be put into place.
·
Site A must connect to Site B for LAN-to-LAN data flow without any Layer 2 connections
between the two sites.
87200333.book Page 585 Wednesday, August 22, 2001 1:41 PM