Part A Requirements.
1. Allow telnet access to PC1 from any PC outside LAN1.
a. PC1s true IP address should not be revealed so it is recommended
that you create a static NAT entry for PC1
2. Configure NAT in PIX 1 and PIX2
3. Establish a telnet session from PC3 to PC1 and capture the
session’s traffic with Ethereal on PC2 (The Intruder’s PC). Login from
PC3 to PC1 with your seclab account.
4. Analyze the captured traffic and determine the packets in which
the seclab’s account password is being sent.
The FTP service is not started automatically when you log in. You’ll
have to activate it by following the procedures mentioned later in this
Compliance criteria for Part A.
1. Users from the networks outside LAN1 (PC3 and PC4) can telnet to
2. Traffic from the private network that goes into the public network
must not reveal the private network’s IP addresses.
3. The traffic flow between LAN 1 and LAN 2 can be captured for your
Part B Requirements.
1. Reconfigure PIX1 and PIX2 to establish an IPSec VPN tunnel between
them that will secure traffic flowing from LAN1 to LAN2. This means,
securing traffic that will flow from 10.10.10.0 to 10.10.3.0. For
true VPN functionality, NO address translation must affect traffic flow
between LAN1 and LAN2 ONLY. Additionally, services on LAN1 and LAN2
should work for any user of either LAN.
2. Establish a telnet session from PC3 to PC1 and capture the
session’s traffic with Ethereal on PC2. Login from PC3 to PC1 with your
3. Analyze the captured traffic and determine the differences with
the packets captured for a similar session in part A.
4. Can you access any service on the PCs of LAN1 or LAN2 from PC4 ?
Can the PCs from either LAN access services on PC4 ? What does this tell
you about the security of the VPN tunnel you have configured?
Compliance criteria for Part B.
1. Telnet and FTP access among the computers on LAN1 and LAN 2 works.
(PC1 can Telnet to PC3 and vice versa, PC1 can FTP to PC3 and vice
2. The captured traffic flow between LAN1 and LAN2 shows encrypted