{"id":260,"date":"2017-07-01T19:38:00","date_gmt":"2017-07-01T19:38:00","guid":{"rendered":"https:\/\/jay-miah.co.uk\/?p=260"},"modified":"2023-04-02T01:57:35","modified_gmt":"2023-04-02T01:57:35","slug":"260","status":"publish","type":"post","link":"https:\/\/jay-miah.co.uk\/index.php\/260\/","title":{"rendered":"Getting Started with Cisco Configuration Professional to Configure a ZBF"},"content":{"rendered":"<p>Cisco Configuration Professional is a Windows GUI application that network security administrators can use to deploy and manage multiple routers in a single environment. It can be used to configure and monitor Cisco routers without using the Cisco IOS Command Line Interface.<\/p>\n<p>There are two versions currently available on the market \u2013<\/p>\n<p><strong>Cisco Configuration Professional<\/strong>&nbsp;is the paid version that is used in mid-sized to larger environments this version offers smart wizards and advanced configuration support for LAN and WAN interfaces, Network Address Translation (NAT), stateful and application firewall policy, IPS, IPSec and SSL VPN, QoS, and Cisco Network Admission Control policy features. The firewall wizard also allows a single-step deployment of high, medium, or low firewall policy settings. This version can be used to organize and manage multiple routers at a single site.<\/p>\n<p><strong>Cisco Configuration Professional Express<\/strong>: is a Free single device manager for ISR generation 2 routers \u2013 the software is available on the flash of the router and used for bootstrapping and basic configurations, including &#8211;<\/p>\n<ul>\n<li>Basic configuration of router WAN and LAN interfaces<\/li>\n<li>Hostname, DNS, and DHCP configurations<\/li>\n<li>User Management for the router<\/li>\n<li>Dashboard, basic troubleshooting, and command line interface (CLI) tool<\/li>\n<\/ul>\n<p>In this example, we will boot strap a Router (R1) with the basics, we will install CCP on a Windows workstation and use it to connect to R1. Using CCP we will then configure the Router as a ZBF (Zone Based Firewall). This lab has been setup using GNS3, and V2.8 of Cisco Configuration Professional.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" width=\"670\" height=\"304\" class=\"wp-image-261\" src=\"https:\/\/jay-miah.co.uk\/wp-content\/uploads\/2023\/04\/word-image-260-1.png\"><\/p>\n<p>Lets get started!<\/p>\n<p><strong>Boot Strap the Router<\/strong><\/p>\n<p><strong>Step 1: <\/strong>Fire up the router, connect to it and configure the following:<\/p>\n<p>#conf t \u2013 Enter global configuration mode.<\/p>\n<p>#username admin privilege 15 secret cisco \u2013 create a new user \u201cadmin\u201d with the highest privileges, create a password for the user for eg. \u201ccisco\u201d<\/p>\n<p>#ip http server \u2013 enable http to be able to connect to the device using http<\/p>\n<p>#ip http secure-server \u2013 enable https to be able to connect to the server using SSL<\/p>\n<p>#ip http authentication local \u2013 use the local database to authenticate the user<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" width=\"972\" height=\"157\" class=\"wp-image-262\" src=\"https:\/\/jay-miah.co.uk\/wp-content\/uploads\/2023\/04\/word-image-260-2.png\"><\/p>\n<p><strong>Step 2: <\/strong>Configure the interfaces on the router as follows:<\/p>\n<p>#int fa0\/0 \u2013 Enter configuration mode for the interface<\/p>\n<p>#ip address 192.168.5.254 255.255.255.0 \u2013 set the IP address of the interface \u2013 this will be the \u201cInside\u201d interface<\/p>\n<p>#no shut \u2013 bring up the interface<\/p>\n<p>#int fa 0\/1 \u2013 Enter configuration mode for the interface<\/p>\n<p>#ip address 10.0.0.254 255.255.255.0 \u2013 set the IP address of the interface \u2013 this will be the \u201cOutside\u201d interface<\/p>\n<p>#no shut \u2013bring up the interface<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" width=\"1246\" height=\"220\" class=\"wp-image-263\" src=\"https:\/\/jay-miah.co.uk\/wp-content\/uploads\/2023\/04\/word-image-260-3.png\"><\/p>\n<p><strong>Step 3: <\/strong>From the LAN PC use Ping to verify that the inside interface IP on \u201cR1\u201d is now up and reachable. This should be reachable.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" width=\"819\" height=\"254\" class=\"wp-image-264\" src=\"https:\/\/jay-miah.co.uk\/wp-content\/uploads\/2023\/04\/word-image-260-4.png\"><\/p>\n<p><strong>Download and Install CCP<\/strong><\/p>\n<p><strong>Step 1:<\/strong> Obtain Cisco Configuration Professional from Cisco\u2019s website, and move the file onto the \u201cLAN PC\u201d. (you will need a CCO account to download the software).<\/p>\n<p><a href=\"https:\/\/software.cisco.com\/download\/release.html?mdfid=281795035&amp;softwareid=282159854&amp;release=3.3.1&amp;relind=AVAILABLE&amp;rellifecycle=&amp;reltype=latest\">https:\/\/software.cisco.com\/download\/release.html?mdfid=281795035&amp;softwareid=282159854&amp;release=3.3.1&amp;relind=AVAILABLE&amp;rellifecycle=&amp;reltype=latest<\/a><\/p>\n<p>Step 2: on the LAN PC double click the downloaded file to begin the installation<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" width=\"773\" height=\"235\" class=\"wp-image-265\" src=\"https:\/\/jay-miah.co.uk\/wp-content\/uploads\/2023\/04\/word-image-260-5.png\"> <img loading=\"lazy\" decoding=\"async\" width=\"453\" height=\"479\" class=\"wp-image-266\" src=\"https:\/\/jay-miah.co.uk\/wp-content\/uploads\/2023\/04\/word-image-260-6.png\"><\/p>\n<p>Step 3: Click \u201cNext\u201d<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" width=\"500\" height=\"381\" class=\"wp-image-267\" src=\"https:\/\/jay-miah.co.uk\/wp-content\/uploads\/2023\/04\/c-users-acitjxm-appdata-local-microsoft-windows-i.png\" alt=\"C:\\Users\\acitjxm\\AppData\\Local\\Microsoft\\Windows\\INetCache\\Content.Word\\3.png\"><\/p>\n<p>Step 4: Accept the agreement and click \u201cNext\u201d<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" width=\"500\" height=\"381\" class=\"wp-image-268\" src=\"https:\/\/jay-miah.co.uk\/wp-content\/uploads\/2023\/04\/word-image-260-8.png\"><\/p>\n<p>Step 5: Leave the default location for the installation and click \u201cNext\u201d<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" width=\"500\" height=\"381\" class=\"wp-image-269\" src=\"https:\/\/jay-miah.co.uk\/wp-content\/uploads\/2023\/04\/word-image-260-9.png\"><\/p>\n<p>Step 6: Click \u201cInstall\u201d<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" width=\"500\" height=\"381\" class=\"wp-image-270\" src=\"https:\/\/jay-miah.co.uk\/wp-content\/uploads\/2023\/04\/word-image-260-10.png\"> <img loading=\"lazy\" decoding=\"async\" width=\"500\" height=\"381\" class=\"wp-image-271\" src=\"https:\/\/jay-miah.co.uk\/wp-content\/uploads\/2023\/04\/word-image-260-11.png\"><\/p>\n<p>Step 7: Tick the box, to create a shortcut on the desktop and click \u201cNext\u201d<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" width=\"500\" height=\"381\" class=\"wp-image-272\" src=\"https:\/\/jay-miah.co.uk\/wp-content\/uploads\/2023\/04\/word-image-260-12.png\"><\/p>\n<p>Step 8: CCP will check for the minimum requirements, if anything fails you must go back and install the missing component. Click \u201cNext\u201d<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" width=\"500\" height=\"381\" class=\"wp-image-273\" src=\"https:\/\/jay-miah.co.uk\/wp-content\/uploads\/2023\/04\/word-image-260-13.png\"><\/p>\n<p>Step 9: Tick \u201cRun Cisco Configuration Professional\u201d and Click \u201cFinish\u201d<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" width=\"500\" height=\"381\" class=\"wp-image-274\" src=\"https:\/\/jay-miah.co.uk\/wp-content\/uploads\/2023\/04\/word-image-260-14.png\"><\/p>\n<p>The application will launch<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" width=\"462\" height=\"347\" class=\"wp-image-275\" src=\"https:\/\/jay-miah.co.uk\/wp-content\/uploads\/2023\/04\/word-image-260-15.png\"><\/p>\n<p>Step 10: At the main screen click \u201cCancel\u201d to close CCO sign in request<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" width=\"446\" height=\"425\" class=\"wp-image-276\" src=\"https:\/\/jay-miah.co.uk\/wp-content\/uploads\/2023\/04\/word-image-260-16.png\"><\/p>\n<p>Step 11: At the Community window, insert the Inside IP address of \u201cR1\u201d, and the login details as created earlier. Tick \u201cConnect Securely\u201d and \u201cDiscover all devices\u201d. Click \u201cOK\u201d<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" width=\"596\" height=\"528\" class=\"wp-image-277\" src=\"https:\/\/jay-miah.co.uk\/wp-content\/uploads\/2023\/04\/word-image-260-17.png\"><\/p>\n<p>Step 12: At the Security Certificate Alert, select \u201cYes\u201d<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" width=\"471\" height=\"378\" class=\"wp-image-278\" src=\"https:\/\/jay-miah.co.uk\/wp-content\/uploads\/2023\/04\/word-image-260-18.png\"><\/p>\n<p>CCP will now load with the at the \u201cCommunities View\u201d page. We can see that \u201cR1\u201d is now present as an added device.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" width=\"2736\" height=\"1786\" class=\"wp-image-279\" src=\"https:\/\/jay-miah.co.uk\/wp-content\/uploads\/2023\/04\/word-image-260-19.png\"><\/p>\n<p><strong>Deploy ZBF wizard <\/strong><\/p>\n<p>Lets now turn this router into a ZBF, although this can be done in the CLI, its really quick and easy to use the wizard. It will save us a lot of time as the configuration includes a lot of lines.<\/p>\n<p>Step 1: Navigate to \u201cConfiguration-Firewall-Firewall\u201d click on \u201cCreate Firewall\u201d tab, select \u201cAdvanced\u201d and click \u201cLaunch the selected task\u201d<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" width=\"951\" height=\"736\" class=\"wp-image-280\" src=\"https:\/\/jay-miah.co.uk\/wp-content\/uploads\/2023\/04\/word-image-260-20.png\"><\/p>\n<p>Step 2: At the wizard click \u201cNext\u201d<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" width=\"662\" height=\"483\" class=\"wp-image-281\" src=\"https:\/\/jay-miah.co.uk\/wp-content\/uploads\/2023\/04\/word-image-260-21.png\"><\/p>\n<p>Step 3: Select \u201cFastEthernet0\/0\u201d as the \u201cInside(trusted)\u201d interface, and \u201cFastEthernet0\/1\u201d as the \u201cOutside(untrusted)\u201d interface. Click \u201cNext\u201d<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" width=\"662\" height=\"483\" class=\"wp-image-282\" src=\"https:\/\/jay-miah.co.uk\/wp-content\/uploads\/2023\/04\/word-image-260-22.png\"><\/p>\n<p>Step 4: At the prompt to use CME (voice) functionality, select \u201cNo\u201d<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" width=\"514\" height=\"173\" class=\"wp-image-283\" src=\"https:\/\/jay-miah.co.uk\/wp-content\/uploads\/2023\/04\/word-image-260-23.png\"><\/p>\n<p>Step 5: At the warning prompt, click \u201cOK\u201d since we will be using the \u201cInside\u201d interface to manage the router we should be in the clear.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" width=\"514\" height=\"217\" class=\"wp-image-284\" src=\"https:\/\/jay-miah.co.uk\/wp-content\/uploads\/2023\/04\/word-image-260-24.png\"><\/p>\n<p>Step 6: Select \u201cLow Security\u201d and click \u201cNext\u201d (the policy can be modified later to customise and build the ZBF) for this example we will just stick to low security. You can preview the commands at this stage to see what will be deployed to the Router.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" width=\"662\" height=\"483\" class=\"wp-image-285\" src=\"https:\/\/jay-miah.co.uk\/wp-content\/uploads\/2023\/04\/word-image-260-25.png\"><\/p>\n<p>We can see here that there are over a hundred lines being deployed. Click \u201cClose\u201d<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" width=\"482\" height=\"407\" class=\"wp-image-286\" src=\"https:\/\/jay-miah.co.uk\/wp-content\/uploads\/2023\/04\/word-image-260-26.png\"><\/p>\n<p>Step 7: Review the summary and click \u201cFinish\u201d<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" width=\"662\" height=\"483\" class=\"wp-image-287\" src=\"https:\/\/jay-miah.co.uk\/wp-content\/uploads\/2023\/04\/word-image-260-27.png\"><\/p>\n<p>Step 8: Click \u201cOK\u201d at the informational prompt regarding voice traffic<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" width=\"514\" height=\"185\" class=\"wp-image-288\" src=\"https:\/\/jay-miah.co.uk\/wp-content\/uploads\/2023\/04\/c-users-acitjxm-appdata-local-microsoft-windows-i-1.png\" alt=\"C:\\Users\\acitjxm\\AppData\\Local\\Microsoft\\Windows\\INetCache\\Content.Word\\12.png\"><\/p>\n<p>Step 9: Click \u201cDeliver\u201d to send the commands to the Router, as an option you can tick \u201cSave running config to the device\u2019s startup config\u201d basically after deploying the configuration save it!<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" width=\"602\" height=\"413\" class=\"wp-image-289\" src=\"https:\/\/jay-miah.co.uk\/wp-content\/uploads\/2023\/04\/c-users-acitjxm-appdata-local-microsoft-windows-i-2.png\" alt=\"C:\\Users\\acitjxm\\AppData\\Local\\Microsoft\\Windows\\INetCache\\Content.Word\\14.png\"><\/p>\n<p>Step 10: As the status bar completes, Click \u201cOK\u201d<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" width=\"422\" height=\"293\" class=\"wp-image-290\" src=\"https:\/\/jay-miah.co.uk\/wp-content\/uploads\/2023\/04\/word-image-260-30.png\"><\/p>\n<p>At the confirmation that the configuration has been successful, click \u201cOK\u201d<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" width=\"429\" height=\"161\" class=\"wp-image-291\" src=\"https:\/\/jay-miah.co.uk\/wp-content\/uploads\/2023\/04\/c-users-acitjxm-appdata-local-microsoft-windows-i-3.png\" alt=\"C:\\Users\\acitjxm\\AppData\\Local\\Microsoft\\Windows\\INetCache\\Content.Word\\16.png\"><\/p>\n<p>Step 11: Now that the configuration has been deployed the Router is now acting as a ZBF, we can take a look at the configuration of the rule base by navigating to \u201cConfigure-Security-Firewall-Firewall\u201d click on the \u201cEdit Firewall policy\u201d tab. From here on we can configure and manage the device using CCP. We can implement access policies, create new zones, create NAT policies and list goes on.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" width=\"1209\" height=\"764\" class=\"wp-image-292\" src=\"https:\/\/jay-miah.co.uk\/wp-content\/uploads\/2023\/04\/word-image-260-32.png\"><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Cisco Configuration Professional is a Windows GUI application that network security administrators can use to deploy and manage multiple routers in a single environment. It<\/p>\n","protected":false},"author":1,"featured_media":327,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[10,8,6],"tags":[35,36,37,38],"class_list":["post-260","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cisco-firewall","category-routing","category-security","tag-ccp","tag-cisco-configuration-professional","tag-zbf","tag-zone-based-firewall"],"_links":{"self":[{"href":"https:\/\/jay-miah.co.uk\/index.php\/wp-json\/wp\/v2\/posts\/260","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/jay-miah.co.uk\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/jay-miah.co.uk\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/jay-miah.co.uk\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/jay-miah.co.uk\/index.php\/wp-json\/wp\/v2\/comments?post=260"}],"version-history":[{"count":2,"href":"https:\/\/jay-miah.co.uk\/index.php\/wp-json\/wp\/v2\/posts\/260\/revisions"}],"predecessor-version":[{"id":295,"href":"https:\/\/jay-miah.co.uk\/index.php\/wp-json\/wp\/v2\/posts\/260\/revisions\/295"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/jay-miah.co.uk\/index.php\/wp-json\/wp\/v2\/media\/327"}],"wp:attachment":[{"href":"https:\/\/jay-miah.co.uk\/index.php\/wp-json\/wp\/v2\/media?parent=260"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/jay-miah.co.uk\/index.php\/wp-json\/wp\/v2\/categories?post=260"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/jay-miah.co.uk\/index.php\/wp-json\/wp\/v2\/tags?post=260"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}