Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Networking

POLYTECHNIC OF NAMIBIA transforming into

advertisement 
POLYTECHNIC OF NAMIBIA
SCHOOL OF COMPUTING AND INFORMATICS
Computer Science Department:
Private Bag 13388 | 13 Stock Street | Windhoek, NAMIBIA
http://sit.polytechnic.edu.na
transforming into
Namibia
University of
Science and
Technology
Network Security NWS620S – Lab 3
Virtual Private Networks
A VPN is a private network established using a public network infrastructure, such as the Internet.
Since the Internet is an open, public resource, sensitive corporate data must be protected and
VPNs provide methods to ensure that data is protected from eavesdropping, manipulation, and
outright theft. Establishing this virtual connection between two endpoints is known as tunneling.
Common VPN types are site-to-site VPNs and remote access VPNs. Site-to-site VPN are usually
established using IPSec, which ensure data integrity, confidentiality and encryption. IPSec also
ensures that tunnel end points authenticate each other
The objectives of this lab are:
• To configure a site-to-site VPN.
• The VPN configured will show that we can configure IPSec to provide
o data integrity,
o confidentiality and
o encryption
1. Use the topology above to setup your network.
2. Configure the interfaces with the IP addresses on the topology diagram
3. Configure RIP v2 routing on all the routers, Check the routes and test end to end connectivity
4. For the IPSec tunnel do the following
a. bdr1(config)#crypto isakmp enable starting IPsec in the router
b. bdr1(config)#crypto isakmp policy 1 After issuing this command you specify the
parameters that are going to be used by IPSec. The ISAKMP policy specifies the
details for the initial key and secure parameters exchange.
c. bdr1(config-isakmp)#authentication pre-share
d. bdr1(config-isakmp)#encryption aes
e. bdr1(config-isakmp)#hash sha
f. bdr1(config-isakmp)#group 2
g. bdr1 (config-isakmp)#exit
h. bdr1(config)#crypto isakmp key password address 199.1.1.6 The key must match
on both endpoints
i. bdr1 (config)#crypto ipsec transform-set lab7 esp-aes esp-sha-hmac transform set
for data protection (data encapsulation method)
j. bdr1(config)#crypto ipsec security-association lifetime seconds 86400 lifetime of
the key you defined above
k. bdr1 (config)#access-list 120 permit ip 11.0.0.1 0.255.255.255 12.0.0.0 0.255.255.255
ACL identifies the traffic that will be encrypted through the tunnel
l. bdr1(config)#crypto map lab7 10 ipsec-isakmp
% NOTE: This new crypto map will remain disabled until a peer and a valid access list
have been configured.
Tunnel information is identified by a crypto map which joins the ISAKMP policies, IPsec
data detail, the peer address, and the crypto ACL.
m.
n.
o.
p.
q.
bdr1(config-crypto-map)#match address 120
bdr1 (config-crypto-map)#set peer 199.1.1.6
bdr1 (config-crypto-map)#set pfs group2
bdr1(config-crypto-map)#set transform-set lab7
bdr1 (config-crypto-map)#exit
r. bdr1(config)#int s 0/0/0
s. bdr1(config-if)#crypto map lab7 identifies interface partipating in the tunnel
CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is ON
5. Save your configurations
6. REPEAT STEPS 4 -5 ON bdr2 ROUTER MAKING SURE TO CHANGE THE
PARAMETERS TO SUIT bdr2 WHERE NECESSARY
7. Issue the following show commands on router bdr1 and bdr2
a. show crypto Isakmp policy
b. show crypto isakmp sa status should be active
c. show crypto map
d. sh crypto ipsec transform-set
e. show crypto ipsec sa you should see that the tunnel has not yet been used
8. Ping PC2 from PC1 and vice versa
a. show crypto ipsec sa you should see that the tunnel has been used
Related documents
IPsec cheat sheet
IPsec cheat sheet
(Cheat Sheet
(Cheat Sheet
Đây là một cấu hình từ CCO (not tested) 1. Yêu cầu:
Đây là một cấu hình từ CCO (not tested) 1. Yêu cầu:
PT Lab Doc
PT Lab Doc
crypto-user
crypto-user
Configuring the Cisco VPN 3000 Concentrator to the PIX Firewall
Configuring the Cisco VPN 3000 Concentrator to the PIX Firewall
Configuring IPSec Router−to−Router, Pre−Shared, NAT Overload Between Private Networks Contents Introduction
Configuring IPSec Router−to−Router, Pre−Shared, NAT Overload Between Private Networks Contents Introduction
8.4.1.2 Packet Tracer - Configure and Verify a Site-to-Site IPsec VPN Using CLI
8.4.1.2 Packet Tracer - Configure and Verify a Site-to-Site IPsec VPN Using CLI
Setting Up an IPSEC VPN - Cisco Support Community
Setting Up an IPSEC VPN - Cisco Support Community
Implementation of MQ based identification schemes (C/C++/Java)
Implementation of MQ based identification schemes (C/C++/Java)
R1(config-crypto-map)
R1(config-crypto-map)
Chapter 8 Lab A, Configuring a Site-to
Chapter 8 Lab A, Configuring a Site-to
Configuring IPSec VPN
Configuring IPSec VPN
Packet Tracer – Configuring VPNs (Optional)
Packet Tracer – Configuring VPNs (Optional)
IPSec/GRE with NAT on IOS Router Configuration Example Contents Document ID: 14137
IPSec/GRE with NAT on IOS Router Configuration Example Contents Document ID: 14137
File - Racheal Nell
File - Racheal Nell
R1(config-crypto-map)
R1(config-crypto-map)
IOS VPN Router: Add or Remove a Network on an Contents
IOS VPN Router: Add or Remove a Network on an Contents
show crypto isakmp policy
show crypto isakmp policy
IPsec Between Two IOS Routers with Overlapping Private Networks Configuration Example Contents Introduction
IPsec Between Two IOS Routers with Overlapping Private Networks Configuration Example Contents Introduction
PIX 6.x: Dynamic IPsec Between a Statically
PIX 6.x: Dynamic IPsec Between a Statically
Dynamic IPsec Tunnel Between a Statically
Dynamic IPsec Tunnel Between a Statically
Download
advertisement