SlideShare una empresa de Scribd logo

Ciscorouterasavpnserver 100218045815-phpapp01

Descargar como PPT, PDF
S
slavenvvv
Tecnología
1 de 24
Cisco Router as a VPN Server
Agenda • VPN • Categories of VPN – Secure VPNs – Trusted VPN • Hardware / Software Requirement • Network Diagram • Basic Router Configuration • Configuring AAA Server • Virtual Template • VPDN • IPSec
What is VPN ? A virtual private network (VPN) is a computer network that is implemented in an additional logical layer (overlay) on top of an existing network. It has the purpose of creating a private scope of computer communications or providing a secure extension of a private network into an insecure network such as the Internet. http://en.wikipedia.org/wiki/Virtual_private_network
Categories of VPN VPN technologies may be classified by many standards. Two broad categories of VPN are: – Secure VPNs – Trusted VPNs
Secure VPNs • Provide mechanisms for authentication of the tunnel endpoints and encryption of the traffic. • Provide remote access facilities to employees. • Connects multiple networks together securely using the Internet to carry the traffic. • Secure VPN protocols include IPSec, SSL or PPTP (with MPPE). • Doesn't provide Qos or routing.
Trusted VPNs • Created by carriers and large organizations on large core networks. • Provides Quality of Service. • Trusted VPN protocols include MPLS, ATM or Frame Relay. • Do not provide security features such as data confidentiality through encryption.
Hardware / Software Req • Cisco integrated services router with 12.4 advance enterprise IOS. • Ethernet Cables (Cross Over). • PCs / Laptops. • Cisco VPN Client (v5.0.06.0110). • Cisco Security Device Manager (SDM for GUI based configuration). • Java Runtime Environment (for SDM).
Network Diagram
Basic Router Configuration • Creating Local Login Users for VPN. Router(config)# username [loginID] privilege [1-15] password 0 [password] • Configure Fast Ethernet Interfaces Router#config t Router(config)#int f0/0 Router(config-if)# description Internal LAN (192.168.0.0/24) Router(config-if)#ip address 192.168.0.254 255.255.255.0 Router(config-if)#no shut Router(config)#int f0/1 Router(config-if)# description VPN INT (10.1.1.0/24) Router(config-if)#ip address 10.1.1.254 255.255.255.0 Router(config-if)#no shut
Basic Router Configuration (contd) • Configure Routing Protocol Router#config t Router(config)#router eigrp 1 Router(config-router)#network 192.168.0.0 Router(config-router)#network 172.16.1.0 Router(config-router)#network 10.0.0.0 • IP Pool Router(config)# ip local pool ip_pool 172.16.1.10 172.16.1.20
Configuring AAA • aaa-model Enables the authentication, authorization, and accounting (AAA) access control model. Router(config)#aaa new-model • aaa session-id [common | unique] Ensures that all session identification (ID) information that is sent out for a given call will be made identical. The default behavior is common. Router(config)#aaa session-id common
Configuring AAA (contd) • aaa authentication login [list-name] local Sets (AAA) authentication at login. ‘Local’ keyword tells the AAA to use local username database for authentication. Router(config)# aaa authentication login vpn_xauth local • aaa authorization network [list-name] local Creates a list for authorization of all network-related service requests . ‘Local’ keyword tells the AAA to use local username database for authentication Router(config)# aaa authorization network vpn_group local
Virtual Template • A virtual template interface is a logical entity that are created, configured dynamically, used, and then freed when no longer needed. • Requires the same amount of memory as a serial interface. • Cisco routers support a maximum of 300 virtual interfaces.
Benifts of Virtual Template • For easier maintenance, allows customized configurations to be predefined. • For scalability, allows interface configuration to be separated from physical interfaces. • For consistency and configuration ease, allows the same predefined template to be used for all users. • For efficient router operation, frees the virtual access interface memory for another dial-in use
Configuring Virtual Template Router#config t Router(config)# interface Virtual-Template1 Router(config-if)# ip unnumbered FastEthernet0/1 Router(config-if)# no peer default ip address Router(config-if)# ppp encrypt mppe auto required Router(config-if)# ppp authentication ms-chap ms-chap-v2
VPDN • A virtual private dial−up network (VPDN) allows a private network dial in service to span across to remote access servers (defined as the L2TP Access Concentrator [LAC]). • LAC forwards the PPP session on to an L2TP Network Server (LNS). The LNS then authenticates the user and starts the PPP negotiation. • VPDN uses the Layer 2 Forwarding protocol (L2F) which permits the tunneling of link level frames
Configuring VPDN • enable vpdn Enables virtual private networking. Router(config)#enable vpdn • vpdn-group [group name] Ceates a vpdn group which specifies the protocol, dialup mode and interface Router(config)# vpdn-group VPN_Server Router(config)# accept-dialin Router(config)# protocol pptp Router(config)# virtual-template 1
IPSec • Internet Protocol Security (IPsec) is a protocol suite for securing Internet Protocol (IP) communications. • IPsec uses the following protocols to perform various functions  Internet key exchange (IKE and IKEv2) to set up a security association (SA)  Authentication Header (AH) to provide connectionless integrity.  Encapsulating Security Payload (ESP) to provide confidentiality.
Configuring IPSec based VPN • crypto isakmp policy [priority] Defines an Internet Key Exchange (IKE) policy. IKE policies define a set of parameters to be used during the IKE negotiation Router(config)#crypto isakmp policy 1 Router(config-crypto-isakmp)# encr 3des Router(config-crypto-isakmp)# authentication pre-share Router(config-crypto-isakmp)# group 2
Configuring IPSec based VPN (contd) • sh crypto isakmp policy Below command list the policy created as a result of last command (previous slide). Router#sh crypto isakmp policy Global IKE policy Protection suite of priority 1 encryption algorithm: Three key triple DES hash algorithm: Secure Hash Standard authentication method: Pre-Shared Key Diffie-Hellman group: #2 (1024 bit) lifetime: 86400 seconds, no volume limit
Configuring IPSec based VPN (contd) • crypto isakmp client configuration group [name] Specify which group’s policy profile will be defined by defining key and ip address pool. Router(config)#crypto isakmp client configuration group ipsec_group Router(config-crypto-isakmp )# key ipsec Router(config-crypto-isakmp )# pool ip_pool Router(config-crypto-isakmp )# netmask 255.255.255.255
Configuring IPSec based VPN (contd) • crypto ipsec transform-set A transform set specifies the encryption and authentication algorithms used to protect the data in the VPN Tunnel. Router(config)#crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac Router(config-crypto-ipsec )#crypto dynamic-map DYNMAP 1 Router(config-crypto-ipsec )#set transform-set ESP-3DES-SHA Transform Set: Name:ESP-3DES-SHA1 ESP Encryption: ESP_3DES ESP Integrity: ESP_SHA_HMAC
Configuring IPSec based VPN (contd) • crypto map Creates a crypto profile that provides a template for configuration. Router(config)#crypto map CMAP client authentication list vpn_auth Router(config)#crypto map CMAP isakmp authorization list vpn_group Router(config)#int f0/1 Router(config-if)#crypto map CMAP
Live Demonstration

Recomendados

Cisco Router As A Vpn Server
Cisco Router As A Vpn ServerCisco Router As A Vpn Server
Cisco Router As A Vpn Servermmoizuddin
 
Vpn(4)
Vpn(4)Vpn(4)
Vpn(4)Suraj Kumar
 
VPN Theory
VPN TheoryVPN Theory
VPN TheoryLJ PROJECTS
 
Types of VPN
Types of VPNTypes of VPN
Types of VPNNetProtocol Xpert
 
How Secure are IPsec and SSL VPN encryptions
How Secure are IPsec and SSL VPN encryptionsHow Secure are IPsec and SSL VPN encryptions
How Secure are IPsec and SSL VPN encryptionsUday Bhatia
 
VPN - Virtual Private Network
VPN - Virtual Private NetworkVPN - Virtual Private Network
VPN - Virtual Private NetworkPeter R. Egli
 
Tunnel & vpn1
Tunnel & vpn1Tunnel & vpn1
Tunnel & vpn1ariesubagyo
 
Npppd: easy vpn with OpenBSD
Npppd: easy vpn with OpenBSDNpppd: easy vpn with OpenBSD
Npppd: easy vpn with OpenBSDGiovanni Bechis
 

Recomendados

Cisco Router As A Vpn Server
Cisco Router As A Vpn ServerCisco Router As A Vpn Server
Cisco Router As A Vpn Servermmoizuddin
 
Vpn(4)
Vpn(4)Vpn(4)
Vpn(4)Suraj Kumar
 
VPN Theory
VPN TheoryVPN Theory
VPN TheoryLJ PROJECTS
 
Types of VPN
Types of VPNTypes of VPN
Types of VPNNetProtocol Xpert
 
How Secure are IPsec and SSL VPN encryptions
How Secure are IPsec and SSL VPN encryptionsHow Secure are IPsec and SSL VPN encryptions
How Secure are IPsec and SSL VPN encryptionsUday Bhatia
 
VPN - Virtual Private Network
VPN - Virtual Private NetworkVPN - Virtual Private Network
VPN - Virtual Private NetworkPeter R. Egli
 
Tunnel & vpn1
Tunnel & vpn1Tunnel & vpn1
Tunnel & vpn1ariesubagyo
 
Npppd: easy vpn with OpenBSD
Npppd: easy vpn with OpenBSDNpppd: easy vpn with OpenBSD
Npppd: easy vpn with OpenBSDGiovanni Bechis
 
VPN presentation
VPN presentationVPN presentation
VPN presentationRiazehri
 
Vpn
VpnVpn
VpnKamalPreet Saluja
 
VPN Network
VPN NetworkVPN Network
VPN NetworkWani Zahoor
 
Vpn networks kami
Vpn networks kamiVpn networks kami
Vpn networks kamikamran_share
 
Virtual private network(vpn)
Virtual private network(vpn)Virtual private network(vpn)
Virtual private network(vpn)sonalikasingh15
 
CCNA Network Services
CCNA Network ServicesCCNA Network Services
CCNA Network ServicesDsunte Wilson
 
L2 tp
L2 tpL2 tp
L2 tpRamya Chowdary
 
Vpn Virtual Private Network
Vpn Virtual Private NetworkVpn Virtual Private Network
Vpn Virtual Private Networkfaisalmalik
 
Mikrotik Tutorial
Mikrotik TutorialMikrotik Tutorial
Mikrotik TutorialMd Sohrab Hossain Sourav
 
SITE TO SITE IPSEC VPN TUNNEL B/W CISCO ROUTERS
SITE TO SITE IPSEC VPN TUNNEL B/W CISCO ROUTERS SITE TO SITE IPSEC VPN TUNNEL B/W CISCO ROUTERS
SITE TO SITE IPSEC VPN TUNNEL B/W CISCO ROUTERS NetProtocol Xpert
 
IoT Communication Protocols, Socket Programming with Python, MQTT & HTTP
IoT Communication Protocols, Socket Programming with Python, MQTT & HTTPIoT Communication Protocols, Socket Programming with Python, MQTT & HTTP
IoT Communication Protocols, Socket Programming with Python, MQTT & HTTPAnshu Pandey
 
Vpn " Virtual Private Network "
Vpn " Virtual Private Network "Vpn " Virtual Private Network "
Vpn " Virtual Private Network "Muhammad Usman
 
Virtual Private Network main
Virtual Private Network mainVirtual Private Network main
Virtual Private Network mainKanika Gupta
 
MikroTik Firewall : Securing your Router with Port Knocking
MikroTik Firewall : Securing your Router with Port KnockingMikroTik Firewall : Securing your Router with Port Knocking
MikroTik Firewall : Securing your Router with Port KnockingAkbar Azwir, MM, PMP, PMI-SP, PSM I, CISSP
 
1ip Tunneling And Vpn Technologies 101220042129 Phpapp01
1ip Tunneling And Vpn Technologies 101220042129 Phpapp011ip Tunneling And Vpn Technologies 101220042129 Phpapp01
1ip Tunneling And Vpn Technologies 101220042129 Phpapp01Hussein Elmenshawy
 
L2 tp., ip sec
L2 tp., ip secL2 tp., ip sec
L2 tp., ip secZekriaMuzafar
 
Review on Protocols of Virtual Private Network
Review on Protocols of Virtual Private NetworkReview on Protocols of Virtual Private Network
Review on Protocols of Virtual Private NetworkIRJET Journal
 
Ip tunneling and vpns
Ip tunneling and vpnsIp tunneling and vpns
Ip tunneling and vpnsDAVID RAUDALES
 
Iot protocols seminar
Iot protocols seminarIot protocols seminar
Iot protocols seminarMakarand Badgujar
 
IoT Communication Protocols
IoT Communication ProtocolsIoT Communication Protocols
IoT Communication ProtocolsPradeep Kumar TS
 
Vpn site to site
Vpn site to siteVpn site to site
Vpn site to siteIT Tech
 
Vpn presentation
Vpn presentationVpn presentation
Vpn presentationstolentears
 

Más contenido relacionado

La actualidad más candente

VPN presentation
VPN presentationVPN presentation
VPN presentationRiazehri
 
Virtual private network(vpn)
Virtual private network(vpn)Virtual private network(vpn)
Virtual private network(vpn)sonalikasingh15
 
CCNA Network Services
CCNA Network ServicesCCNA Network Services
CCNA Network ServicesDsunte Wilson
 
Vpn Virtual Private Network
Vpn Virtual Private NetworkVpn Virtual Private Network
Vpn Virtual Private Networkfaisalmalik
 
SITE TO SITE IPSEC VPN TUNNEL B/W CISCO ROUTERS
SITE TO SITE IPSEC VPN TUNNEL B/W CISCO ROUTERS SITE TO SITE IPSEC VPN TUNNEL B/W CISCO ROUTERS
SITE TO SITE IPSEC VPN TUNNEL B/W CISCO ROUTERS NetProtocol Xpert
 
IoT Communication Protocols, Socket Programming with Python, MQTT & HTTP
IoT Communication Protocols, Socket Programming with Python, MQTT & HTTPIoT Communication Protocols, Socket Programming with Python, MQTT & HTTP
IoT Communication Protocols, Socket Programming with Python, MQTT & HTTPAnshu Pandey
 
Vpn " Virtual Private Network "
Vpn " Virtual Private Network "Vpn " Virtual Private Network "
Vpn " Virtual Private Network "Muhammad Usman
 
Virtual Private Network main
Virtual Private Network mainVirtual Private Network main
Virtual Private Network mainKanika Gupta
 
1ip Tunneling And Vpn Technologies 101220042129 Phpapp01
1ip Tunneling And Vpn Technologies 101220042129 Phpapp011ip Tunneling And Vpn Technologies 101220042129 Phpapp01
1ip Tunneling And Vpn Technologies 101220042129 Phpapp01Hussein Elmenshawy
 
Review on Protocols of Virtual Private Network
Review on Protocols of Virtual Private NetworkReview on Protocols of Virtual Private Network
Review on Protocols of Virtual Private NetworkIRJET Journal
 
IoT Communication Protocols
IoT Communication ProtocolsIoT Communication Protocols
IoT Communication ProtocolsPradeep Kumar TS
 

La actualidad más candente (20)

VPN presentation
VPN presentationVPN presentation
VPN presentation
 
Vpn
VpnVpn
Vpn
 
VPN Network
VPN NetworkVPN Network
VPN Network
 
Vpn networks kami
Vpn networks kamiVpn networks kami
Vpn networks kami
 
Virtual private network(vpn)
Virtual private network(vpn)Virtual private network(vpn)
Virtual private network(vpn)
 
CCNA Network Services
CCNA Network ServicesCCNA Network Services
CCNA Network Services
 
L2 tp
L2 tpL2 tp
L2 tp
 
Vpn Virtual Private Network
Vpn Virtual Private NetworkVpn Virtual Private Network
Vpn Virtual Private Network
 
Mikrotik Tutorial
Mikrotik TutorialMikrotik Tutorial
Mikrotik Tutorial
 
SITE TO SITE IPSEC VPN TUNNEL B/W CISCO ROUTERS
SITE TO SITE IPSEC VPN TUNNEL B/W CISCO ROUTERS SITE TO SITE IPSEC VPN TUNNEL B/W CISCO ROUTERS
SITE TO SITE IPSEC VPN TUNNEL B/W CISCO ROUTERS
 
IoT Communication Protocols, Socket Programming with Python, MQTT & HTTP
IoT Communication Protocols, Socket Programming with Python, MQTT & HTTPIoT Communication Protocols, Socket Programming with Python, MQTT & HTTP
IoT Communication Protocols, Socket Programming with Python, MQTT & HTTP
 
Vpn " Virtual Private Network "
Vpn " Virtual Private Network "Vpn " Virtual Private Network "
Vpn " Virtual Private Network "
 
Virtual Private Network main
Virtual Private Network mainVirtual Private Network main
Virtual Private Network main
 
MikroTik Firewall : Securing your Router with Port Knocking
MikroTik Firewall : Securing your Router with Port KnockingMikroTik Firewall : Securing your Router with Port Knocking
MikroTik Firewall : Securing your Router with Port Knocking
 
1ip Tunneling And Vpn Technologies 101220042129 Phpapp01
1ip Tunneling And Vpn Technologies 101220042129 Phpapp011ip Tunneling And Vpn Technologies 101220042129 Phpapp01
1ip Tunneling And Vpn Technologies 101220042129 Phpapp01
 
L2 tp., ip sec
L2 tp., ip secL2 tp., ip sec
L2 tp., ip sec
 
Review on Protocols of Virtual Private Network
Review on Protocols of Virtual Private NetworkReview on Protocols of Virtual Private Network
Review on Protocols of Virtual Private Network
 
Ip tunneling and vpns
Ip tunneling and vpnsIp tunneling and vpns
Ip tunneling and vpns
 
Iot protocols seminar
Iot protocols seminarIot protocols seminar
Iot protocols seminar
 
IoT Communication Protocols
IoT Communication ProtocolsIoT Communication Protocols
IoT Communication Protocols
 

Destacado

Vpn site to site
Vpn site to siteVpn site to site
Vpn site to siteIT Tech
 
Vpn presentation
Vpn presentationVpn presentation
Vpn presentationstolentears
 
VPN (virtual Private Network)
VPN (virtual Private Network)VPN (virtual Private Network)
VPN (virtual Private Network)Chandan Jha
 
Design of a campus network
Design of a campus networkDesign of a campus network
Design of a campus networkAalap Tripathy
 
Amazing simple facts
Amazing simple factsAmazing simple facts
Amazing simple factsCeleb 98
 
The Science of Fun - Data-driven Game Development
The Science of Fun - Data-driven Game DevelopmentThe Science of Fun - Data-driven Game Development
The Science of Fun - Data-driven Game Developmentalex_turcan
 
Virtual private network
Virtual private networkVirtual private network
Virtual private networkSowmia Sathyan
 

Destacado (8)

Vpn site to site
Vpn site to siteVpn site to site
Vpn site to site
 
Vpn presentation
Vpn presentationVpn presentation
Vpn presentation
 
VPN (virtual Private Network)
VPN (virtual Private Network)VPN (virtual Private Network)
VPN (virtual Private Network)
 
Vpn
VpnVpn
Vpn
 
Design of a campus network
Design of a campus networkDesign of a campus network
Design of a campus network
 
Amazing simple facts
Amazing simple factsAmazing simple facts
Amazing simple facts
 
The Science of Fun - Data-driven Game Development
The Science of Fun - Data-driven Game DevelopmentThe Science of Fun - Data-driven Game Development
The Science of Fun - Data-driven Game Development
 
Virtual private network
Virtual private networkVirtual private network
Virtual private network
 

Similar a Ciscorouterasavpnserver 100218045815-phpapp01

Private cloud networking_cloudstack_days_austin
Private cloud networking_cloudstack_days_austinPrivate cloud networking_cloudstack_days_austin
Private cloud networking_cloudstack_days_austinChiradeep Vittal
 
Application hosting in the Intelligent WAN
Application hosting in the Intelligent WANApplication hosting in the Intelligent WAN
Application hosting in the Intelligent WANCisco DevNet
 
CCN CEP.pptx
CCN CEP.pptxCCN CEP.pptx
CCN CEP.pptxNOOR69810
 
CCNA2 Verson6 Chapter1
CCNA2 Verson6 Chapter1CCNA2 Verson6 Chapter1
CCNA2 Verson6 Chapter1Chaing Ravuth
 
Unleashing the Power of Fabric Orchestrating New Performance Features for SR-...
Unleashing the Power of Fabric Orchestrating New Performance Features for SR-...Unleashing the Power of Fabric Orchestrating New Performance Features for SR-...
Unleashing the Power of Fabric Orchestrating New Performance Features for SR-...Liz Warner
 
CCNA (R & S) Module 04 - Scaling Networks - Chapter 1
CCNA (R & S) Module 04 - Scaling Networks - Chapter 1CCNA (R & S) Module 04 - Scaling Networks - Chapter 1
CCNA (R & S) Module 04 - Scaling Networks - Chapter 1Waqas Ahmed Nawaz
 
CCNA3 Verson6 Chapter1
CCNA3 Verson6 Chapter1CCNA3 Verson6 Chapter1
CCNA3 Verson6 Chapter1Chaing Ravuth
 
Module 8 - Ccna - Pre.pptx
Module 8 - Ccna - Pre.pptxModule 8 - Ccna - Pre.pptx
Module 8 - Ccna - Pre.pptxAliMohamed855266
 
NCS: NEtwork Control System Hands-on Labs
NCS: NEtwork Control System Hands-on Labs NCS: NEtwork Control System Hands-on Labs
NCS: NEtwork Control System Hands-on Labs Cisco Canada
 
Reference design for v mware nsx
Reference design for v mware nsxReference design for v mware nsx
Reference design for v mware nsxsolarisyougood
 
Simplifying the secure data center
Simplifying the secure data centerSimplifying the secure data center
Simplifying the secure data centerCisco Canada
 
Session 6 Tp 6
Session 6 Tp 6Session 6 Tp 6
Session 6 Tp 6githe26200
 
MANUAWAN FL_NETWORKING_CONFIGURATION.pptx
MANUAWAN FL_NETWORKING_CONFIGURATION.pptxMANUAWAN FL_NETWORKING_CONFIGURATION.pptx
MANUAWAN FL_NETWORKING_CONFIGURATION.pptxFrankLoydMANUAWAN1
 
Building the SD-Branch using uCPE
Building the SD-Branch using uCPEBuilding the SD-Branch using uCPE
Building the SD-Branch using uCPEMichelle Holley
 
IP security and VPN presentation
IP security and VPN presentation IP security and VPN presentation
IP security and VPN presentation KishoreTs3
 

Similar a Ciscorouterasavpnserver 100218045815-phpapp01 (20)

Private cloud networking_cloudstack_days_austin
Private cloud networking_cloudstack_days_austinPrivate cloud networking_cloudstack_days_austin
Private cloud networking_cloudstack_days_austin
 
Application hosting in the Intelligent WAN
Application hosting in the Intelligent WANApplication hosting in the Intelligent WAN
Application hosting in the Intelligent WAN
 
CCN CEP.pptx
CCN CEP.pptxCCN CEP.pptx
CCN CEP.pptx
 
Chapter14ccna
Chapter14ccnaChapter14ccna
Chapter14ccna
 
CCNA2 Verson6 Chapter1
CCNA2 Verson6 Chapter1CCNA2 Verson6 Chapter1
CCNA2 Verson6 Chapter1
 
CCNA Syllabus
CCNA SyllabusCCNA Syllabus
CCNA Syllabus
 
Unleashing the Power of Fabric Orchestrating New Performance Features for SR-...
Unleashing the Power of Fabric Orchestrating New Performance Features for SR-...Unleashing the Power of Fabric Orchestrating New Performance Features for SR-...
Unleashing the Power of Fabric Orchestrating New Performance Features for SR-...
 
CCNA (R & S) Module 04 - Scaling Networks - Chapter 1
CCNA (R & S) Module 04 - Scaling Networks - Chapter 1CCNA (R & S) Module 04 - Scaling Networks - Chapter 1
CCNA (R & S) Module 04 - Scaling Networks - Chapter 1
 
VPN presentation - moeshesh
VPN presentation - moesheshVPN presentation - moeshesh
VPN presentation - moeshesh
 
CCNA3 Verson6 Chapter1
CCNA3 Verson6 Chapter1CCNA3 Verson6 Chapter1
CCNA3 Verson6 Chapter1
 
Module 8 - Ccna - Pre.pptx
Module 8 - Ccna - Pre.pptxModule 8 - Ccna - Pre.pptx
Module 8 - Ccna - Pre.pptx
 
NCS: NEtwork Control System Hands-on Labs
NCS: NEtwork Control System Hands-on Labs NCS: NEtwork Control System Hands-on Labs
NCS: NEtwork Control System Hands-on Labs
 
Reference design for v mware nsx
Reference design for v mware nsxReference design for v mware nsx
Reference design for v mware nsx
 
Simplifying the secure data center
Simplifying the secure data centerSimplifying the secure data center
Simplifying the secure data center
 
Resume
ResumeResume
Resume
 
Session 6 Tp 6
Session 6 Tp 6Session 6 Tp 6
Session 6 Tp 6
 
MANUAWAN FL_NETWORKING_CONFIGURATION.pptx
MANUAWAN FL_NETWORKING_CONFIGURATION.pptxMANUAWAN FL_NETWORKING_CONFIGURATION.pptx
MANUAWAN FL_NETWORKING_CONFIGURATION.pptx
 
Building the SD-Branch using uCPE
Building the SD-Branch using uCPEBuilding the SD-Branch using uCPE
Building the SD-Branch using uCPE
 
IP security and VPN presentation
IP security and VPN presentation IP security and VPN presentation
IP security and VPN presentation
 
Chapter08
Chapter08Chapter08
Chapter08
 

Último

Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 

Último (20)

Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 

Ciscorouterasavpnserver 100218045815-phpapp01

  • 1. Cisco Router as a VPN Server
  • 2. Agenda • VPN • Categories of VPN – Secure VPNs – Trusted VPN • Hardware / Software Requirement • Network Diagram • Basic Router Configuration • Configuring AAA Server • Virtual Template • VPDN • IPSec
  • 3. What is VPN ? A virtual private network (VPN) is a computer network that is implemented in an additional logical layer (overlay) on top of an existing network. It has the purpose of creating a private scope of computer communications or providing a secure extension of a private network into an insecure network such as the Internet. http://en.wikipedia.org/wiki/Virtual_private_network
  • 4. Categories of VPN VPN technologies may be classified by many standards. Two broad categories of VPN are: – Secure VPNs – Trusted VPNs
  • 5. Secure VPNs • Provide mechanisms for authentication of the tunnel endpoints and encryption of the traffic. • Provide remote access facilities to employees. • Connects multiple networks together securely using the Internet to carry the traffic. • Secure VPN protocols include IPSec, SSL or PPTP (with MPPE). • Doesn't provide Qos or routing.
  • 6. Trusted VPNs • Created by carriers and large organizations on large core networks. • Provides Quality of Service. • Trusted VPN protocols include MPLS, ATM or Frame Relay. • Do not provide security features such as data confidentiality through encryption.
  • 7. Hardware / Software Req • Cisco integrated services router with 12.4 advance enterprise IOS. • Ethernet Cables (Cross Over). • PCs / Laptops. • Cisco VPN Client (v5.0.06.0110). • Cisco Security Device Manager (SDM for GUI based configuration). • Java Runtime Environment (for SDM).
  • 9. Basic Router Configuration • Creating Local Login Users for VPN. Router(config)# username [loginID] privilege [1-15] password 0 [password] • Configure Fast Ethernet Interfaces Router#config t Router(config)#int f0/0 Router(config-if)# description Internal LAN (192.168.0.0/24) Router(config-if)#ip address 192.168.0.254 255.255.255.0 Router(config-if)#no shut Router(config)#int f0/1 Router(config-if)# description VPN INT (10.1.1.0/24) Router(config-if)#ip address 10.1.1.254 255.255.255.0 Router(config-if)#no shut
  • 10. Basic Router Configuration (contd) • Configure Routing Protocol Router#config t Router(config)#router eigrp 1 Router(config-router)#network 192.168.0.0 Router(config-router)#network 172.16.1.0 Router(config-router)#network 10.0.0.0 • IP Pool Router(config)# ip local pool ip_pool 172.16.1.10 172.16.1.20
  • 11. Configuring AAA • aaa-model Enables the authentication, authorization, and accounting (AAA) access control model. Router(config)#aaa new-model • aaa session-id [common | unique] Ensures that all session identification (ID) information that is sent out for a given call will be made identical. The default behavior is common. Router(config)#aaa session-id common
  • 12. Configuring AAA (contd) • aaa authentication login [list-name] local Sets (AAA) authentication at login. ‘Local’ keyword tells the AAA to use local username database for authentication. Router(config)# aaa authentication login vpn_xauth local • aaa authorization network [list-name] local Creates a list for authorization of all network-related service requests . ‘Local’ keyword tells the AAA to use local username database for authentication Router(config)# aaa authorization network vpn_group local
  • 13. Virtual Template • A virtual template interface is a logical entity that are created, configured dynamically, used, and then freed when no longer needed. • Requires the same amount of memory as a serial interface. • Cisco routers support a maximum of 300 virtual interfaces.
  • 14. Benifts of Virtual Template • For easier maintenance, allows customized configurations to be predefined. • For scalability, allows interface configuration to be separated from physical interfaces. • For consistency and configuration ease, allows the same predefined template to be used for all users. • For efficient router operation, frees the virtual access interface memory for another dial-in use
  • 15. Configuring Virtual Template Router#config t Router(config)# interface Virtual-Template1 Router(config-if)# ip unnumbered FastEthernet0/1 Router(config-if)# no peer default ip address Router(config-if)# ppp encrypt mppe auto required Router(config-if)# ppp authentication ms-chap ms-chap-v2
  • 16. VPDN • A virtual private dial−up network (VPDN) allows a private network dial in service to span across to remote access servers (defined as the L2TP Access Concentrator [LAC]). • LAC forwards the PPP session on to an L2TP Network Server (LNS). The LNS then authenticates the user and starts the PPP negotiation. • VPDN uses the Layer 2 Forwarding protocol (L2F) which permits the tunneling of link level frames
  • 17. Configuring VPDN • enable vpdn Enables virtual private networking. Router(config)#enable vpdn • vpdn-group [group name] Ceates a vpdn group which specifies the protocol, dialup mode and interface Router(config)# vpdn-group VPN_Server Router(config)# accept-dialin Router(config)# protocol pptp Router(config)# virtual-template 1
  • 18. IPSec • Internet Protocol Security (IPsec) is a protocol suite for securing Internet Protocol (IP) communications. • IPsec uses the following protocols to perform various functions  Internet key exchange (IKE and IKEv2) to set up a security association (SA)  Authentication Header (AH) to provide connectionless integrity.  Encapsulating Security Payload (ESP) to provide confidentiality.
  • 19. Configuring IPSec based VPN • crypto isakmp policy [priority] Defines an Internet Key Exchange (IKE) policy. IKE policies define a set of parameters to be used during the IKE negotiation Router(config)#crypto isakmp policy 1 Router(config-crypto-isakmp)# encr 3des Router(config-crypto-isakmp)# authentication pre-share Router(config-crypto-isakmp)# group 2
  • 20. Configuring IPSec based VPN (contd) • sh crypto isakmp policy Below command list the policy created as a result of last command (previous slide). Router#sh crypto isakmp policy Global IKE policy Protection suite of priority 1 encryption algorithm: Three key triple DES hash algorithm: Secure Hash Standard authentication method: Pre-Shared Key Diffie-Hellman group: #2 (1024 bit) lifetime: 86400 seconds, no volume limit
  • 21. Configuring IPSec based VPN (contd) • crypto isakmp client configuration group [name] Specify which group’s policy profile will be defined by defining key and ip address pool. Router(config)#crypto isakmp client configuration group ipsec_group Router(config-crypto-isakmp )# key ipsec Router(config-crypto-isakmp )# pool ip_pool Router(config-crypto-isakmp )# netmask 255.255.255.255
  • 22. Configuring IPSec based VPN (contd) • crypto ipsec transform-set A transform set specifies the encryption and authentication algorithms used to protect the data in the VPN Tunnel. Router(config)#crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac Router(config-crypto-ipsec )#crypto dynamic-map DYNMAP 1 Router(config-crypto-ipsec )#set transform-set ESP-3DES-SHA Transform Set: Name:ESP-3DES-SHA1 ESP Encryption: ESP_3DES ESP Integrity: ESP_SHA_HMAC
  • 23. Configuring IPSec based VPN (contd) • crypto map Creates a crypto profile that provides a template for configuration. Router(config)#crypto map CMAP client authentication list vpn_auth Router(config)#crypto map CMAP isakmp authorization list vpn_group Router(config)#int f0/1 Router(config-if)#crypto map CMAP

Notas del editor

  1. The IPSec Encapsulating Security Payload (ESP) provides data privacy. The ESP protocol also defines an authenticated format that provides data authentication and integrity, with data privacy. AH with the SHA (Secure Hash Algorithm) (an HMAC variant) authentication algorithm