Skip to main content

Remote Access Vpn Configuration


CONFIGURATION


1. Remote User COMMUNICTE PAKISTAN LAN PUBLIC IP : 202.56.215.2  BUT NOT COMMUNICATION ON LAN NETWORK IP  : 192.168.100.1

2.  Remote User PING LAN FTP SERVER  BUT THY DO NOT PING SERVER.

3.  WHEN YOU CONNECTED VPN AND THEN AGAIN PING LAN FTP SERVER . 

___________



________

FIRST REMOTE USER COMMUNICATE ON LAN PUB IP BUT DO NOT COMMUNICATE ON LAN IP.

ALL INTERFECES LINKED UP AND PERFORM ROUTING.

GO TO Company-Router CONFIGURATION MODE.


Router(config)  hostname  Company-Router

CREAT A LOCAL AUTHENTICATION FOR VPN

Company-Router(config)#  aaa new-model

Company-Router(config)#   aaa authentication login WAHAB local

Company-Router(config)#   aaa authorization network HANAN local

Company-Router(config)#    username Manan password Taimoor

CREAT A ISAKMP POLICY FOR VPN

THIS POLICY DEFINES THE ENCRYPTION AND AUTHENTICATION ALGORITHMS THAT WILL BE USED TO PROTECT THE TRAFFIC THAT FLOWS THROUGH THE VPN TUNNEL.

Company-Router(config)#   crypto isakmp policy 10

3DES: TRIPLE DATA ENCRYPTION STANDARD.

 THIS IS A SYMMETRIC ENCRYPTION ALGORITHM THAT USES THREE KEYS TO ENCRYPT DATA.


Company-Router(config-isakmp)#  encryption 3des

Company-Router(config-isakmp)#     hash md5

Company-Router(config-isakmp)#   authentication pre-share

Company-Router(config-isakmp)#    group 2 

Company-Router(config-isakmp)#  exit

CREAT A VPN GROUP AND KEY AND APPLIED IP ADDRESS

Company-Router(config)#   ip local pool VPNPOOL 200.200.200.1 200.200.200.100

Company-Router(config)#   crypto isakmp client configuration group cisco

Company-Router(config-isakmp-group) #  key cisco123

Company-Router(config-isakmp-group)#   pool VPNPOOL

Company-Router(config-isakmp-group)# exit

CREAT A  IPSEC TUNNEL USED TO ENCRYPTED DATA

THIS TRANSFORM SET SPECIFIES THE SPECIFIC ENCRYPTION AND AUTHENTICATION ALGORITHMS THAT WILL BE USED FOR A PARTICULAR TRAFFIC FLOW.

Company-Router(config)#   crypto ipsec transform-set set1 esp-3des esp-md5-hmac

CREAT A MAP FOR VPN

THIS CRYPTO MAP ASSOCIATES AN IPSEC POLICY AND TRANSFORM SET WITH A SPECIFIC INTERFACE.

Company-Router(config)#      crypto dynamic-map map1 10

Company-Router(config-crypto-map)#   set transform-set set1

Company-Router(config-crypto-map)#    reverse-route

Company-Router(config-crypto-map)#  exit

APPLIED AUTHENTICATION AND AUTHORIZATION FOR VPN

Company-Router(config)#   crypto map map1 client configuration address respond

Company-Router(config)#   crypto map map1 client authentication list WAHAB
 
Company-Router(config)#     crypto map map1 isakmp authorization list HANAN

Company-Router(config)#      crypto map map1 10 ipsec-isakmp dynamic map1

VPN CONFIGURATION APPLIED ON INTERFACE

THIS WILL ENABLE IPSEC ON THE INTERFACE AND ALLOW TRAFFIC TO FLOW THROUGH THE VPN TUNNEL.

Company-Router(config)#    interface FastEthernet0/0

Company-Router(config)#     crypto map map1

VPN CONFIGURATION IS DONE GO TO REMOTE USER AND CONNECT VPN AND COMUNICATION CAN BE DONE.



___________



 
 

Comments

Popular posts from this blog

BRIDGE MODE AND NAT MODE AP

  BOTH BRIDGE MODE AND NAT MODE ARE WAYS TO CONFIGURE AN ACCESS POINT (AP) TO EXTEND A NETWORK, BUT THEY DIFFER IN HOW THEY HANDLE IP ADDRESSES AND NETWORK TRAFFIC: BRIDGE MODE: CONCEPT: ACTS AS A TRANSPARENT BRIDGE, SIMPLY RELAYING DATA BETWEEN WIRED AND WIRELESS DEVICES. IP ADDRESS: DEVICES OBTAIN THEIR IP ADDRESSES FROM AN UPSTREAM DHCP SERVER, TYPICALLY THE MAIN ROUTER ON THE NETWORK. NETWORK TRAFFIC: ALL DEVICES, BOTH WIRED AND WIRELESS, ARE SEEN AS PART OF THE SAME NETWORK AND CAN DIRECTLY COMMUNICATE WITH EACH OTHER. BENEFITS: SEAMLESS ROAMING: DEVICES CAN EFFORTLESSLY SWITCH BETWEEN APS WITHOUT LOSING THEIR IP ADDRESS OR CONNECTION. SIMPLIFIED NETWORK MANAGEMENT: ALL DEVICES ARE ON THE SAME SUBNET, MAKING CONFIGURATION AND TROUBLESHOOTING EASIER. INCREASED COMPATIBILITY: WORKS WITH DEVICES THAT DON'T SUPPORT NAT TRAVERSAL (E.G., SOME VPN CLIENTS). DRAWBACKS: LESS SECURITY : ALL DEVICES ARE DIRECTLY EXPOSED TO EACH OTHER, POTENTIALLY INCREAS

DOS AND DDOS ATTACK

A Dos (Denial-Of-Service) Attack and A DDOS (Distributed Denial-Of-Service) Attack Are Both Attempts to Make a Computer System or Network Resource Unavailable to Legitimate Users. However, They Differ in How They Achieve This: Dos Attack: Imagine A Single Person Throwing Rocks at A Castle Gate. A This Person Represents the Attacker, And the Rocks Represent the Malicious Traffic. The Castle Gate Represents the Target System or Network Resource. The Attacker Keeps Throwing Rocks, Trying to Overwhelm the Gate's Defenses and Gain Entry. Dos Attacks Are Typically Launched from A Single System. They Can Be Effective Against Small Systems or Networks, But Larger Systems Can Often Withstand Them. DDos Attack: Imagine An Army Throwing Rocks at A Castle Gate. This Army Represents the Attacker, And the Rocks Represent the Malicious Traffic. The Castle Gate Represents the Target System or Network Resource. The Attackers Coordinate Their Attack, Throwing Rocks from Multiple Directions at Once.

VSC (Virtual Cluster Switching)

  VIRTUAL CLUSTER SWITCHING (VCS): THIS IS A PROPRIETARY NETWORK FABRIC TECHNOLOGY DEVELOPED BY BROCADE, LATER ACQUIRED BY EXTREME NETWORKS. IT ALLOWS MULTIPLE PHYSICAL SWITCHES TO BE COMBINED AND MANAGED AS A SINGLE LOGICAL UNIT, OFFERING SEVERAL BENEFITS: SIMPLIFIED MANAGEMENT: MANAGE THE ENTIRE VCS AS ONE ENTITY, REDUCING CONFIGURATION OVERHEAD AND TROUBLESHOOTING COMPLEXITY. INCREASED PORT DENSITY: COMBINE PORTS FROM MULTIPLE SWITCHES TO CREATE A LARGER POOL OF AVAILABLE CONNECTIONS. IMPROVED PERFORMANCE:   ENHANCE LINK UTILIZATION AND LOAD BALANCING ACROSS MULTIPLE PHYSICAL LINKS, REDUCING BOTTLENECKS. ENHANCED REDUNDANCY:   PROVIDES FAILOVER PROTECTION IN CASE OF A SWITCH FAILURE. TRAFFIC WILL BE AUTOMATICALLY REROUTED TO OTHER SWITCHES WITHIN THE VCS. SIMPLIFIED NETWORK TOPOLOGY: ELIMINATES THE NEED FOR COMPLEX LINK AGGREGATION OR SPANNING TREE PROTOCOL (STP) CONFIGURATIONS. _________ VCS, OR VIRTUAL CLUSTER SWITCHING, CAN OPERATE IN DIFFERENT MODES DEPENDI