Skip to main content

Remote Access Vpn Configuration


CONFIGURATION


1. Remote User COMMUNICTE PAKISTAN LAN PUBLIC IP : 202.56.215.2  BUT NOT COMMUNICATION ON LAN NETWORK IP  : 192.168.100.1

2.  Remote User PING LAN FTP SERVER  BUT THY DO NOT PING SERVER.

3.  WHEN YOU CONNECTED VPN AND THEN AGAIN PING LAN FTP SERVER . 

___________



________

FIRST REMOTE USER COMMUNICATE ON LAN PUB IP BUT DO NOT COMMUNICATE ON LAN IP.

ALL INTERFECES LINKED UP AND PERFORM ROUTING.

GO TO Company-Router CONFIGURATION MODE.


Router(config)  hostname  Company-Router

CREAT A LOCAL AUTHENTICATION FOR VPN

Company-Router(config)#  aaa new-model

Company-Router(config)#   aaa authentication login WAHAB local

Company-Router(config)#   aaa authorization network HANAN local

Company-Router(config)#    username Manan password Taimoor

CREAT A ISAKMP POLICY FOR VPN

THIS POLICY DEFINES THE ENCRYPTION AND AUTHENTICATION ALGORITHMS THAT WILL BE USED TO PROTECT THE TRAFFIC THAT FLOWS THROUGH THE VPN TUNNEL.

Company-Router(config)#   crypto isakmp policy 10

3DES: TRIPLE DATA ENCRYPTION STANDARD.

 THIS IS A SYMMETRIC ENCRYPTION ALGORITHM THAT USES THREE KEYS TO ENCRYPT DATA.


Company-Router(config-isakmp)#  encryption 3des

Company-Router(config-isakmp)#     hash md5

Company-Router(config-isakmp)#   authentication pre-share

Company-Router(config-isakmp)#    group 2 

Company-Router(config-isakmp)#  exit

CREAT A VPN GROUP AND KEY AND APPLIED IP ADDRESS

Company-Router(config)#   ip local pool VPNPOOL 200.200.200.1 200.200.200.100

Company-Router(config)#   crypto isakmp client configuration group cisco

Company-Router(config-isakmp-group) #  key cisco123

Company-Router(config-isakmp-group)#   pool VPNPOOL

Company-Router(config-isakmp-group)# exit

CREAT A  IPSEC TUNNEL USED TO ENCRYPTED DATA

THIS TRANSFORM SET SPECIFIES THE SPECIFIC ENCRYPTION AND AUTHENTICATION ALGORITHMS THAT WILL BE USED FOR A PARTICULAR TRAFFIC FLOW.

Company-Router(config)#   crypto ipsec transform-set set1 esp-3des esp-md5-hmac

CREAT A MAP FOR VPN

THIS CRYPTO MAP ASSOCIATES AN IPSEC POLICY AND TRANSFORM SET WITH A SPECIFIC INTERFACE.

Company-Router(config)#      crypto dynamic-map map1 10

Company-Router(config-crypto-map)#   set transform-set set1

Company-Router(config-crypto-map)#    reverse-route

Company-Router(config-crypto-map)#  exit

APPLIED AUTHENTICATION AND AUTHORIZATION FOR VPN

Company-Router(config)#   crypto map map1 client configuration address respond

Company-Router(config)#   crypto map map1 client authentication list WAHAB
 
Company-Router(config)#     crypto map map1 isakmp authorization list HANAN

Company-Router(config)#      crypto map map1 10 ipsec-isakmp dynamic map1

VPN CONFIGURATION APPLIED ON INTERFACE

THIS WILL ENABLE IPSEC ON THE INTERFACE AND ALLOW TRAFFIC TO FLOW THROUGH THE VPN TUNNEL.

Company-Router(config)#    interface FastEthernet0/0

Company-Router(config)#     crypto map map1

VPN CONFIGURATION IS DONE GO TO REMOTE USER AND CONNECT VPN AND COMUNICATION CAN BE DONE.



___________



 
 

Comments

Popular posts from this blog

TCP/IP MODEL

  HISTORY OF TCP/IP MODEL THE TCP/IP MODEL WAS DEVELOPED BY VINT CERF AND BOB KAHN IN THE 1970S. THEY WERE BOTH WORKING AT THE DEFENSE ADVANCED RESEARCH PROJECTS AGENCY (DARPA) AT THE TIME. Vint Cerf And Bob Kahn CERF AND KAHN WERE TASKED WITH DEVELOPING A NEW NETWORK PROTOCOL THAT WOULD BE MORE RELIABLE AND EFFICIENT THAN THE EXISTING PROTOCOLS. THEY CAME UP WITH THE IDEA OF USING A LAYERED APPROACH, WHICH WOULD ALLOW EACH LAYER TO FOCUS ON A SPECIFIC TASK. THIS LED TO THE DEVELOPMENT OF THE TCP/IP MODEL, WHICH IS STILL THE BASIS FOR HOW DATA IS TRANSMITTED OVER THE INTERNET TODAY. CERF AND KAHN ARE OFTEN REFERRED TO AS THE "FATHERS OF THE INTERNET" FOR THEIR WORK ON THE TCP/IP MODEL. THEY WERE INDUCTED INTO THE NATIONAL INVENTORS HALL OF FAME IN 2004 FOR THEIR CONTRIBUTIONS TO THE DEVELOPMENT OF THE INTERNET. HERE ARE SOME OTHER NOTABLE PEOPLE WHO CONTRIBUTED TO THE DEVELOPMENT OF THE TCP/IP MODEL: JON POSTEL: POSTEL WAS THE FIRST CHAIRMAN OF THE INTERNET ENGINEERI...

Types Of Attack in Network

Common Network Attacks Explained. 1. Overwhelming a Network (DoS/DDoS): Imagine a restaurant that's flooded with too many customers. In a DoS/DDoS attack: A website is overwhelmed with too much traffic. 2. Eavesdropping on Conversations (MitM): Imagine someone listening in on your phone call. In a MitM attack: An attacker listens to your online conversations. 3. Tricking You (Phishing): Imagine receiving a fake email from your bank. In phishing: Attackers try to trick you into giving them your personal information. 4. Finding a Weakness in a Website (SQL Injection): Imagine finding a hole in a fence. In an SQL injection attack: An attacker finds a weakness in a website to steal or change data. 5. Planting a Hidden Camera (XSS): Imagine someone hiding a camera in a party. In an XSS attack: An attacker hides harmful code on a website to spy on you. 6. Guessing Your Password (Password Attck): Imagine trying to guess a friend's password. In a pas...

OSI Refrance Model

OSI MODEL 1. THE OSI MODEL WAS DEVELOPED BY THE INTERNATIONAL ORGANIZATION FOR STANDARDIZATION (ISO) IN THE LATE 1970S. THE MAIN ARCHITECT OF THE OSI MODEL WAS HUBERT ZIMMERMANN, A FRENCH SOFTWARE ENGINEER. 2.  ISO REPRESENT A 1947 MORE THAN WORK AND AGAIN REPRESENTS A ISO IN 1977 AND MORE THAN WORK AN REPRESENT  IN 1983 A OSI REDFRENCE MODEL. 2. HIS MODEL REPRESENT A 7 LAYER 3. OSI MEANS  (OPEN SYSTEMS INTERCOMMUNICATIO). 1. APPLICATION LAYER 1. THE APPLICATION LAYER IS USED BY END-USER SOFTWARE SUCH AS WEB BROWSERS AND EMAIL CLIENTS.  IT PROVIDES PROTOCOLS THAT ALLOW SOFTWARE TO SEND AND RECEIVE INFORMATION AND PRESENT MEANINGFUL DATA TO USERS. 2.  IT SENDS ITS DATA TO THE FORM OF THE  PDU. PROTOCLS  AND DEVICES USED IN LAYER THERE ARE SOME PROTOCOLS THAT WORK AT THE BACKEND OF THE APPLICATION LAYER. WHICH IN TURN WORKS AT THE APPLICATION LAYER. MANY DEVICES USE IT AT THE APPLICATION LAYER. PROTOCOLS FTP  (FILE TRANSOFER PROTOCOL) DNS (DOMA...