Cisco Router as a VPN Server. Agenda VPN Categories of VPN – Secure VPNs – Trusted VPN Hardware / Software Requirement Network Diagram Basic Router Configuration.

Slides:



Advertisements
Similar presentations
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 1 Network Security 2 Module 6 – Configure Remote Access VPN.
Advertisements

© 2006 Cisco Systems, Inc. All rights reserved. Network Security 2 Module 4: Configuring Site to Site VPN with Pre-shared keys.
Encrypting Wireless Data with VPN Techniques
Internet Protocol Security (IP Sec)
1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.
Securing Remote PC Access to UNIX/Linux Hosts with VPN or SSH Charles T. Moetului WRQ, Inc. (206)
Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)
Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.
Virtual Private Networks. Why VPN Fast, secure and reliable communication between remote locations –Use leased lines to maintain a WAN. –Disadvantages.
SCSC 455 Computer Security Virtual Private Network (VPN)
1 Configuring Virtual Private Networks for Remote Clients and Networks.
Guide to Network Defense and Countermeasures Second Edition
1 IP Security Outline of the session –IP Security Overview –IP Security Architecture –Key Management Based on slides by Dr. Lawrie Brown of the Australian.
1 IP VPN Nikolay Scarbnik. 2 Agenda Introduction………………………………………………………….3 VPN concept definition……………………………………………..4 VPN advantages……………...…………………………………….5.
Configuration of a Site-to-Site IPsec Virtual Private Network Anuradha Kallury CS 580 Special Project August 23, 2005.
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 1 Implementing Secure Converged Wide Area Networks (ISCW)
VPN – Technologies and Solutions CS158B Network Management April 11, 2005 Alvin Tsang Eyob Solomon Wayne Tsui.
Internet Protocol Security (IPSec)
VPN – Virtual Private Networking. VPN A Virtual Private Network (VPN) connects the components of one network over another network. VPNs accomplish this.
Remote Networking Architectures
Virtual Private Network (VPN) © N. Ganesan, Ph.D..
1 © J. Liebeherr, All rights reserved Virtual Private Networks.
VPN TUNNELING PROTOCOLS PPTP, L2TP, L2TP/IPsec Ashkan Yousefpour Amirkabir University of Technology.
Overview of Routing and Remote Access Service (RRAS) When RRAS was implemented in Microsoft Windows NT 4.0, it added support for a number of features.
Virtual Private Network
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 1 Network Security 2 Module 6 – Configure Remote Access VPN.
1 Microsoft Windows NT 4.0 Authentication Protocols Password Authentication Protocol (PAP) Challenge Handshake Authentication Protocol (CHAP) Microsoft.
Creating an IPsec VPN using IOS command syntax. What is IPSec IPsec, Internet Protocol Security, is a set of protocols defined by the IETF, Internet Engineering.
SYSTEM ADMINISTRATION Chapter 13 Security Protocols.
Virtual Private Network (VPN) SCSC 455. VPN A virtual private network that is established over, in general, the Internet – It is virtual because it exists.
What Is Needed to Build a VPN? An existing network with servers and workstations Connection to the Internet VPN gateways (i.e., routers, PIX, ASA, VPN.
RE © 2003, Cisco Systems, Inc. All rights reserved.
© 2006 Cisco Systems, Inc. All rights reserved. Network Security 2 Module 3: VPN and Encryption Technology.
Implementing VPN Solutions Laurel Boyer, CCIE 4918 Presented, June 2003.
12-Sep-15 Virtual Private Network. Why the need To transmit files securely without disclosing sensitive information to others in the Internet.
© 2003, Cisco Systems, Inc. All rights reserved. FNS 1.0— © 2003, Cisco Systems, Inc. All rights reserved.
Page 1 NAT & VPN Lecture 8 Hassan Shuja 05/02/2006.
1 Chapter 8 Copyright 2003 Prentice-Hall Cryptographic Systems: SSL/TLS, VPNs, and Kerberos.
Cosc 4765 SSL/TLS and VPN. SSL and TLS We can apply this generally, but also from a prospective of web services. Multi-layered: –S-http (secure http),
VIRTUAL PRIVATE NETWORK By: Tammy Be Khoa Kieu Stephen Tran Michael Tse.
© 2006 Cisco Systems, Inc. All rights reserved. Optimizing Converged Cisco Networks (ONT) Module 4: Implement the DiffServ QoS Model.
Information management 1 Groep T Leuven – Information department 1/26 IPSec IP Security (IPSec)
IT:Network:Apps.  RRAS does nice job of routing ◦ NAT is nice ◦ BASIC firewall ok but somewhat weak  Communication on network (WS to SRV) is in clear.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved. CNIT 221 Security 2 Module 3 City College of San.
Network access security methods Unit objective Explain the methods of ensuring network access security Explain methods of user authentication.
Generic Routing Encapsulation GRE  GRE is an OSI Layer 3 tunneling protocol: Encapsulates a wide variety of protocol packet types inside.
© 2006 Cisco Systems, Inc. All rights reserved. Network Security 2 Module 4: Configuring Site to Site VPN with Pre-shared keys.
1 Virtual Private Networks (VPNs) and IP Security (IPSec) G53ACC Chris Greenhalgh.
IP Security: Security Across the Protocol Stack. IP Security There are some application specific security mechanisms –eg. S/MIME, PGP, Kerberos, SSL/HTTPS.
Virtual Private Network. ATHENA Main Function of VPN  Privacy  Authenticating  Data Integrity  Antireplay.
Securing Data Transmission and Authentication. Securing Traffic with IPSec IPSec allows us to protect our network from within IPSec secures the IP protocol.
Virtual Private Network Chapter 4. Lecturer : Trần Thị Ngọc Hoa2 Objectives  VPN Overview  Tunneling Protocol  Deployment models  Lab Demo.
V IRTUAL P RIVATE N ETWORKS K ARTHIK M OHANASUNDARAM W RIGHT S TATE U NIVERSITY.
Virtual Private Network Configuration
IPSec is a suite of protocols defined by the Internet Engineering Task Force (IETF) to provide security services at the network layer. standard protocol.
Lect 8 Tahani al jehain. Types of attack Remote code execution: occurs when an attacker exploits a software and runs a program that the user does not.
K. Salah1 Security Protocols in the Internet IPSec.
Securing Access to Data Using IPsec Josh Jones Cosc352.
WELCOME LAN TO LAN VPN LAN to LAN VPN also known as Site to Site VPN is the most basic and the most simplest of all the VPN’s used on CISCO devices. It.
VPNs & IPsec Dr. X Slides adopted by Prof. William Enck, NCSU.
Module 4: Configuring Site to Site VPN with Pre-shared keys
VPNs and IPSec Review VPN concepts Encryption IPSec Lab.
R3# R3#sh run Building configuration...
Virtual Private Networks
Virtual Private Network (VPN)
Virtual Private Network (VPN)
VPNs and IPSec Review VPN concepts Encryption IPSec Lab.
Server-to-Client Remote Access and DirectAccess
Virtual Private Network zswu
Presentation transcript:

Cisco Router as a VPN Server

Agenda VPN Categories of VPN – Secure VPNs – Trusted VPN Hardware / Software Requirement Network Diagram Basic Router Configuration Configuring AAA Server Virtual Template VPDN IPSec

What is VPN ? A virtual private network (VPN) is a computer network that is implemented in an additional logical layer (overlay) on top of an existing network. It has the purpose of creating a private scope of computer communications or providing a secure extension of a private network into an insecure network such as the Internet.

Categories of VPN VPN technologies may be classified by many standards. Two broad categories of VPN are: – Secure VPNs – Trusted VPNs

Secure VPNs Provide mechanisms for authentication of the tunnel endpoints and encryption of the traffic. Provide remote access facilities to employees. Connects multiple networks together securely using the Internet to carry the traffic. Secure VPN protocols include IPSec, SSL or PPTP (with MPPE). Doesn't provide Qos or routing.

Trusted VPNs Created by carriers and large organizations on large core networks. Provides Quality of Service. Trusted VPN protocols include MPLS, ATM or Frame Relay. Do not provide security features such as data confidentiality through encryption.

Hardware / Software Req Cisco integrated services router with 12.4 advance enterprise IOS. Ethernet Cables (Cross Over). PCs / Laptops. Cisco VPN Client (v ). Cisco Security Device Manager (SDM for GUI based configuration). Java Runtime Environment (for SDM).

Network Diagram

Basic Router Configuration Creating Local Login Users for VPN. Router(config)# username [loginID] privilege [1-15] password 0 [password] Configure Fast Ethernet Interfaces Router#config t Router(config)#int f0/0 Router(config-if)# description Internal LAN ( /24) Router(config-if)#ip address Router(config-if)#no shut Router(config)#int f0/1 Router(config-if)# description VPN INT ( /24) Router(config-if)#ip address Router(config-if)#no shut

Basic Router Configuration (contd) Configure Routing Protocol Router#config t Router(config)#router eigrp 1 Router(config-router)#network Router(config-router)#network Router(config-router)#network IP Pool Router(config)# ip local pool ip_pool

Configuring AAA aaa-model Enables the authentication, authorization, and accounting (AAA) access control model. Router(config)#aaa new-model aaa session-id [common | unique] Ensures that all session identification (ID) information that is sent out for a given call will be made identical. The default behavior is common. Router(config)#aaa session-id common

Configuring AAA (contd) aaa authentication login [list-name] local Sets (AAA) authentication at login. Local keyword tells the AAA to use local username database for authentication. Router(config)# aaa authentication login vpn_xauth local aaa authorization network [list-name] local Creates a list for authorization of all network-related service requests. Local keyword tells the AAA to use local username database for authentication Router(config)# aaa authorization network vpn_group local

Virtual Template A virtual template interface is a logical entity that are created, configured dynamically, used, and then freed when no longer needed. Requires the same amount of memory as a serial interface. Cisco routers support a maximum of 300 virtual interfaces.

Benifts of Virtual Template For easier maintenance, allows customized configurations to be predefined. For scalability, allows interface configuration to be separated from physical interfaces. For consistency and configuration ease, allows the same predefined template to be used for all users. For efficient router operation, frees the virtual access interface memory for another dial-in use when the user's call ends.

Configuring Virtual Template Router#config t Router(config)# interface Virtual-Template1 Router(config-if)# ip unnumbered FastEthernet0/1 Router(config-if)# no peer default ip address Router(config-if)# ppp encrypt mppe auto required Router(config-if)# ppp authentication ms-chap ms-chap-v2

VPDN A virtual private dialup network (VPDN) allows a private network dial in service to span across to remote access servers (defined as the L2TP Access Concentrator [LAC]). LAC forwards the PPP session on to an L2TP Network Server (LNS). The LNS then authenticates the user and starts the PPP negotiation. VPDN uses the Layer 2 Forwarding protocol (L2F) which permits the tunneling of link level frames

Configuring VPDN enable vpdn Enables virtual private networking. Router(config)#enable vpdn vpdn-group [group name] Ceates a vpdn group which specifies the protocol, dialup mode and interface Router(config)# vpdn-group VPN_Server Router(config)# accept-dialin Router(config)# protocol pptp Router(config)# virtual-template 1

IPSec Internet Protocol Security (IPsec) is a protocol suite for securing Internet Protocol (IP) communications. IPsec uses the following protocols to perform various functions Internet key exchange (IKE and IKEv2) to set up a security association (SA) Authentication Header (AH) to provide connectionless integrity. Encapsulating Security Payload (ESP) to provide confidentiality.

Configuring IPSec based VPN Defines an Internet Key Exchange (IKE) policy. IKE policies define a set of parameters to be used during the IKE negotiation Router(config)#crypto isakmp policy 1 Router(config-crypto-isakmp)# encr 3des Router(config-crypto-isakmp)# authentication pre-share Router(config-crypto-isakmp)# group 2 crypto isakmp policy [priority]

Configuring IPSec based VPN (contd) sh crypto isakmp policy Below command list the policy created as a result of last command (previous slide). Router#sh crypto isakmp policy Global IKE policy Protection suite of priority 1 encryption algorithm: Three key triple DES hash algorithm: Secure Hash Standard authentication method: Pre-Shared Key Diffie-Hellman group: #2 (1024 bit) lifetime: seconds, no volume limit

Configuring IPSec based VPN (contd) crypto isakmp client configuration group [name] Specify which groups policy profile will be defined by defining key and ip address pool. Router(config)#crypto isakmp client configuration group ipsec_group Router(config-crypto-isakmp )# key ipsec Router(config-crypto-isakmp )# pool ip_pool Router(config-crypto-isakmp )# netmask

Configuring IPSec based VPN (contd) crypto ipsec transform-set A transform set specifies the encryption and authentication algorithms used to protect the data in the VPN Tunnel. Router(config)#crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac Router(config-crypto-ipsec )#crypto dynamic-map DYNMAP 1 Router(config-crypto-ipsec )#set transform-set ESP-3DES-SHA Transform Set: Name:ESP-3DES-SHA1 ESP Encryption: ESP_3DES ESP Integrity: ESP_SHA_HMAC

Configuring IPSec based VPN (contd) crypto map Creates a crypto profile that provides a template for configuration. Router(config)#crypto map CMAP client authentication list vpn_auth Router(config)#crypto map CMAP isakmp authorization list vpn_group Router(config)#int f0/1 Router(config-if)#crypto map CMAP

Live Demonstration

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.