Sunday, June 11, 2017

VPN Configuration

IPSEC VPN CONFIGURATION
Virtual Private Network (VPN)  and IPsec
  • Extension of a private network over a public network and VPN doesn't necessarily imply encryption. For security reason, apply IPsec securtiy framework to VPN tunnel.. IPsec is a standards based security framework. IPSec offers four frames 
    • Data origin authentication
    • Data integrity
    • Data Confidentiality 
    • Anti-replay
  • Main goal for IPSec VPN is to encrypt and authenticate IPv4 or IPv6 packets over public network. 
  • Goal of IPSec exchange is to establish phases using IKE
  • Occurs through the main negotiation phases using IKE
  • IPSec Phase 1
    • Authenticate endpints and build a secure tunnel for further negotiation
    • ISAKMP SA
  • IPSec Phase 2
    • Establish the tunnel used to protect the actual data traffic
    • IPSEC SA 
  • Negotiating Phase 1 ( ISAKMP SA)
    • Authentication method ( authentication pre-share/rsa-encr/rsa-sig)
    • Encryption type ( 3des/aes/des) 
    • group ( 1/14/15/16..)
    • lifetime (60-86400)
  • Negotiating Phase 2 ( IPSEC SA)
    • set peer ( xx.xx.xx)
    • set transform-set xxx
    • set address xx
  • Applying the Crypto Map
    • Crypto Map applies to the link level
EXAMPLE VPN NETWORK DESIGN
R3 CONFIGURATION

R2 CONFIGURATION
  

R2's VPN CONNECTION VERIFICATION
  

USEFUL CONFIGURATION VERIFICATION COMMANDS
Router # show crypto isakmp [default] policy
Router # show crypto ipsec sa
Router # show crypto isakmp sa
Router # show crypto ipsec transform-set <name>
Router # show crypto debug-condition

USEFUL DEBUGGING COMMANDS FOR TROUBLESHOOTING
Router # debug crypto isakmp
Router # debug crypto ipsec


REFERENCE









No comments:

Post a Comment

PEN TESTING USEFUL TOOLS - FOCA

PEN TESTING USEFUL TOOLS FOCA ( Fingerprinting Organizations with Collected Achieves) FOCA is a tool used mainly to find leak information in...