Lab Configure a Secure VPN Using IPSec between a PIX and a VPN Client using PDM



Similar documents
Lab 6.5.9b Configure a Secure VPN Using IPSec between a PIX and a VPN Client using CLI

Lab a Configure Remote Access Using Cisco Easy VPN

Configuring the PIX Firewall with PDM

Lab Configure Remote Access Using Cisco Easy VPN

Lab 4.4.8a Configure a Cisco GRE over IPSec Tunnel using SDM

Creating a Gateway to Client VPN between Sidewinder G2 and a Mac OS X Client

Lab Configure Intrusion Prevention on the PIX Security Appliance

Pre-lab and In-class Laboratory Exercise 10 (L10)

Chapter 8 Lab B: Configuring a Remote Access VPN Server and Client

How To Industrial Networking

Lab Configuring the PIX Firewall as a DHCP Server

How to Install a Network-Licensed Version of IBM SPSS Statistics 19

Scenario: IPsec Remote-Access VPN Configuration

Lab Configure Cisco IOS Firewall CBAC

How to setup a VPN on Windows XP in Safari.

Lab - Configure a Windows 7 Firewall

Netgear ProSafe VPN firewall (FVS318 or FVM318) to Cisco PIX firewall

Objectives. Background. Required Resources. CCNA Security

How To Connect To A University Of Cyprus Vpn 3000 From Your Computer To A Computer With A Password Protected Connection

Using Cisco UC320W with Windows Small Business Server

VPNC Interoperability Profile

QUANTIFY INSTALLATION GUIDE

How To Connect To Ecs.Org From A Pc Or Mac Or Ipad (For A Laptop) With A Network Connection (For Mac) With The Ipad Or Ipa (For Pc Or Ipac) With An Ipa Or Ip

Configuring Devices for Use with Cisco Configuration Professional (CCP) 2.5

Print Server Application Guide. This guide applies to the following models.

Lab Configuring Access Policies and DMZ Settings

Quick Installation Guide Network Management Card

Global VPN Client Getting Started Guide

Setting up VMware ESXi for 2X VirtualDesktopServer Manual

Lab Configuring Access Policies and DMZ Settings

Global VPN Client Getting Started Guide

Establishing a VPN tunnel to CNet CWR-854 VPN router using WinXP IPSec client

How to Setup PPTP VPN Between a Windows PPTP Client and the DIR-130.

Configuring a Check Point FireWall-1 to SOHO IPSec Tunnel

(this is being worked on)

Lab - Configure a Windows Vista Firewall

Configuring Check Point VPN-1/FireWall-1 and SecuRemote Client with Avaya IP Softphone via NAT - Issue 1.0

Lab - Using Wireshark to View Network Traffic

Quick Connect. Overview. Client Instructions. LabTech

Easy Setup Guide for the Sony Network Camera

Installing the VPN Client for Microsoft Windows OS

USER GUIDE. Ethernet Configuration Guide (Lantronix) P/N: Rev 6

This topic discusses Cisco Easy VPN, its two components, and its modes of operation. Cisco VPN Client > 3.x

Configure an IPSec Tunnel between a Firebox Vclass & a Check Point FireWall-1

REMOTE ACCESS VPN NETWORK DIAGRAM

V310 Support Note Version 1.0 November, 2011

Cisco QuickVPN Installation Tips for Windows Operating Systems

IIS, FTP Server and Windows

ADSL Router Quick Installation Guide Revised, edited and illustrated by Neo

Remote PC Guide for Standalone PC Implementation

How To Establish IPSec VPN connection between Cyberoam and Mikrotik router

Lab assignment #2 IPSec and VPN Tunnels (Document version 1.1)

TSM for Windows Installation Instructions: Download the latest TSM Client Using the following link:

Installation and Configuration of VPN Software

7. Configuring IPSec VPNs

IPsec VPN Application Guide REV:

VPN Remote Access Installation and Configuration Guide Operating System: Windows (XP, Vista, 7 and 8)

Lab Creating a Logical Network Diagram

CREATING AN IKE IPSEC TUNNEL BETWEEN AN INTERNET SECURITY ROUTER AND A WINDOWS 2000/XP PC

In this lab you will explore the Windows XP Firewall and configure some advanced settings.

Office of Information Technology VPN Client Instructions

Using Device Discovery

Configuring an IPSec Tunnel between a Firebox & a Check Point FireWall-1

Lab Configure Basic AP Security through IOS CLI

Scenario: Remote-Access VPN Configuration

1. Hardware Installation

Connect the Host to attach to Fast Ethernet switch port Fa0/2. Configure the host as shown in the topology diagram above.

Basic ViPNet VPN Deployment Schemes. Supplement to ViPNet Documentation

Maintaining the Content Server

Allworx OfficeSafe Operations Guide Release 6.0

PREMIUM BUSINESS GATEWAY - DEVG2020 DIGITAL BUSINESS USER GUIDE

NSi Mobile Installation Guide. Version 6.2

Astaro Security Gateway V8. Remote Access via L2TP over IPSec Configuring ASG and Client

Deploying Windows Streaming Media Servers NLB Cluster and metasan

Print Server Application Guide

Configuring Thunderbird for Flinders Mail at home.

Lab - Configure a Windows XP Firewall

Configuring PDM. Starting PDM with Internet Explorer CHAPTER

Step-by-Step Setup Guide Wireless File Transmitter FTP Mode

Accessing the Media General SSL VPN

1-Port Wireless USB 2.0 Print Server Model # APSUSB201W. Quick Installation Guide. Ver. 2A

Guideline for setting up a functional VPN

owncloud Configuration and Usage Guide

Lab Configuring PAT with SDM and Static NAT using Cisco IOS Commands

PT Activity: Configure Cisco Routers for Syslog, NTP, and SSH Operations

If you have questions or find errors in the guide, please, contact us under the following address:

Tufts VPN Client User Guide for Windows

NAS 323 Using Your NAS as a VPN Server

How to setup PPTP VPN connection with DI-804HV or DI-808HV using Windows PPTP client

ZyWALL 5. Internet Security Appliance. Quick Start Guide Version 3.62 (XD.0) May 2004

Remote Access - Mac OS X

Windows 2000, Windows XP, and Windows Server 2003

SATO Network Interface Card Configuration Instructions

DOE VPN Client Installation and Setup Guide March 2011

Configuring TheGreenBow VPN Client with a TP-LINK VPN Router

SSL VPN Service. Once you have installed the AnyConnect Secure Mobility Client, this document is available by clicking on the Help icon on the client.

Configuration Professional: Site to Site IPsec VPN Between Two IOS Routers Configuration Example

Setting Up VPN Connection to use Internet Access. 2. Right click on the appropriate VPN connection and click properties

NAC Guest. Lab Exercises

Installing the Microsoft Network Driver Interface

Transcription:

Lab 14.7.5.1 Configure a Secure VPN Using IPSec between a PIX and a VPN Client using PDM Objective Scenario Topology Estimated Time: 30 minutes Number of Team Members: Two teams with four students per team In this lab exercise, students will complete the following tasks: Configure the PIX Easy VPN Server feature using the VPN Wizard. Install and configure the Cisco VPN Client on the Student PC. Verify and Test the Cisco VPN Client remote access connection A network administrator needs secure management access to the PIX and other critical devices on the internal network. In a small company, the budget may not allow for a dedicated VPN Concentrator. Fortunately, the PIX can be configured as an Easy VPN Remote server, allowing a Cisco VPN software client to connect. Once connected, the remote user can access internal IP based resources. Easy VPN Server can be configured using the VPN Wizard within PDM. This figure illustrates the lab network environment: 1-15 Fundamentals of Network Security v 1.2 - Lab 14.7.5.1 Copyright 2004, Cisco Systems, Inc.

Preparation Begin with the standard lab topology and verify the starting configuration on pod PIX Security Appliance. Access the PIX Security Appliance console port using the terminal emulator on the Student PC. If desired, save the PIX Security Appliance configuration to a text file for later analysis. The Cisco VPN 4.0 client software is required for this lab. This software can be obtained through the instructor or can be downloaded at http://www.cisco.com/kobayashi/sw-center/vpn/client/ Tools and Resources In order to complete the lab, the following is required: Standard Client-to-PIX Security Appliance lab topology Console cable HyperTerminal Additional Materials Cisco VPN Client v4.0 Student can use the following link for more information on the objectives covered in this lab: http://www.cisco.com/go/pdm http://www.cisco.com/en/us/products/sw/secursw/ps2308/index.html http://www.cisco.com/en/us/netsol/ns340/ns394/ns171/ns27/networking_solutions_sub_solution_ho me.html Step 1 Configure the PIX Security Appliance Use the VPN Wizard as directed: a. Log into PDM. Choose Wizards>VPN Wizards. The VPN Wizard window will launch. b. Check the Remote Access VPN radio button. c. Select the outside interface in the drop down list 2-15 Fundamentals of Network Security v 1.2 - Lab 14.7.5.1 Copyright 2004, Cisco Systems, Inc.

d. Click the Next button. The Remote Access Client Window appears. e. Verify the Cisco VPN Client, Release 3.x or higher is chosen. Click Next. The VPN Client Group window opens. f. Enter a Group Name of REMOTEVPN with a password of remote123. 3-15 Fundamentals of Network Security v 1.2 - Lab 14.7.5.1 Copyright 2004, Cisco Systems, Inc.

g. Click Next. The Extended Client Authentication Window appears. h. Verify that the Enable Extended Client Authentication checkbox is checked. i. Choose LOCAL in the AAA Server Group drop down menu. j. Click Next. The User Accounts window opens. k. Add a user admin with the password of admin123. Set the privilege level to 15. 4-15 Fundamentals of Network Security v 1.2 - Lab 14.7.5.1 Copyright 2004, Cisco Systems, Inc.

l. Add a second user of sales with a password of sales123. Set the privilege level to 3. m. Click the Next button. The Address Pool window opens. n. Create a pool called REMOTEVPNPOOL with a range of 11.0.P.1 11.0.P.63 o. Click the Next button. The Attributes Pushed to Client window appears. p. Click the Next button. The IKE Policy window appears 5-15 Fundamentals of Network Security v 1.2 - Lab 14.7.5.1 Copyright 2004, Cisco Systems, Inc.

q. Configure DES, MD5, DH Group 2.. r. Click the Next button. The Transform Set window appears. s. Choose DES, MD5 t. Click the Next button. The Address Translation window appears 6-15 Fundamentals of Network Security v 1.2 - Lab 14.7.5.1 Copyright 2004, Cisco Systems, Inc.

u. Click on the browse button and choose the 10.0.P.0 network. Add this to the Selected list. v. Click the Finish button. The Preview CLI commands window will appear. 7-15 Fundamentals of Network Security v 1.2 - Lab 14.7.5.1 Copyright 2004, Cisco Systems, Inc.

w. Click the Send button. x. Navigate to the Configuration>System Properties>Administration>Management Access. y. Choose the inside interface in the drop down menu. Click Apply. Click Send if prompted. Step 2 Configure the Student PC Networking Parameters Certain networking parameters must be configured before the student PC will operate in the lab environment. Complete the following steps to configure the student PC networking parameters. a. Move the Student PC connection to the outside network on VLAN 1 b. Change the IP address and default gateway of the student PC. Obtain a DHCP address from RBB or use the following configuration parameters: IP address - 172.26.26.P (where P = pod number) Subnet mask - 255.255.255.0 Default gateway - 172.26.26.150 b. Ping the backbone router s IP address. The ping should be successful. C:\> ping 172.26.26.150 Pinging 172.26.26.150 with 32 bytes of data: Reply from 172.26.26.150: bytes=32 time<10ms TTL=128 Reply from 172.26.26.150: bytes=32 time<10ms TTL=128 Step 3 Install the VPN Client In this lab exercise, the source files for the VPN Client should already reside on the hard disk drive of the student PC. If the file is not available, or running a Linux or Mac OS, ask the instructor for the install file or download the VPN client from CCO Software Center. http://www.cisco.com/kobayashi/sw-center/vpn/client/ Note If the VPN client is already installed, proceed to Step 4. 8-15 Fundamentals of Network Security v 1.2 - Lab 14.7.5.1 Copyright 2004, Cisco Systems, Inc.

Complete the following steps to install the Cisco VPN Client on the Windows Platform. a. Open the Cisco VPN Client folder found on the student PC desktop. b. Double-click the setup.exe file in the Cisco VPN Client folder. The Cisco Systems VPN Client Setup window opens. c. Click Next. The License Agreement window opens. d. Read the license agreement and click Yes then choose a destination location. e. Accept the default destination folder by clicking Next. The Select Program Folder window opens. f. Accept the defaults by clicking Next. The Start Copying Files window opens. g. The files are copied to the hard disk drive of the student PC, and the InstallShield Wizard Complete window opens. h. Select Yes, I want to restart my computer now and click Finish. The student PC restarts. i. Log into the student PC. Step 4 Configure the Networking Parameters of the VPN Client Use the following procedure to configure the networking parameters of the VPN Client. This procedure assumes Windows 2000 is already running. a. Choose Start>Programs>Cisco Systems VPN Client>VPN Client. The Cisco Systems VPN Client window opens. b. Click New. The New Connection Entry wizard opens. c. Enter PixP as the name in the Connection Entry field. Enter the PIX Security Appliance s public interface IP address, 192.168.P.2, as the IP address of the server. b. Enter the following group information in the Authentication tab. Enter a group name: REMOTEVPN Enter and Confirm a group password: remote123 9-15 Fundamentals of Network Security v 1.2 - Lab 14.7.5.1 Copyright 2004, Cisco Systems, Inc.

c. In the Transport tab, Enable Transparent Tunneling d. Click Save 10-15 Fundamentals of Network Security v 1.2 - Lab 14.7.5.1 Copyright 2004, Cisco Systems, Inc.

Step 5 Launch the VPN Client on the Student PC Complete the following steps to launch the VPN Client on the student PC: a. Choose Start>Programs>Cisco Systems VPN Client>VPN Dialer. b. Verify that the Connection Entry is PixP. c. Verify that the IP address of the remote server is set to the PIX Security Appliance s public interface IP address, 192.168.P.2. d. Click Connect. The Connection History window opens, and several messages flash by quickly. Complete the following sub-steps: When prompted for a username, enter admin. When prompted to enter a password, enter admin123. e. The window closes and a VPN (lock) icon appears in the system tray. This indicates the VPN tunnel has been successfully created. Step 6 Verify the VPN Connection Complete the following steps to verify the IPSec connection: a. Open a web browser on the VPN Client PC. b. Use the web browser to access the inside web server by entering http://10.0.p.10 c. The web server s home page should display. d. On the Student PC, use the browser to connect to PDM. https://10.0.p.1 This connection to PDM should fail. e. Right-click the VPN Dialer icon in the system tray, then left click on Statistics and observe the IP address that was assigned to the student PC. Keep this window open. Note the number of encrypted packets shown on the window. 11-15 Fundamentals of Network Security v 1.2 - Lab 14.7.5.1 Copyright 2004, Cisco Systems, Inc.

f. Console to the PIX. Add the Client IP Address pool to the list of permitted http locations. Pix1(config)# http 11.0.P.0 255.255.255.192 inside g. On the Student PC, use the browser to connect to PDM. https://10.0.p.1 This connection to PDM should be successful. h. Return the VPN Client Statistics window tab and view the information provided. Notice the number of packets encrypted and decrypted have increased. Return to PDM and click on the Refresh button. Observe the packet counts increase. i. In the Home page of PDM, notice the VPN Status shows 1 IPSec Tunnel. j. Navigate to Monitoring>VPN Statistics. Click on IKE SAs to view the IKE connection information. k. Click on the IPSec VPNs to view the IPSec connection information. l. Click on the View Details button. 12-15 Fundamentals of Network Security v 1.2 - Lab 14.7.5.1 Copyright 2004, Cisco Systems, Inc.

m. Click Close. n. Left click on the VPN lock in the system tray VPN dialer icon and right click on Disconnect. o. Verify the running configuration with the end configuration for this lab. Step 7 Modify the Tunnel Policy Complete the following steps to increase the level of the tunnel security by using a stronger encryption and authentication scheme: a. Navigate to Configuration>VPN tab. b. In the Categories pane, click on IPSec>Tunnel Policy. c. Double click on the policy entry or highlight and click the Edit button. d. Select ESP-AES-256-SHA e. Click the OK button, returning to the Tunnel Policy main window. f. Click the Apply button. Click the Send button if prompted, noting the CLI commands. g. Double click on the policy entry or highlight and click the Edit button. 13-15 Fundamentals of Network Security v 1.2 - Lab 14.7.5.1 Copyright 2004, Cisco Systems, Inc.

h. Click on the Select Multiple.. button. i. Add ESP-3DES-SHA followed by ESP-DES-MD5 j. Click the OK button returning to the Tunnel Policy window. k. Click the OK button returning to the Tunnel Policy main window. l. Click the Apply button. Click the Send button if prompted, noting the order of the IPSec proposals. m. In the Categories pane, click on IKE>Policies. n. Make the following changes: Encryption: aes-256, the Hash: sha, and the D-H Group: 2 o. Click OK, returning to the IKE Policies main window. p. Click the Apply button. Click the Send button if prompted, noting IKE policy changes. q. From the Student PC, re-connect to the PIX using the VPN Client. r. Open up the VPN client statistics window and view the new Crypto values. 14-15 Fundamentals of Network Security v 1.2 - Lab 14.7.5.1 Copyright 2004, Cisco Systems, Inc.

s. Disconnect the VPN Session and Exit PDM. 15-15 Fundamentals of Network Security v 1.2 - Lab 14.7.5.1 Copyright 2004, Cisco Systems, Inc.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information