380 likes | 403 Views
Scenario & Hands-on 7-1 VPN Configuration- PPTP. 1. 2. 3. 4. 5. 6. Create object for PPTP server IP address and IP address range Click “ Address ” in Objects Key in the correspond IP address. Scenario & Hands-on 7-1 VPN Configuration- PPTP. 1. 2. 3. 4. 5. 6.
E N D
Scenario & Hands-on7-1 VPN Configuration-PPTP 1 2 3 4 5 6 Create object for PPTP server IP address and IP address range Click “Address” in Objects Key in the correspond IP address
Scenario & Hands-on7-1 VPN Configuration-PPTP 1 2 3 4 5 6 Create Local Database for PPTP authentication Click “Local User Databases ” in User Authentication Key in the correct Username and Password
Scenario & Hands-on7-1 VPN Configuration-PPTP 1 2 3 4 5 6 Create PPTP tunnel Click “PPTP/L2TP Servers ” in Interface Choose the correspond configuration
Scenario & Hands-on7-1 VPN Configuration-PPTP 1 2 3 4 5 6 Create User Authentication Rules for PPTP tunnel Click “User Authentication Rules ” in User Authentication Choose the correspond configuration Enable Log setting and choose local user database
Scenario & Hands-on7-1 VPN Configuration-PPTP 1 2 3 4 5 6 Create IP Rules for PPTP tunnel Click “IP Rules ” in Rules Choose the correspond configuration Enable Log setting
Scenario & Hands-on7-1 VPN Configuration-PPTP 1 2 3 4 5 6 • After all configuration, Click “configuration” on main menu bar • Click “Save and Activate”
Scenario & Hands-on7-1 VPN Configuration-PPTP Testing Result
Internal LAN1 IP: 192.168.1.0/24 Internal LAN2 IP: 192.168.2.0/24 Internal LAN3 IP: 192.168.3.0/24 Scenario & Hands-on7-1 Exercise 7-1- VPN Configuration-PPTP PPTP Client VPN Tunnel WAN1 DHCP IP Objectives: Use Windows client to Dial-up PPTP Ping the IP address of LAN in firewall DFL-1600
Internal LAN1 IP: 192.168.1.0/24 Internal LAN2 IP: 192.168.2.0/24 Internal LAN3 IP: 192.168.3.0/24 Scenario & Hands-on7-2 VPN Configuration-L2TP/IPsec Network topology IP: 192.168.174.71/24 L2TP/IPsec Client VPN Tunnel WAN1 DHCP • Note: • L2TP/IPsec must use transport mode • Choose correct local net and remote net for IPsec tunnel • Choose correct inner IP address and Outer Interface filter for L2TP tunnel DFL-1600
Objectives The user dial-up to firewall by Windows L2TP/IPsec client software Dial-up user communicate with LAN1 of firewall The logic of configuration Create objects for L2TP server IP address and IP address range Create Authenticating database Configure IPsec tunnel Configure L2TP server Create the IP rule for L2TP tunnel Scenario & Hands-on7-2 VPN Configuration-IPsec
Scenario & Hands-on7-2 VPN Configuration-L2TP/IPsec 1 2 3 4 5 6 7 8 9 10 11 Create objects for L2TP server IP address and IP address range Click “Address” in Objects Key in the correspond IP address
Scenario & Hands-on7-2 VPN Configuration-L2TP/IPsec 1 2 3 4 5 6 7 8 9 10 11 Create Local Database for L2TP authentication Click “Local User Databases ” in User Authentication Key in correct Username and Password
Scenario & Hands-on7-2 VPN Configuration-L2TP/IPsec 1 2 3 4 5 6 7 8 9 10 11 Create the pre-shared key for L2TP Click “Pre-Share Keys ” in VPN Objects Key in the correspond value
Scenario & Hands-on7-2 VPN Configuration-L2TP/IPsec 1 2 3 4 5 6 7 8 9 10 11 Create the IPsec tunnel Click “IPsec Tunnels” in Interface Choose correspond configuration
Scenario & Hands-on7-2 VPN Configuration-L2TP/IPsec 1 2 3 4 5 6 7 8 9 10 11 Verify the IPsec tunnel Click “Authentication” in this IPsec tunnel Apply pre-shared key to this IPsec tunnel
Scenario & Hands-on7-2 VPN Configuration-L2TP/IPsec 1 2 3 4 5 6 7 8 9 10 11 Verify the IPsec tunnel Click “Routing” in this IPsec tunnel Enable “Dynamically add routes to remote network when a tunnel is established “in this IPsec tunnel
Scenario & Hands-on7-2 VPN Configuration-L2TP/IPsec 1 2 3 4 5 6 7 8 9 10 11 Verify the IPsec tunnel Click “Advanced” in this IPsec tunnel Disable “Add route for remote network “in this IPsec tunnel
Scenario & Hands-on7-2 VPN Configuration-L2TP/IPsec 1 2 3 4 5 6 7 8 9 10 11 Create the L2TP tunnel Click “PPTP/L2TP Servers ” in Interface Choose correspond configuration
Scenario & Hands-on7-2 VPN Configuration-L2TP/IPsec 1 2 3 4 5 6 7 8 9 10 11 Create User Authentication Rules for L2TP tunnel Click “User Authentication Rules ” in User Authentication Choose correspond configuration Enable Log setting and choose local user database
Scenario & Hands-on7-2 VPN Configuration-L2TP/IPsec 1 2 3 4 5 6 7 8 9 10 11 Create IP Rules for L2TP tunnel Click “IP Rules” in Rules Choose correspond configuration Enable Log setting
Scenario & Hands-on7-2 VPN Configuration-L2TP/IPsec 1 2 3 4 5 6 7 8 9 10 11 • After all configuration , Click “configuration” on main menu bar • Click “Save and Activate”
Scenario & Hands-on7-2 VPN Configuration-L2TP/IPsec Testing Result
Internal LAN1 IP: 192.168.1.0/24 Internal LAN2 IP: 192.168.2.0/24 Internal LAN3 IP: 192.168.3.0/24 Scenario & Hands-on7-2 Exercise 7-2- VPN Configuration-L2TP/IPsec L2TP/IPsec Client VPN Tunnel WAN1 DHCP IP Objectives: The user dial-up to firewall by Windows L2TP/IPsec client software Ping the IP address of LAN in firewall DFL-1600
Scenario & Hands-on7-3 VPN Configuration- IPsec VPN Objects – Pre Shared Keys • For users to authenticate VPN tunnels • 2 types of method to enter PSK – ASCII and HEX • ASCII – type in passphrase • HEX – type in passphrase and use “generate” to cipher passphrase
Scenario & Hands-on7-3 VPN Configuration- IPsec VPN Objects – LDAP • For secured authentication to established over VPN, CA need to be downloaded to LDAP Server
Scenario & Hands-on7-3 VPN Configuration- IPsec ID Lists • The Concept of ID Lists is to manage and control accessibility of the VPN clients and gateways • Mobile clients can be restricted from accessing Internal networks by ID Lists
Scenario & Hands-on7-3 VPN Configuration- IPsec IKE/IPsec Algorithms • Predefined IKE & IPSec Algorithms by default • High – Very Secured • Medium – Secured • You can defined your own algorithms
Internal LAN1 IP: 192.168.1.0/24 Internal LAN2 IP: 192.168.2.0/24 Internal LAN3 IP: 192.168.3.0/24 Scenario & Hands-on7-3 VPN Configuration- IPsec Network topology DFL-1600 WAN1 IP: 192.168.174.71/24 Remote LAN Internal LAN IP: 192.168.10.0/24 VPN Tunnel WAN1 Static IP: 192.168.174.70/24 • Note: • Use same pre-share key and algorithm between two IPsec settings • Choose correct local net and remote net for IPsec tunnel DFL-1600
Objectives Two firewalls communicate to each other by IPsec tunnel . The client of local-net ping to the client of remote-net The logic of configuration Create VPN Object( pre-shared key) Configure IPsec tunnel Create the IP rule for IPsec tunnel Scenario & Hands-on7-3 VPN Configuration-IPsec
Scenario & Hands-on7-3 VPN Configuration- IPsec 1 2 3 4 5 6 Create objects for IP address of remote IP address and network Click “Address” in Objects Key in the correspond IP address
Scenario & Hands-on7-3 VPN Configuration- IPsec 1 2 3 4 5 6 Create the pre-shared key for IPsec tunnel Click “Pre-Share Keys ” in VPN Objects Key in the correct value
Scenario & Hands-on7-3 VPN Configuration- IPsec 1 2 3 4 5 6 Create the IPsec tunnel Click “IPsec Tunnels” in Interface Choose the correspond configuration
Scenario & Hands-on7-3 VPN Configuration- IPsec 1 2 3 4 5 6 Combine two interfaces to one interface group Click “Interface Groups” in this Interface Choose the correspond interfaces
Scenario & Hands-on7-3 VPN Configuration- IPsec 1 2 3 4 5 6 Create IP Rules for L2TP tunnel Click “IP Rules” in Rules Choose correspond configuration Enable Log setting
Scenario & Hands-on7-3 VPN Configuration- IPsec 1 2 3 4 5 6 • After all configuration , Click “configuration” on main menu bar • Click “Save and Activate”
Internal LAN1 Scenario & Hands-on7-3 Exercise 7-3- VPN Configuration-IPsec Odd group DFL-1600 Remote LAN Internal LAN VPN Tunnel Even group DFL-1600 Objectives: Two firewalls communicate to each other by IPsec tunnel The client of local-net ping to the client of remote-net
Internal LAN1 IP: 192.168.1.0/24 Internal LAN2 IP: 192.168.2.0/24 Internal LAN3 IP: 192.168.3.0/24 Scenario & Hands-on7-4 VPN Configuration- IPsec with NetScreen 204 Network topology NetScreen 204 WAN1 IP: 192.168.174.71/24 Remote LAN Internal LAN IP: 192.168.10.0/24 VPN Tunnel WAN1 Static IP: 192.168.174.70/24 • Note: • Use same pre-share key and algorithm between two DFL-1600 and NS-204 • Choose correct local net and remote net for IPsec tunnel DFL-1600
Objectives Two firewalls communicate to each other by IPsec tunnel . The client of local-net ping to the client of remote-net The logic of configuration Create VPN Object( pre-shared key, remote net/gateway and algorithm ) Configure IPsec tunnel Create the IP rule for IPsec tunnel Scenario & Hands-on7-4 VPN Configuration- NetScreen 204