• No results found

Implementation of secure network solutions for Project Area

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Implementation of secure network solutions for Project Area"

Copied!
59
0
0

Loading.... (view fulltext now)

Download now ( 59 Page )

Full text

(1)
(2)
(3)
(4)
(5)
(6)
(7)
(8)
(9)
(10)
(11)
(12)

# The startup file of VPC

############################################### # VPC1: ipv4, static, Project Area - vlan10

# VPC2: ipv4, static, Project Area - vlan20 # VPC3: ipv4, static, Office Network 1 ip 10.100.10.10 10.100.10.1 24 2 ip 10.100.20.10 10.100.20.1 24 3 ip 172.5.1.10 172.5.1.1 24 ############################################### # Test connection # VPC1: ping to gateway (10.100.10.1) # VPC2: ping to gateway (10.100.20.1) # VPC3: ping to gateway (172.5.1.1) 1 ping 10.100.10.1 2 ping 10.100.20.1 3 ping 172.5.1.1 ###############################################

(13)
(14)
(15)
(16)

(17)

(18)

(19)
(20)
(21)

Device Interface IP address Subnet mask Connected to R1 Fa0/0 - - SW1 – Port 1 Fa0/0.10 10.100.10.1 255.255.255.0 SW1 – Port 1 Fa0/0.20 10.100.20.1 255.255.255.0 SW1 – Port 1 Fa0/1 192.168.100.2 255.255.255.0 R4 – Fa0/0 R2 Fa0/0 - - SW1 – Port 2 Fa0/0.10 10.100.10.250 255.255.255.0 SW1 – Port 2 Fa0/0.20 10.100.20.250 255.255.255.0 SW1 – Port 2 Fa0/1 192.168.200.1 255.255.255.252 R3 – Fa0/0 R3 Fa0/0 192.168.200.1 255.255.255.252 R2 – Fa0/1 Fa0/1 192.168.250.1 255.255.255.0 ASA – e0/0 R4 Fa0/0 192.168.100.1 255.255.255.0 R1 – Fa0/1 Fa0/1 172.5.1.1 255.255.255.0 SW2 – Port 1 ASA5510 E0/0 192.168.250.2 255.255.255.0 R3 – Fa0/1

(22)

(config)# ip route vrf lan10 172.5.1.0 255.255.255.0 192.168.100.1 global (config)# ip route vrf lan20 172.5.1.0 255.255.255.0 192.168.100.1 global

(23)

(config)# ip nat inside source static 10.100.10.10 192.168.100.100 vrf lan10 extendable

(config)# ip nat inside source static 10.100.20.10 192.168.100.200 vrf lan20 extendable

#pkts encaps: 5, #pkts encrypt: 5, #pkts digest: 5 #pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0

(24)
(25)

crypto isakmp client configuration group EZVPN-GRP10 key Vasteras0 pool EZVPN-POOL acl EZVPN-SPLIT-ACL netmask 255.255.255.0 !

crypto isakmp profile CUST10-IKE-PROF match identity group EZVPN-GRP10 client authentication list AUTH-EZVPN isakmp authorization list AUTHOR-EZVPN client configuration address respond client configuration group EZVPN-GRP10 virtual-template 10

!

crypto IPsec profile CUST10-IPSEC-PROF set transform-set EZVPN-TS

set isakmp-profile CUST10-IKE-PROF !

interface Virtual-Template10 type tunnel ip vrf forwarding lan10

ip unnumbered FastEthernet0/1 tunnel mode IPsec ipv4

(26)

crypto isakmp client configuration group EZVPN-GRP10 key Vasteras0

acl EZVPN-SPLIT-ACL !

crypto isakmp profile CUST10-IKE-PROF vrf lan10

match identity group EZVPN-GRP10 client authentication list AUTH-EZVPN isakmp authorization list AUTHOR-EZVPN client configuration address respond client configuration group EZVPN-GRP10 !

crypto dynamic-map EZVPN-DMAP 10 set transform-set EZVPN-TS

set isakmp-profile CUST10-IKE-PROF !

crypto map EZVPN-CMAP 20 IPsec-isakmp dynamic EZVPN-DMAP !

interface FastEthernet0/1 crypto map EZVPN-CMAP

(27)

(config)# username <username> privilege 15 password <password> (config)# aaa new-model

(config)# aaa authentication login <group name> group radius local (config)# aaa authorization exec <group name> group radius local (config)# ip radius source-interface <interface>

(28)
(29)
(30)
(31)

sa”-http://www.ventyx.com/en/company

http://en.wikipedia.org/wiki/Virtualization

http://www.gns3.net/hardware-emulated/

http://wiki.freecode.com.cn/doku.php?id=wiki:vpcs

http://www.gns3.net/

http://www.gns3.net/switching/

http://packetlife.net/blog/2009/apr/30/intro-vrf-lite/

http://ciscodreamer.blogspot.se/2009/06/vrf-basics.html

http://en.wikipedia.org/wiki/Virtual_Routing_and_Forwarding

(32)

http://www.ipflow.utc.fr/index.php/Cisco_7200_Simulator

http://www.gns3.net/dynamips/

http://cisco.com/../small_business_firewall_software/index.html

https://en.wikipedia.org/wiki/Cisco_PIX#ASA

https://en.wikipedia.org/wiki/Network_address_translation

https://en.wikipedia.org/..#Dynamic_network_address_translation

http://www.howstuffworks.com/vpn.htm

http://computer.howstuffworks.com/vpn2.htm

http://en.wikipedia.org/wiki/VPN#Security_mechanisms

http://www.networkcomputing.com/../picking-the-right-vpn/

http://en.wikipedia.org/wiki/RADIUS

(33)

http://www.gns3.net/documentation/

http://www.cbtnuggets.com/../freevideo/csco_642_902_02.mp4

http://www.gns3.net/../gns3/adding-hosts-to-your-topologies/

http://www.howstuffworks.com/nat.htm

http://www.cisco.com/../iadnat-match-vrf.html

http://www.youtube.com/watch?v=bPIZwtt7ZYE

http://www.xerunetworks.com/2012/02/cisco-asa-84-on-gns3/

http://www.firewall.cx/../basic-asa-5505-configuration.html

http://www.cisco.com/../products_configuration_example.shtml

http://www.cisco.com/../configuration/guide/vpnrmote.html

https://www.m00nie.com/../cisco-ios-certificate-server/

(34)

http://www.networkingnut.net/radius-server-on-windows-2008/

(35)
(36)
(37)

(38)

(39)

(40)
(41)

http://www.cisco.com/.../technologies_tech_note..shtml

http://www.networksorcery.com/enp/rfc/rfc2401.txt

http://www.informationweek.com/ssl-vpn-basics/16700677

(42)
(43)

Masters thesis project:

Implementation of a secure network solutions for Project

Area

Ventyx – an ABB Company is seeking 1-2 students for the

following thesis project.

Short description

We need to secure our network communication both with

secure access and secure authentication for our projects in the

Project Area. Customer and internal demands force us to

separate network, authentication and access for our projects.

Project Directions

Develop a Plan for how to secure our network

communication both with secure access and secure

authentication for our projects in the Project Area.

Test and Implement an AD based solution regarding user

authentication

Test and Implement VRF/NAT/VLAN based infrastructure

Test and Implement Remote Access and Authentication

Test and Implement ASA Session Authentication

Prerequisites

The project is suitable for one/two masters students with

hardware and/or software orientation. Knowledge of Cisco

Network Equipment, Microsoft Active Directory and VMware

Virtual Environment.

Contact Person

Peter Dahlberg <

peter.dahlberg@ventyx.abb.com

>

(44)
(45)

(config)# username <username> privilege 15 password <password>

(config)# aaa new-model

(config)# aaa authentication login <group name> group radius local (config)# aaa authorization exec <group name> group radius local (config)# ip radius source-interface <interface>

(config)# radius-server host <ip address> key <password>

(config)# line con 0 (OPTIONAL)

authorization exec <group name> login authentication <group name> (config)# line vty 0 4

authorization exec <group name> login authentication <group name>

(46)
(47)
(48)
(49)
(50)
(51)
(52)
(53)
(54)
(55)
(56)
(57)
(58)
(59)

References

Download now ( PDF - 59 Page - 7.15 MB )

Related documents

Errata list for

“Identification of Stochastic Nonlinear Dynamical Models Using Estimating Functions”.. Mohamed Rasheed-Hilmy Abdalmoaty August

Mobile Client for SMART Reaction

When Audio is added under Media Elements list, selecting Audio will open Audio Recorder and provide options to Record, Playback and Delete.. It has limitation to record only for

Lazybones / tick‐off list for Degree project

Write the first draft of the final report and rewrite it based on feedback from the supervisor and possibly others.. Plan for the final presentation of

PUBLICATION LIST 2012 | *- unspecific research area

Boden R, Lundgren M, Brandt L, Reutfors J, Andersen M, Kieler H.. Boden R, Brandt L, Reutfors J, Andersen M,

PUBLICATION LIST 2015 | * - unspecific research area

All-cause mortality following a cancer diagnosis amongst multiple sclerosis patients: a Swedish population-based cohort study. European journal

PUBLICATION LIST 2009 | * - unspecific research area

The risk of venous thromboembolism associated with the use of tranexamic acid and other drugs used to treat menorrhagia: a case- control study using the General Practice Research

PUBLICATION LIST 2013 | * - unspecific research area

Reutfors J, Brandt L, Stephansson O, Kieler H, Andersen M, Boden R. Reutfors J, Brandt L, Kieler H, Andersen M,

PUBLICATION LIST 2010 | * - unspecific research area

Nationwide drug- dispensing data reveal important differences in adherence to drug label.. recommendations on CYP2D6-dependent