This article uses VPN technology to achieve interconnection between two parts of the network, simulate ISP, close to practicality, the article mainly shows us the specific operation steps, mainly the input of basic commands.
In this experiment, we use the Cisco 2600 router and VPN technology to achieve the network interconnection between one branch and two parts. To stay close to practicality, we still use
Experimental environment:
(1) The company all game servers, only allow an extranet IP to access, need to maintain the server, must first dial to the designated extranet IP.
(2) The company and headquarters communications are to take the VPN channel, the company's internal IP and VPN devices are different network segments, need to be under the VPN device to conn
Recently in the company to use the TMG platform in the country to build a number of new VPN servers for staff mobile operators and engineers to carry out some server operation, but how to more humane to let employees and engineers save cumbersome VPN configuration?
Idle to ponder, in fact, our operating system itself has provided such a
Graphical configuration of using cisco ipsec vpn by subway in ubuntu 13.04By default, ubuntu only provides pptp vpn connection configuration. To use a cisco ipsec vpn, you must first install vpnc. If you are not familiar with the command line, you need to solve this problem
where to place the super nodes. Let's say you put it on the XYW port of the host a.b.c.d.
Decide which password encryption is used to secure the data. Suppose you use the password encryptme.
Decide which network name you want to use. Suppose you name it mynetwork. Note that you can use a Super node/edge node to handle multiple networks, not just one.
Decide what IP address to use on the Edge node. Let's say you use 10.1.2.0/24.
Start Application:
Configuring the Super Node
The code is as
LinuxLowerVPNClient (p t p) Configuration
Linux: Kernel kernel-2.6.9-42.EL
You can go to the site: http: // pptpclient.sourceforge.net/
Required software:
Kernel-devel-2.6.9-42.EL (built-in system)
Dkms-2.0.10-2.fc5.noarch.rpm
Dernel_ppp_mppe-0.0.5-2dkms.noarch.rpm
The above three files are usually installed when you set up the Linux VPN Server. You can run the # rpm-Q command to view them.
(Example: # rpm
Steps:
1. Log On As the domain administrator. Win2003server configuration.
1. log on to the console and connect to start à Administrative Tools à Routing and Remote Access --> server (computer name) right-click an electric shock-> click "configure and enable Routing and Remote Access" à next à at "configuration" Page choose "remote access server (dia-up and VPN)
Application Introduction
L2TP VPN PC to site mode can provide terminal access to the security tunnel of the Headquarters network. If you are on a business trip, you can connect to the Internet, use the terminal's own VPN client dial-up connection, and establish a secure tunnel for data transmission.
This article describes how to build a L2TP VPN
primary configuration file needs to set the VPN server's local address and the address segment assigned to the client, so just manually appending the localip and REMOTEIP two lines in the main configuration file even if the configuration task is complete. The account file holds the authentication information required
Network Configuration:/Etc/sysconfig/networkNETWORKING = yesNETWORKING_IPV6 = yesHOSTNAME = localhost. localdomainGATEWAY = 192.168.5.1
/Etc/sysconfig/network-scripts/ifcfg-eth0# Advanced Micro Devices [AMD] 79c970 [PCnet32 LANCE]DEVICE = eth0 // used to set the name of the Network InterfaceBOOTPROTO = static // set whether the network interface is configured as static or dhcp;BROADCAST = 192.168.5.255HWADDR = 00: 0C: 29: D1: 42: 3FIPADDR = 192.168.5.
IPSec security policies for both devices.
10.IPSEC security Policy applied on the wrong interface
Execute commands on ngfw_a and ngfw_b on the display IPSec policy [brief | name Policy-name [seq-number | extend-acl]] to see if IPSec security policy is applied on the correct interface.
11.SA Timeout configured too small
If the user disconnects frequently, the reason may be that the IKE SA time-out is configured too small. The IKE SA timeout period defaults to 86,400 s
value is 86400, which is the day. It is worth noting that routers at both ends have to set the same SA cycle, or the VPN will arrive in a shorter SA cycle after the normal initialization.
Shelby (config) #crypto ISAKMP key noip4u address 200.20.25.1
Note: Returns to the global setting mode to determine the preshared key to use and the IP address of the destination router IP address that is the other end of the
First, install VPN service
The code is as follows
Copy Code
sudo apt-get install pptpd
Second, the next configuration pptpd service
There are three main configuration files
The code is as follows
Copy Code
/etc/pptpd.conf/etc/ppp/pptpd-options/etc/ppp/chap-secrets
Let's change the pptp
Step 1 of Cisco ASA firewall VPN configuration: Create an address pool. To remotely access the client, you need to assign an IP address during logon. Therefore, we also need to create a DHCP address pool for these clients. However, if you have a DHCP server, you can also use a DHCP server. QUANMA-T (config) # ip local pool vpnpool 192.168.10.100-192.168.10.199 mask 255.255.255.0 Step 2: Create IKE Phase 1.
NC Configuration StepsStep two, System Setup-upgrade versionImport SSL user authorization license, enable moduleStep three, configure enable interfaceConfigure interface mode and addressFourth step, configure routingConfigure default routesSixth step, add virtual PortalConfigure virtual portal Basic information interface, service portSeventh step, add user groupCreate a user groupAdd a user under a user groupSet user name, passwordEighth step, add NC
Summary of configuration formats of dynamic routing (ripV2, ospf, VPN, bgp, IS-IS)1. r12002router rip enable rip Protocol no atuo-summary disable automatic summary of version 2 2 network x mask x declaring the network segment (the subnet mask is a positive mask, mask can be disabled. 2. Enable the ospf protocol for ospfrouter ospf x, and add the Process Code router-id x to specify the router-id (the address
Vpn pptp configuration, vpnpptpInstall
Yum install pptpdConfigure pptpd to modify/etc/pptpd. conf settings
Localip 192.168.00001remoteip 192.168.0000234-238,192.168 .0000245
The network segment does not conflict with the local network.Modify/etc/ppp/chap-secrets to configure user name Permissions
# Secrets for authentication using CHAP # client server secret IP addresses aca * jj1 password[Optional] Mod
The 1,ipsec VPN application is more and more extensive, the following configuration instance is to the single headquarters multiple branch organization actual application
According to the configuration of this article, we can achieve the maximum VPN connectivity through the minimum number of
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.