Page 100 of 139 FirstFirst ... 5090919293949596979899100101102103104105106107108109110 ... LastLast
Results 991 to 1,000 of 1384
  1. #991
    Service Manager 10,000+ Posts
    Need some advice on learning networking

    BillyCarpenter's Avatar
    Join Date
    Aug 2020
    Location
    Long Beach, Mississippi
    Posts
    13,375
    Rep Power
    448

    Re: Need some advice on learning networking

    In the next few days I will be setting up a lab in Packet Tracer where I will configure an IPSEC VPN tunnel that should allow me to establish connectivity from one remote site to another via the internet.


    Hopefully, I can get this down because I believe there's a need for this with small and medium sized businesses that can't afford an IT staff.
    Growth is found only in adversity.

  2. #992
    Service Manager 10,000+ Posts
    Need some advice on learning networking

    BillyCarpenter's Avatar
    Join Date
    Aug 2020
    Location
    Long Beach, Mississippi
    Posts
    13,375
    Rep Power
    448

    Re: Need some advice on learning networking

    I went ahead and did the lab. Everything worked fine. I don't have the command lines memorized nor do I care to. If I need to set this up in the field, the information is easy enough to find. You can also use the '?' (question mark) to help find the correct syntax.


    One quick point of emphasis: It really helps to understand the theory of VPN's and the general steps needed to ensure a secure connection.


    I used the same Cisco Router (Series 1941) for both of my edge routers. You can use different models. Or you can use a router on 1 network and a firewall on the other network. However, make sure they are capable of running the same version of IKE and the syntax will be slightly different for a router and firewall.


    Difficultly level? This is far from the hardest thing that I've had to do. I'd give it a difficultly level of about a 7. Maybe a 6.5.
    Growth is found only in adversity.

  3. #993
    Service Manager 10,000+ Posts
    Need some advice on learning networking

    BillyCarpenter's Avatar
    Join Date
    Aug 2020
    Location
    Long Beach, Mississippi
    Posts
    13,375
    Rep Power
    448

    Re: Need some advice on learning networking

    On the subject of site-to-site VPN's, when I originally set out to learn how to do it, I was talking about doing it via Windows Server, not a Cisco Router. I got sidetracked with my research which led me to learn it by way of a Cisco Router.



    However, my understanding is that you can do it with Windows Server and it works, in theory, about the same way. It uses IKE v.2 (Internet Key Exchange). I believe you must have a Windows Server at each location and the settings must be the same in terms of Encryption, IKE, ect.


    I could be wrong.
    Growth is found only in adversity.

  4. #994
    Service Manager 2,500+ Posts rthonpm's Avatar
    Join Date
    Aug 2007
    Location
    Pennsyltucky
    Posts
    2,790
    Rep Power
    108

    Re: Need some advice on learning networking

    You can set up a remote access connection using Windows Server, but the performance is usually better when using hardware closer to your network border.

    Sent from my BlackBerry using Tapatalk

  5. #995
    Service Manager 10,000+ Posts
    Need some advice on learning networking

    BillyCarpenter's Avatar
    Join Date
    Aug 2020
    Location
    Long Beach, Mississippi
    Posts
    13,375
    Rep Power
    448

    Re: Need some advice on learning networking

    Remember when I said I don't see how anyone can remember the command line syntax for setting up a VPN? Well, here's what it looks like:



    Router(config)#crypto isakmp policy 10
    Router(config-isakmp)# encryption aes 256
    Router(config-isakmp)# authentication pre-share
    Router(config-isakmp)# group 5
    Router(config-isakmp)#crypto isakmp key secretkey address 209.165.200.1
    Router(config)#crypto ipsec transform-set R1-R3 esp-aes 256 esp-sha-hmac
    Router(config)#crypto map IPSEC-MAP 10 ipsec-isakmp
    % NOTE: This new crypto map will remain disabled until a peer
    and a valid access list have been configured.
    Router(config-crypto-map)# set peer 209.165.200.1
    Router(config-crypto-map)# set pfs group5
    Router(config-crypto-map)# set security-association lifetime seconds 86400
    Router(config-crypto-map)# set transform-set R1-R3
    Router(config-crypto-map)# match address 100
    Router(config-crypto-map)#interface GigabitEthernet0/0
    Router(config-if)# crypto map IPSEC-MAP
    *Jan 3 07:16:26.785: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is ON
    Growth is found only in adversity.

  6. #996
    Service Manager 10,000+ Posts
    Need some advice on learning networking

    BillyCarpenter's Avatar
    Join Date
    Aug 2020
    Location
    Long Beach, Mississippi
    Posts
    13,375
    Rep Power
    448

    Re: Need some advice on learning networking

    Even though I set up an IPSEC VPN and it worked, it's been bugging me because there were some gaps in understanding each stage of the process. I've learned from past experience that I need to fill in those gaps or eventually it will come back to bite me in the ass.


    With that said, I set up another Packet Tracer Lab and created a IPSEC VPN tunnel but this time I analyzed all the packets as they moved thru Site 1 (home office), over the internet router and to the final destination site (remote office).


    In my previous posts, I explained how to set up an IPSEC VPN but there's a lot of steps that I left out because I wanted to keep it as simple as possible without getting down in the weeds. One of the steps I left out is that we must set a "default route" on each edge router. Keep in mind that the edge routers are set up for local routing on the network, so if you try to go out over the internet (public IP address) the router will simply drop the packet because it doesn't have that route in it's routing table. Obviously we can't enter the IP address for every website but what we can do is tell the edge router that if it receives an IP address that's not in it's routing table to send it to the Internet Provider Router. You do that by entering this default route: "ip route 0.0.0.0 0.0.0.0 192.168.1.254"


    There's also the matter of making sure that the Cisco Routers have the Security License enabled. If not, it won't work. I won't bore you with the details.


    This post is getting long so I'm wrap it with this.


    Leased lines aren't used that much anymore because they're expensive. With internet speeds so great today, most companies use a VPN. This is one of those things that will come in handy, IMO.

    Last but not least...it's fascinating how the Internet Router doesn't hage a clue that the packets are intended for a local network. Hence the name "tunnel"...it tunnels right past the ISP router.

    PS - It's also very cool the the sending router encrypts the data and sends a security key over to the receiving router. Without that key, the data is a bunch of unreadable mumbo-jumbo.
    Growth is found only in adversity.

  7. #997
    Service Manager 10,000+ Posts
    Need some advice on learning networking

    BillyCarpenter's Avatar
    Join Date
    Aug 2020
    Location
    Long Beach, Mississippi
    Posts
    13,375
    Rep Power
    448

    Re: Need some advice on learning networking

    You know how when we're learning networking and we read about these network concepts and sometimes we muddle through them but we don't fully understand the way we need to? But later when we're trying to do something (VPN), all of a sudden that concept becomes relevant and we decide that we need to dig a little deeper.

    That brings me to this concept: Default Gateway vs. Default Route

    Anyone know the difference between the 2 and when they are needed?


    Here's a hint.

    Ask yourself if the device (PC, router, ect.) is routing for itself or itself & others.

    Yes, a PC does route and it has a routing table. It may be a limited routing table but it does have one.

    Think of it like this. If a device is routing only for itself then it has a default gateway. If it's routing for itself & others, it uses routes.



    Anyone have anything to add?


    More on this in the next post.
    Growth is found only in adversity.

  8. #998
    Service Manager 10,000+ Posts
    Need some advice on learning networking

    BillyCarpenter's Avatar
    Join Date
    Aug 2020
    Location
    Long Beach, Mississippi
    Posts
    13,375
    Rep Power
    448

    Re: Need some advice on learning networking

    Finishing up my thoughts on Default Gateway vs. Default Route




    The endgame when setting up a network is that when we enter a website url/ip address in our web browser that it reaches it's destination.


    A PC has a limited routing table and as a result, it can't route past the street that it lives on. If it lives on street 192.168.1.0 then it can't route to street 192.168.2.0. In order to talk to another network, Mr. PC must use it's default gateway. If the router is configured correctly with a routing protocol like OSPF then it will reach it's destination.

    But what happens when an address comes in on the default gateway of a router and that address isn't in its routing table? It works very similar to a default gateway. A default gateway is really the gateway of last resort if you think about it. The PC forwards the packet to it's default gateway and just hope the router knows what to do with it.

    A default route works much the same. If the router receives an IP address and doesn't have it in it's routing table, we can set a default route that basically says: "If you don't have this route in your routing table, send it to the ISP router and see if it knows that address.


    That's it for now.
    Growth is found only in adversity.

  9. #999
    Service Manager 10,000+ Posts
    Need some advice on learning networking

    BillyCarpenter's Avatar
    Join Date
    Aug 2020
    Location
    Long Beach, Mississippi
    Posts
    13,375
    Rep Power
    448

    Re: Need some advice on learning networking

    PS - Default routes are used for more than sending packets to the ISP router but that's beyond the scope of what I'm trying to explain.
    Growth is found only in adversity.

  10. #1000
    Service Manager 10,000+ Posts
    Need some advice on learning networking

    BillyCarpenter's Avatar
    Join Date
    Aug 2020
    Location
    Long Beach, Mississippi
    Posts
    13,375
    Rep Power
    448

    Re: Need some advice on learning networking

    Here's a fun question. Try to answer without using google.


    Does a layer 2 switch have/need a default gateway? Why or why not?
    Growth is found only in adversity.

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Get the Android App
click or scan for the Copytechnet Mobile App

-= -= -= -= -=


IDrive Remote Backup

Lunarpages Internet Solutions

Advertise on Copytechnet

Your Link Here