Site-to-Site IPSec VPN Cisco-Juniper



 Scenario!


Here in this LAB we have seven routers. R1, R2 and R3 routers represents Branch Router. R1 is working here as the HQ router and R2 and R3 as the Branch Router. R1 and R2 routers are from Juniper Networks and R3 router is from Cisco Inc.
R4 router is working as an internet router.
Other routers (R5 to R7) are working here as an end device.
Task
  1. 1.      Configure Policy-based site-to-site VPN.
  2. 2.      Consider R4’s loopback address as internet route.
  3. 3.      R5 and R6 are configured as server so these servers should be reached from Branch Office too.
  4. 4.      Both Branch i.e. R2 and R3 should get internet from HQ i.e. R1
  5. 5.      In HQ router we have three zones named SERVER, INTERNET and INTRANET. SERVER Zones belongs to R5 and R6. INTERNET Zone belongs to R4 and INTRANET Zone belongs to the interface connected to the Switch.
  6. 6.      In Branch Router we only have two zones named LAN and INTRANET.
  7. 7.      Configure IP address as below
  8. a.      R1 to R4
                                                    i.     Network 10.0.14.0/24
1.      R1 IP : 10.0.14.1/24
2.      R4 IP : 10.0.14.4/24
b.      R1 to R5
                                                    i.     Network 192.168.1.0/24
1.      R1 IP : 192.168.1.1/24
2.      R5 IP : 192.168.1.10/24
c.      R1 to R6
                                                    i.     Network 192.168.10.0/24
1.      R1 IP : 192.168.10.1/24
2.      R6 IP : 192.168.10.10/24
d.      R1, R2, R3
                                                    i.     Network 10.0.123.0/24
1.      R1 IP : 10.0.123.1/24
2.      R2 IP : 10.0.123.2/24
3.      R3 IP : 10.0.123.3/24
e.      R2 to R7
                                                    i.     Network 192.168.2.0/24
1.      R2 IP : 192.168.2.1/24
2.      R7 IP : 192.168.2.20/24
f.       R3 Loopback (Configure as shown in the diagram) 





Comments

Post a Comment

Popular Posts Last 30 days

के हो साइबर सेक्युरिटि ? हाम्रा बैंक कति सुरक्षित ?

बिद्युतिय अथवा प्रविधिको माध्यमबाट प्रविधिमै निर्भर रहने सिस्टम्स, नेटर्वकस, प्रोग्राम्समा मानबिय त्रुटी/अज्ञानता/अचेतना अथवा प्रविधि भित्रको छिद्रको सहयाताले अनधिकृत रुपमा गरिने आक्रमणलाई साइबर अट्याक भन्न सकिन्छ । यसरी सिस्टम्स, नेटवर्कस र प्रोग्राममा हुन सक्ने आक्रमणबाट जोगाउन अपनाईने प्रविधि तथा मानविय चेतनालाई साईबर सेक्युरिटि भनिन्छ । प्रविधिको प्रयोगबाट हुन सक्ने आक्रमणलाई प्रविधिकै प्रयोग गरेर रोक्नु मात्र साईबर सेक्युरिटि होइन दोहो¥याएर पढ्नुहोस् प्रविधिको प्रयोगबाट हुन सक्ने आक्रमणलाई प्रविधिकै प्रयोग गरेर रोक्नु मात्र साईबर सेक्युरिटि होइन । यसले बिभिन्न उपकरण तथा पक्षबाट संकलन गरिएको लग तथा अलर्टको विश्लेषण गरी आवश्यक कदम चाल्न सक्ने क्षमतालाई समेत जनाउदछ र साईबर सेक्युरिटि शब्दले प्रविधिको प्रयोग गर्ने व्यक्तिको सूचना प्रविधि प्रयोग सम्बन्धि चेतना, ज्ञान, बोध आदी समेतलाई समेटदछ । साईबर अट्याक मूलत अनधिकृत रुपमा कुनै सिस्टम्स, नेटर्वकस र प्रोग्राम भित्र छिर्न, त्यहाँ रहेको डाटा परिवर्तन गर्न तथा भएको डाटालाई हटाउन बिगार्न तथा कुनै संस्थाले प्रदान गर्ने सेवा, सुविधा, सुचना...
Read more

Lets Play with BGP

Image
1. Configure IP Address as shown in the diagram 2. Configure Loopback Address as shown in the diagram 3. Configure AS number as shown in the diagram 4. Configure eBGP between AS 5. Configure OSPF in AS 1 6. Configure AS 1 in such a way so R1, R10 and R11 should be in the AS 64512 and R9, R12 and R13 should be in the AS 64534 Other AS should see only AS1 not Private AS Number when they receives routes Inside Sub-AS i.e. 64512 and 64534 full-mesh iBGP should be configured with the most scalable manner Hint (R1 and R9 should be Route-Reflector for the AS 64512 and 64534) Configure eBGP between R11 and R12 7. AS 2 have 192.168.120.0/24 network on his AS and Currently this network is propagating in BGP from AS 2. For some reason a part of that network (192.168.120.248/29) belongs to AS1 configure the needed router to achieve the goal with keeping this informaiton on mind. 8. By default AS1 is the shortest path to go to AS3 from AS2. Because of Bandwidth L...
Read more