Thursday, 14 November 2013

Completed GNS3 VPN configuration taken base on CCNA Real World

Just finish configuring on GNS3 the Branch and Corp Office base on CCNA Real World by Jeremy Ciora.
This is pretty exciting configuration especially the VPN side. I have learn a lot from this setup and was able to compare and see both world with how SSH work on tunnelling (reverse SSH) and how to encrypt the data inside. I try to capture the data using Wireshare and there's now way the raw data can be read by Wireshark because of security VPN has.



I attach the configuration to those who want to play with this setup. I will post more info with this setup soon. You can easily delete the configuration leaving the IP address and try to setup and play your own configuration with this one.

CCNA RW - VPN Configuration

https://drive.google.com/file/d/0BytRvbr4MAWkeGVjVWRSM1lYVzQ/edit?usp=sharing

Before running the topology.net setup download from here. We need to setup the MS Loopback.

The Cloud is configured thru the microsoft loopback configuration



It was called KM-Test loopback on Win 7 and Win 8.


After adding the Loopback. Make sure you reboot the computer for loopback to function.


Rename the new Ethernet to Loopback for proper naming and configuration.

Share with WIFI internet with the Loopback.

the IP is automatically added with IP address 192.168.137.1 This will be your gateway to the Internet.

Now you can open the GNS3 Setup file download from here.


Configure the correct NIO setting for Loopback Cloud


Click add and nio_gen_eth is added. Please take note the correct number where the loopback assign (ie 36bXXXX).

Click Ok and do the same procedure with Cloud C1 also.

In order for the loopback to perform perfectly, you need to turn-off your firewall. 
In my experience I have Private Firewall application running and for quite sometime I cannot ping the Internet
like 4.2.2.2. Then I was stuck on this set-up for few days. Im using Win 8 on My Acer W710 Tablet.
Im thinking it was Windows related problem then I was thinking to downgrade to Win XP or Win 7. 
I even install Virtual Box and VMWare Player just to install downgraded XP to isolate the problem and it was running well on Virtual box via XP. 
But then a lot of running program, Virtual Box, XP and 9 Routers on GNS3 take some toll on my just 4GB RAM tablet and most of the time two router will not power-up and lots of crazy stuff running when console are open. Finally after so many isolation case, I find out this is related to Firewall. Argggg!


Note: If you find my post violating any copyrights. Please let me know and I will remove the post. Thanks!
Posted by at 1 comment:

Saturday, 2 November 2013

Playing with Cisco C1841 with GSM and AP card

I got some time to play with my Cisco 1841 router. I buy some card from www.anthonypanda.com.

And bought the following cards:
HWIC-3G-GSM
HWIC-AP-AG


After I got the card, I was so excited to have my toy. Out of excitement and rush to install the sim, while unscrewing the sim card lock mechanism of the HWIC-3G-GSM using just a multi tool (like a swiss knife), I accidentally rub the tool with the external component of the HWIC-3G-GSM card wiping 7 components :-( (resistor, capacitor and Inductor). Wasted one card because I dont know what the value of the component attach. I waited another one month to have another HWIC-3G-GSM card and spend another few hundred bucks. Then I notice the wifi cards doesn't come with two antenna. So I buy another GSM card and two antenna for HWIC-AP card.

After a month I received new GSM cards and antenna for AP. I install with great care the sim and power on the router. I notice that it cannot detect with GSM card. I was using IOS "flash:c1841-advsecurityk9-mz.124-9.t.bin" on my router. After some googl search, I learn that the router need at least Version 12.4-15 "flash:c1841-advipservicesk9-mz.124-15.T5.bin" firmware. So I transfer via TFTP a firmware that can work with the router while check the correct RAM and IOS disk size on the existing 32MB Compact flash card installed. I notice that even I install ISO with higher RAM requirement on router, it can still able to run without crashing. I think it depends later on how busy the router traffic later on.

I got this info using show inventory:

Then right now, the CF is already upgrade so I can store larger IOS on 512 MB card.
---------------------------------------------------------------------------------------------------------

Cisco IOS Software, 1841 Software (C1841-ADVIPSERVICESK9-M), Version 12.4(15)T5, RELEASE SOFTWARE (fc4)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2008 by Cisco Systems, Inc.
Compiled Wed 30-Apr-08 12:44 by prod_rel_team

ROM: System Bootstrap, Version 12.3(8r)T9, RELEASE SOFTWARE (fc1)

RR uptime is 4 hours, 15 minutes
System returned to ROM by power-on
System image file is "flash:c1841-advipservicesk9-mz.124-15.T5.bin"


This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

Cisco 1841 (revision 6.0) with 116736K/14336K bytes of memory.
Processor board ID FHK111218U9
2 FastEthernet interfaces
1 terminal line
1 Virtual Private Network (VPN) Module
1 802.11 Radio
1 Cellular interface
DRAM configuration is 64 bits wide with parity disabled.
191K bytes of NVRAM.
500976K bytes of ATA CompactFlash (Read/Write)

Configuration register is 0x2102
----------------------------------------------------------------------------------------------------

So I got this setup:
HWIC-GSM  - on ip nat outside configuration
HWIC-AP  - on ip nat inside configuration
FastEthernet0/0 -on ip nat inside setup
FastEthernet0/0 -on ip nat ouside setup

I put another router on interface F0/0 that was configure as the outside internet configuration using Prolink WNR1004C (that was configure as WIFI client) connecting to our central wifi router (Weird configuration isn't it?) I use this configuration so I dont need to wire to the main router. Then the HWIC-GSM is more of a back-up internet setup.

In this setup, the SSID broadcast is hidden so you will not easily hack my WIFI. :)
RR#conf t
RR(config)#dot11 ssid RR
RR(config-ssid)#guest-mode

Find below a working setup. There are some extra command which I was not able to refine because some setup, i was using the WEB GUI of the router.

Im currently reading O'Reilly Virtual Private Network and what keep me interested is how to use this router as L2TP VPN server for my IPAD. What do you think? I will try and will publish it later.

Forgive me if you see a lot of typo or possible wrong grammar. I got somehow on the spot typing without review.

CIAO! :)



RR#show run
Building configuration...

Current configuration : 3783 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
service internal
!
hostname RR
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$4R/k$3a39138Dgh8n79qwOAcCU1
!
no aaa new-model
dot11 syslog
!
dot11 ssid RR
   authentication open
   authentication key-management wpa
   infrastructure-ssid
   wpa-psk ascii 7 03550958525A771B1650495445
!
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.0.1 192.168.0.9
ip dhcp excluded-address 192.168.0.1
ip dhcp excluded-address 10.1.12.1
!
ip dhcp pool dhcppool
   import all
   network 192.168.2.0 255.255.255.0
   default-router 192.168.2.254
   dns-server 4.2.2.2 192.168.2.254 192.168.1.1
   domain-name rr
   update arp
!
ip dhcp pool LOCAL_LAN
   import all
   network 192.168.3.0 255.255.255.0
   default-router 192.168.3.254
   domain-name wr
   dns-server 192.168.3.254 4.2.2.2 8.8.8.8
   update arp
!
!
ip domain name rojosquared.com
ip name-server 4.2.2.2
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
ip dhcp-server 192.168.1.1
!
multilink bundle-name authenticated
chat-script gsm "" "ATDT*99#" TIMEOUT 60 "CONNECT"
!
!
!
!
username rr secret 5 $1$O/1B$qlKY52icvTFOdheiGN5NW/
archive
 log config
  hidekeys
!
!
!
!
ip ssh version 2
!
!
!
interface FastEthernet0/0
 description LAN
 ip address 192.168.3.254 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 speed 100
 full-duplex
!
interface FastEthernet0/1
 ip address 192.168.1.2 255.255.255.0
 ip nat outside
 ip virtual-reassembly
 speed 100
 full-duplex
!
interface Cellular0/0/0
 description Internet
 ip address negotiated
 ip virtual-reassembly
 encapsulation ppp
 dialer in-band
 dialer string gsm
 dialer-group 1
 async mode interactive
 ppp chap hostname Cisco
 ppp chap password 7 14141B180F0B
 ppp ipcp dns request
 ppp ipcp route default
!
interface Dot11Radio0/1/0
 description WIFI
 ip address 192.168.2.254 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat inside
 ip virtual-reassembly
 !
 encryption mode ciphers aes-ccm tkip
 !
 ssid RR
 !
 speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0                   54.0
 station-role root
!
router rip
 version 2
 network 192.168.0.0
 network 192.168.1.0
 network 192.168.2.0
 network 192.168.3.0
 no auto-summary
!
ip default-gateway 192.168.1.2
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 192.168.1.1
!
!
ip http server
no ip http secure-server
ip nat inside source list 2 interface Cellular0/0/0 overload
ip nat inside source list 3 interface FastEthernet0/1 overload
!
ip access-list standard AP_ADDRESSES
 remark SDM_ACL Category=16
 permit 192.168.2.0 0.0.0.255
ip access-list standard NAT_ADDRESSES
 remark SDM_ACL Category=16
 permit 192.168.2.0 0.0.0.255
 permit 192.168.3.0 0.0.0.255
!
access-list 1 remark For Dialer
access-list 1 permit any
access-list 2 remark NAT ACL - Internal LAN Ranges
access-list 2 permit 192.168.2.0 0.0.0.255
access-list 3 remark SDM_ACL Category=2
access-list 3 permit 192.168.3.0 0.0.0.255
access-list 3 permit 192.168.2.0 0.0.0.255
dialer-list 1 protocol ip list 1
!
!
!
!
!
!
control-plane
!
!
alias exec s show ip int brief
alias exec sr show run
alias exec ss show start
alias exec snat show ip nat translation
alias exec snati show ip nat translation | include icmp
!
line con 0
 exec-timeout 0 0
 password 7 045802150C2E0C
 logging synchronous
 login
line aux 0
 password 7 110A1016141D
 login
line 0/0/0
 exec-timeout 0 0
 password 7 070C285F4D06
 script dialer gsm
 login
 modem InOut
 no exec
 speed 384000
line vty 0 3
 password 7 104D000A0618
 logging synchronous
 login
line vty 4
 exec-timeout 60 0
 password 7 073F70421E10091607
 logging synchronous
 login
!
scheduler allocate 20000 1000
end


continued....

I got the GSM verified again if working and I need to add static route on Cellular network.
RR#config terminal
RR(config)#ip route 0.0.0.0 0.0.0.0 cellular 0/0/0

 Then create profile with APN for Singtel which is "internet" and a dummy singtel username/password

RR#cellular 0/0/0 gsm profile create 1 internet chap singtel singtel
Profile 1 will be created with the following values:
APN = internet
Authenticaton = CHAP
Username = singtel
Password = singtel
Are you sure? [confirm]
Profile 1 written to modem

Then to create traffic I ping 4.2.2.2 and show the Cellular interface...

RR#show interfaces cellular 0/0/0
Cellular0/0/0 is up, line protocol is up
  Hardware is HSDPA/UMTS/EDGE/GPRS-850/900/1800/1900/2100MHz
  Description: Internet
  Internet address is 119.234.163.146/32
  MTU 1500 bytes, BW 384 Kbit, DLY 100000 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation PPP, LCP Open
  Open: IPCP, loopback not set
  Keepalive not supported
  Time to interface disconnect: idle 00:01:59
  Last input 00:00:56, output 00:00:00, output hang never
  Last clearing of "show interface" counters never
  Input queue: 1/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: weighted fair
  Output queue: 0/1000/64/0 (size/max total/threshold/drops)
     Conversations  0/2/16 (active/max active/max total)
     Reserved Conversations 0/0 (allocated/max allocated)
     Available Bandwidth 288 kilobits/sec
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 3000 bits/sec, 8 packets/sec
     64 packets input, 1332 bytes, 0 no buffer
     Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
     584 packets output, 31540 bytes, 0 underruns
     0 output errors, 0 collisions, 10 interface resets
     0 output buffer failures, 0 output buffers swapped out
     0 carrier transitions
     DCD=up  DSR=up  DTR=up  RTS=up  CTS=up

Thats it... the router works fine using Cellular Interface connecting to the Internet.
_________________________________________________________________________________

Junjunred -SG / 20131102


Posted by at No comments:
Subscribe to: Posts (Atom)