S4 C6 Teleworker Services

Broadband Services
DSL //Khong bi chia se toc do
Cable //cap truyen hinh chia nho luu luong cho so luong nguoi su dung, can modem rieng de dieu che

DSL //cung 1 duong day co the tach ra 2 dich vu rieng la dien thoai va internet

microfiltter //tach duong day la lam 2

spliter //ho tro viec dieu che tach voice va dien thoai

Broadband Wireless

VPN Technology

Benefits
Cost savings //tan dung cs ha tang mang public
Security //cac goi tin khi ket noi giua cac site duoi tunnel se duoc cac giao thuc khac ma hoa
Scalability //he thong mang VPN de dang tuong thich voi bat ky mang broadband service nao

Types
Site-to-Site //tao tunnel ket noi tu site nay den site kia – ca 2 dau deu la server
Remote Access //nguoi tung tao tunnel ket noi toi trung tam

Characteristics of Secure VPNs
Data Conf //goi tin se duoc ma hoa dam bao tinh bi mat
Data Integrity //du lieu truyen duoc toan ven khong bi sua doi
Authentication //phai xac thuc moi khoi tao ket noi VPN duoc

VPN Tunneling //su dung cac giao thuc ma hoa du lieu
VPN Data Integrity //su dung ma hoa ham bam hoac chu ky so CA

IPsec Security Protocols //giao thuc thuong su dung trong VPN

two main IPsec framework protocols.
– Authentication Header (AH)
– Encapsulating Security Payload (ESP)

Cau hinh VPN

192.168.1.0 /24 PC1 – LAN 1 – R_HN - 11.0.0.0/30 - ISP - 12.0.0.0/30 - R_HCM – LAN 2 – PC2172.16.0.0/16
     |——– web cisco.com 100.100.100.0/24

HN

(config)#crypto isakmp  enable
(config)#crypto isakmp policy 10
(config-iaskmp)#authentication pre-share
(config-iaskmp)#encryption des
(config-iaskmp)#hash md5
(config-iaskmp)#group 2
(config-iaskmp)#lifetime 64000 //thoi gian ton tai cua VPN sau do se xac thuc lai

HN(config)#crypto isakmp key ccna address 12.0.0.2
HCM(config)#crypto isakmp key ccna address 11.0.0.2

HN(config)#access-list 100 permit ip 192.168.1.0 0.0.0.255 172.16.0.0 0.0.255.255 //dung de VPN
HN(config)#access-list 101 deny ip 192.168.1.0 0.0.0.255 172.16.0.0 0.0.255.255 //dung de NAT
HN(config)#access-list 101 permit ip any any
HN(config)#ip nat inside source list 101 interface s0/0/0 overload

HCM(config)#access-list 100 permit ip 172.16.0.0 0.0.255.255 192.168.1.0 0.0.0.255

HN(config)#crypto ipsec transform-set HNSET esp-des
HN(config)#crypto map HNMAP 10 ipsec-isakmp
HN(config-crypto-map)#match address 100
HN(config-crypto-map)#set transform-set HNSET
HN(config-crypto-map)#set peer 12.0.0.2
HN(config-crypto-map)#set pfs group2

HN(config)#interface s0/0/0
HN(config-int)crypto map HNMAP

HCM()#crypto ipsec transform-set HCMSET esp-des

#show crypto isakmp sa