Documente Academic
Documente Profesional
Documente Cultură
COMPUTER
NETWORK SYSTEMS
TABLE OF CONTENTS
LAB 3 .................................................................................................................................... 1
Remote Access System and vpn ....................................................................................... 1
3.
Objectives ............................................................................................................... 1
3.1
Installing and configuring RAS server .............................................................. 1
3.1.1 Installing RAS Server .................................................................................... 1
3.1.2 Configuring a direct serial connection ....................................................... 4
3.1.3 Installing and Configuring RAS client ....................................................... 5
3.1.4 Dialup to the server ....................................................................................... 6
3.1.5 Testing the RAS Installation ........................................................................ 7
3.2
Virtual Private Networks ............................................................................ 10
3.3
Experimental Setup ..................................................................................... 10
3.3.1 Configuring VPN Server ............................................................................ 11
3.3.2 Configuring VPN Client............................................................................. 14
3.4
Firewalls and VPN .............................................................................................. 19
3.4.1 Create a New Project .................................................................................. 19
3.4.2 Create and Configure the Network .......................................................... 19
3.4.3 Configure the Nodes ................................................................................... 20
3.4.4 Choose the Statistics.................................................................................... 21
3.5
The Firewall Scenario ......................................................................................... 22
3.6
The Firewall VPN Scenario .............................................................................. 23
3.6.1 Configuring the VPN .................................................................................. 24
3.6.2 Run the Simulation ...................................................................................... 25
3.6.3 View Results.................................................................................................. 26
3.7
References ............................................................................................................ 29
LAB 3
REMOTE ACCESS SYSTEM AND VPN
3. Objectives
Learn about Remote Access System
Configure RAS server and clients using Windows 2003
Learn about Virtual Private Networks
Configure VPN server and clients using Windows 2003
Configure a network which includes VPN with RAS
3.1
3.1.1
4. Select the name of the computer you are working on, which will appear under the Server
Status. Right-click and select Configure and enable Routing and Remote access
5. Routing and Remote access server setup wizard will appear. Click Next.
6. Configuration window will appear. Select Remote Access [Dialup or VPN]. Click
Next.
7. Select Dialup. Click Next.
8. Select any network card in Network Selection. Click Next. IP address assignment
window will appear.
9. Select From a specified range of addresses. Click Next.
10. Address range assignment window will appear. Click New.
11. Provide the address range as instructed by the instructor. Make sure this IP range doesnt
have the already assigned IP addresses of our lab like 192.168.243.1 to 192.168.243.10.
2
3.1.2
Double-click Phone and Modem Options, click the Modems tab, and then click New.
In the Install New Modem wizard, select the Don't detect my modem; I will select it
from a list check box, and then click Next.
In Models, click Communications cable between two computers, and then click Next.
3.1.3
1. The server and the client should be connected through COM1 port. This connection is
made using roll-over cable with DB9-to-RJ45 convertor.
2. Click StartControl PanelNetwork Connections.
3. An option appears in the name of the dialup server. Click this option.
4. Connect window appears. Enter the username and password for the server PC.
5. Click Connect.
6. Now that you are connected to the server.
3.1.5
1. After the client is connected to the server, the following entry appears in the server.
2. Type the ipconfig /all command on both the RAS server and the RAS client to find
out:
At the Server:
1. From where does the PPP adapter get its own IP address?
2. Why is it that the subnet mask of the PPP is 255.255.255.255?
At the Client:
IP address is assigned by the RAS server to the RAS client.
Hint: http://static_IP_address
http://hostname
http://RAS_client_IP_address
9. If two or more RAS clients are available during this lab experiment; use Internet
Explorer on one of the RAS clients to access the Web server on another RAS client.
10. What do you notice concerning the downloading speed between the two RAS clients?
3.2
communications. Most VPN implementations use the Internet as the public infrastructure and
a variety of specialized protocols to support private communications through the Internet.
VPN follows a client and server approach. VPN clients authenticate users, encrypt data, and
otherwise manage sessions with VPN servers utilizing a technique called tunneling.
VPN clients and VPN servers are typically used in these three scenarios:
1. Remote access client connections: to support remote access to an intranet,
2. LAN-to-LAN internetworking: to support connections between multiple intranets
within the same organization, and
3. Controlled access within an intranet: to join networks between two organizations,
forming an extranet.
The main benefit of a VPN is the lower cost needed to support this technology
compared to alternatives like traditional leased lines or remote access servers. VPN servers can
also connect directly to other VPN servers. A VPN server-to-server connection extends the
intranet or extranet to span multiple networks.
3.3
Experimental Setup
In this experiment, we are going to setup a network using three PCs. One PC (PC1) is
a RAS client, which dials to the RAS server (PC2). PC1 and PC2 are connected only using
COM1. PC3 is a VPN server that is connected to PC2 using the connection the switch. The
remote node (RAS client) wanting to log into the VPN site, calls into a local RAS server
connected to the public network. The VPN client establishes a connection to the VPN server
maintained at the other site. Once the connection has been established, the remote client can
10
communicate with the VPN site network just as securely over the public network as if it
resided on the internal LAN itself.
Note: For setting up RAS client and server, see the first part of the lab.
3.3.1
11
4. Select the name of the computer you are working on, which will appear under the
Server Status. Right-click and select Configure and enable Routing and Remote
access
5. Routing and Remote access server setup wizard will appear. Click Next.
6. Configuration window will appear. Select Remote Access [VPN]. Click Next.
7. Select Dialup. Click Next.
8. Select any network card in Network Selection. Click Next. IP address assignment
window will appear.
9. Select From a specified range of addresses. Click Next.
10. Address range assignment window will appear. Click New.
12
11. Provide the address range as instructed by the instructor. Make sure this IP range
doesnt have the already assigned IP addresses of our lab like 192.168.243.1 to
192.168.243.10.
12. Click OK. Click Next.
13. Managing multiple remote access servers window will appear. Click No, use routing
and remote access to authenticate connection requests.
14. Click Next. Click Finish.
13
16. The output of the ipconfig command should appear like the following.
17. Is it necessary to have more than one network card for VPN server? Justify.
18. If VPN server has two network cards, is it necessary that they both should belong to
different networks? Justify.
3.3.2
1. Right click the My Network Places icon and select Properties. This will bring you to the
Network Connections window that displays a list of your current network connections.
14
2. Double click the New Connection Wizard icon. You are faced with three options choose the second one, "Connect to the network at my workplace" and click Next.
Now choose the second option, "Virtual Private Network connection" and click Next.
3. Enter the name of the company or server you will be connecting to. Click Next.
4. Enter the host name or IP address of the VPN server. Hint: Entering the IP address is
recommended.
15
5. "Connection Availability" windows appear. "Anyone's use" will permit anyone who logs
onto the system to use the connection, whereas "My use only" will limit it's use to you
only. Choose My use only.
16
6. Click Next and Finish.Your new connection will be visible in the Network Connections
window.
7. Right click the new connection and select properties to open the properties window.
Here, you can configure, amongst others, the network settings and general options.
8. Select the Networking tab and in the "Type of VPN" drop down list, choose PPTP
VPN [Optional].
9. In the Options tab, you are able to configure dialing and redialing options on this page.
10. If you are using the same logon at your company network as you are for the VPN
server, then select the "Include Windows logon domain" check box.
11. Go to the security tab and verify that the screen looks like the one below.
12. If you select the General tab you can change the IP or Host Name of the VPN server
and select whether or not you want another connection to be established first before
initiating the VPN connection. For our experiment, we need to enable Dial another
connection first option with the dial-up connection we have setup towards the RAS
server [Refer RAS experiment].
17
13. Press OK to close the window and return to the network connections window. If you
double click your VPN connection the logon window will appear.
14. Enter your username and password and click Connect. After the authentication process
is complete, you will be logged on to the VPN Server and two computers will appear at
the bottom right hand corner of your screen (default).
18
15. The output of the ipconfig command should appear like the following.
Write about the route taken by the packet to go from the VPN client to the VPN
server.
3.4
customers who have different privileges. You will study how firewalls and VPNs can provide
security to the information in the servers while maintaining access for customers with the
appropriate privilege.
3.4.1
Start OPNET IT Guru Academic Edition Choose New from the File menu.
Select Project and click OK Name the project <your initials>_VPN, and the
scenario NoFirewall Click OK.
To remove the world background map, select the View menu Background Set
Border Map Select NONE from the drop-down menu Click OK.
3.4.2
7. Add the following objects, from the palette, to the project workspace (see figure below for
placement): Application Config, Profile Config, an ip32_cloud, one ppp_server, three
ethernet4_slip8_gtwy routers, and two ppp_wkstn hosts.
a. To add an object from a palette, click its icon in the object palette Move your
mouse to the workspace and click where you want to place the object Rightclick
to indicate you are done creating objects of this type.
b. Note: The ppp_server and ppp_wkstn support one underlying SLIP (Serial Line
Internet rotocol) connection at a selectable data rate. PPP DS1 connects two nodes
running IP. Its data rate is 1.544 Mbps.
8. Rename the objects you added and connect them using PPP_DS1 links, as shown below:
9. Save your project.
3.4.3
Note: Several example application configurations are available under the Default
setting. For example, "Web Browsing (Heavy HTTP1.1)" indicates a Web browsing
application performing heavy browsing using HTTP 1.1 protocol.
Right-click on the Profiles node Edit Attributes Assign Sample Profiles to the
Profile Configuration attribute Click OK.
20
Right-click on the Server node Edit Attributes Assign All to the Application:
Supported Services attribute Click OK.
Right-click on the Sales A node Select Similar Nodes (make sure that both Sales
A and Sales B are selected).
Right-click on the Sales A node Edit Attributes Check the Apply Changes to
Selected Objects check-box.
Click OK.
3.4.4
21
Right-click on the Sales B node and select Choose Individual Statistics from the pop-up
menu.
In the Choose Results dialog, check the following statistics:
Client DB Traffic Received (bytes/sec).
Client Http Traffic Received (bytes/sec).
Click OK and then save your project.
3.5
access applications such as Database Access, Email, and Web Browsing from the server (check
the Profile Configuration of the Profiles node). Assume that we need to protect the database
in the server from external access, including the sales people. One way to do that is to replace
Router C with a firewall as follows:
Select Duplicate Scenario from the Scenarios menu and name it Firewall Click OK.
In the new scenario, right-click on Router C Edit Attributes.
Assign ethernet2_slip8_firewall to the model attribute.
Expand the hierarchy of the Proxy Server Information attribute Expand the row 1,
which is for the Database application, hierarchy Assign No to the Proxy Server
Deployed attribute as shown:
Note: Proxy Server Information is a table defining the configuration of the proxy servers
on the firewall. Each row indicates whether a proxy server exists for a certain application
and the amount of additional delay that will be introduced to each forwarded packet of that
application by the proxy server.
22
3.6
access using a firewall router. Assume that we want to allow the people in the Sales A site to
have access to the databases in the server. Since the firewall filters all database-related traffic
regardless of the source of the traffic, we need to consider the VPN solution. A virtual tunnel
23
can be used by Sales A to send database requests to the server. The firewall will not filter the
traffic created by Sales A because the IP packets in the tunnel will be encapsulated inside an IP
datagram.
While you are in the Firewall scenario, select Duplicate Scenario from the Scenarios
menu and give it the name Firewall_VPN Click OK.
Remove the link between Router C and the Server.
Open the Object Palette dialog box by clicking
3.6.1
Expand the VPN Configuration hierarchy Set rows to 1 Expand row 0 hierarchy
Edit the value of Tunnel Source Name and write down Router A Edit the value of
Tunnel Destination Name and write down Router D.
24
Expand the Remote Client List hierarchy Set rows to 1 Expand row 0 hierarchy
Edit the value of Client Node Name and write down Sales A.
Click OK and then save your project.
3.6.2
Click OK to run the three simulations. Depending on the speed of your processor, this may
take several minutes to complete.
After the three simulation runs complete, one for each scenario, click Close Save your
project.
25
3.6.3
View Results
To view and analyze the results:
Press Show and the resulting graph should resemble the following one:
26
Create two graphs similar to the previous ones to depict the Traffic Received by the Client
Http for Sales A and Sales B.
27
3.7
References
29