*NIX

April 19, 2011, 1:11 p.m.
posted by whitehat

Scenario



Scenario

Figure illustrates the topology of a VPN between two SOHO environments. Here's the scenario:

  • The two sites need a VPN so that they can communicate with each other without the fear of eavesdropping.

  • The network administrators at both sites are aware that permanent site-to-site VPNs require fixed Internet IP addresses and have upgraded from their basic DHCP services originally provided by their ISPs. The sites' IP addressing schemes do not overlap.

  • Neither site wants to invest in a CA certificate service or infrastructure. The RSA key encryption methodology will be used for key exchange. (At the end of the chapter, I'll discuss an alternative Cisco-compatible method called alternately shared secret, pre-shared, or symmetric key.)

  • Site 1 uses a private network of 172.168.1.0 /24 and has a Linux VPN/firewall device default gateway with an external Internet IP address of 97.158.253.25.

  • Site 2 uses a private network of 10.0.0.0 /24 and has a Linux VPN/firewall device default gateway with an external Internet IP address of 6.25.232.1.

1. Openswan topolology diagram.

[View full size image]


     Python   SQL   Java   php   Perl 
     game development   web development   internet   *nix   graphics   hardware 
     telecommunications   C++ 
     Flash   Active Directory   Windows