Pages

Wednesday, 16 November 2016

Site to Site IPsec VPN

CCNP Route (300-101) Lab: Configuring Site to Site IPsec VPN



Scenario: Site to Site VPN connects 2 different offices network to each other securely (encrypted traffic). End users do not require a VPN client to connect. Traffic will be routed through the VPN gateways. Users in 10.1.1.0/24 network will be connected via Site to Site VPN to users in 172.16.1.0/24 network.

VPN Configuration Steps

1. ISAKMP Policy
- Specifies the initial VPN security details

2. IPsec Details
- Specifies how the IPsec packets will be encapsulated

3. Crypto ACL
- Specifies the traffic that will trigger the VPN to activate

4. VPN Tunnel Information
- Creates the crypto map that combies ISAKMP policy, IPsec transform set, VPN peer address, and crypto ACL

5. Apply the Crypto Map
- Identifies which interface is actively looking to create a VPN

Configuration:

R1
en
conf t
host R1
int s0/0/0
ip add 1.1.1.1 255.255.255.0
no shut
int fa0/0
ip add 10.1.1.1 255.255.255.0
no shut
exit
router eigrp 1
network 1.1.1.0 0.0.0.255
network 10.1.1.0 0.0.0.255
no auto-summary
exit

crypto isakmp policy 1
encryption aes
authentication pre-share
group 2
exit
crypto isakmp key cisco123 address 2.2.2.1
crypto ipsec transform-set HQ-VPN esp-3des esp-sha-hmac
access-list 110 permit ip 10.1.1.0 0.0.0.255 172.16.1.0 0.0.0.255
crypto map HQ-MAP 10 ipsec-isakmp
set transform-set HQ-VPN
set peer 2.2.2.1
match address 110
exit 
int s0/0/0
crypto map HQ-MAP
exit

R2
en
conf t
host R2
int s0/0/0
ip add 1.1.1.2 255.255.255.0
no shut
int s0/0/1
ip add 2.2.2.2 255.255.255.0
no shut
exit
router eigrp 1
network 1.1.1.0 0.0.0.255
network 2.2.2.0 0.0.0.255
no auto-summary
exit

R3
en
conf t
host R3
int s0/0/1
ip add 2.2.2.1 255.255.255.0
no shut
int fa0/0
ip add 172.16.1.1 255.255.255.0
no shut
exit
router eigrp 1
network 2.2.2.0 0.0.0.255
network 172.16.1.0 0.0.0.255
no auto-summary
exit

crypto isakmp policy 1
encryption aes
authentication pre-share
group 2
exit
crypto isakmp key cisco123 address 1.1.1.1
crypto ipsec transform-set HQ-VPN esp-3des esp-sha-hmac
access-list 110 permit ip 172.16.1.0 0.0.0.255 10.1.1.0 0.0.0.255
crypto map HQ-MAP 10 ipsec-isakmp
set transform-set HQ-VPN
set peer 1.1.1.1
match address 110
exit 
int s0/0/1
crypto map HQ-MAP
exit

Show Commands:
To check whether the tunnel was successfully established, you may use the following show commands:

show crypto isakmp sa
show crypto ipsec sa
show crypto session
show crypto map

Example:
R1#show crypto isakmp sa
IPv4 Crypto ISAKMP SA
dst             src             state          conn-id slot status
2.2.2.1         1.1.1.1         QM_IDLE           1070    0 ACTIVE


IPv6 Crypto ISAKMP SA


R1#

Note: You must have basic knowledge of CCNA or equivalent as this is the prerequisite for CCNP. This lab is using Packet Tracer with C2811 router. Only C2811 and C1841 router images in Packet Tracer supports VPN commands.

Monday, 14 November 2016

OSPF Multi Area Virtual Link

CCNP Route (300-101) Lab: Configuring OSPF Multi Area Virtual Link



Scenario: Virtual link is used when connecting the backbone (area 0) to non backbone area. Loopback IP address of R1 should be able to ping loopback IP address of R4, vice versa. R4 is not directly connected to area 0. Hence, a virtual link must be established between R3 and R4 in order for R1 and R4 to ping each other.

Syntax: area <number> virtual-link <neighbor router ID>

Configuration:

R1
en
conf t
host R1
int s0/0
ip add 200.1.1.1 255.255.255.252
no shut
int lo0
ip add 10.1.1.1 255.255.255.0
no shut
exit
router ospf 1
router-id 10.1.1.1
network 10.1.1.0 0.0.0.255 area 1
network 200.1.1.0 0.0.0.3 area 0
exit

R2
en
conf t
host R2
int s0/0
ip add 200.1.1.2 255.255.255.252
no shut
int s0/1
ip add 200.1.1.5 255.255.255.252
no shut
exit
router ospf 1
router-id 200.1.1.5
network 200.1.1.0 0.0.0.3 area 0
network 200.1.1.4 0.0.0.3 area 0
exit

R3
en
conf t
host R3
int s0/1
ip add 200.1.1.6 255.255.255.252
no shut
int fa0/0
ip add 100.1.1.1 255.255.255.0
no shut
int lo0
ip add 192.168.1.1 255.255.255.0
no shut
exit
router ospf 1
router-id 192.168.1.1
network 100.1.1.0 0.0.0.255 area 2
network 192.168.1.0 0.0.0.255 area 2
network 200.1.1.4 0.0.0.3 area 0
area 2 virtual-link 20.1.1.1
exit

R4
en
conf t
host R4
int fa0/0
ip add 100.1.1.2 255.255.255.0
no shut
int lo0
ip add 20.1.1.1 255.255.255.0
no shut
exit
router ospf 1
router-id 20.1.1.1
network 20.1.1.0 0.0.0.255 area 3
network 100.1.1.0 0.0.0.255 area 2
area 2 virtual-link 192.168.1.1
exit

Note: You must have basic knowledge of CCNA or equivalent as this is the prerequisite for CCNP. This lab is using GNS3 with C3745 router.

Saturday, 30 July 2016

How to Configure iPhone PPTP VPN Client

How to Configure iPhone PPTP VPN Client

ScenarioYou've already been provided with login credentials for your Office PPTP VPN server by your IT administrator.

SolutionFollow the step by step screen capture guide below to setup iPhone VPN Client. The steps are pretty much similar for other version of iOS phone.

1. Click on "Settings" icon

2. Click on "Not Connected >" under VPN

3. Click "Add VPN Configuration..." in VPN screen

4. Change type to "PPTP", Description to Office VPN Server, Enter Office VPN Server hostname/ IP address, VPN Accont Username, and click "Done". All these information can be obtained from your IT Administrator

5. Click "Save"

6. Make sure Office VPN Server is ticked and click Status "Not Conencted" to connect to Office VPN Server

7. Enter your username and your password. Click "OK" to connect to Office VPN Server

8. You have successfully connected to Office VPN Server. Should you encounter error here, contact your IT Administrator with the error message returned

Note: Variables that you should change is VPN Server hostname/ IP address, your own username, and your own password. All these information should have been given by your IT Administrator. Check with your Office's IT Department if you aren't sure about your login credentials.

How to Configure Android PPTP VPN on Samsung Galaxy Note 4

How to Configure Android PPTP VPN on Samsung Galaxy Note 4

ScenarioYou've already been provided with login credentials for your Office PPTP VPN server by your IT administrator.

SolutionFollow the step by step screen capture guide below to setup Android VPN Client. The steps are pretty much similar for other version of Android phone.

1. Open phone "Settings" screen

2. In phone "Settings" screen, click "More networks"

3. In "More networks" screen, click "VPN"

4. Click "+" icon to add a new VPN. Enter Office VPN Server hostname/ IP Address provided by your IT Administrator and click "Save"

5. Click on the Office VPN Server name to connect to it. Enter your username and your password to connect. If you face error on this part, contact your IT Administrator with the error message returned

Note: Variables that you should change is VPN Server hostname/ IP address, your own username, and your own password. All these information should have been given by your IT Administrator. Check with your Office's IT Department if you aren't sure about your login credentials.

How to Configure Windows PPTP VPN Client on Windows 10

How to Configure Windows PPTP VPN Client on Windows 10

Scenario: You've already been provided with login credentials for your Office PPTP VPN server by your IT administrator.

Solution: Follow the step by step screen capture guide below to setup Windows VPN Client. The steps are pretty much similar for earlier version of Windows desktop.

1. Open Network and Sharing Center from Control Panel 

2. Click "Set up a new connection or network" in Network and Sharing Center

3. Select "Connect to a workplace" and click "Next"

 4. Select "Use my Internet connection (VPN)"

 5. Enter the VPN server hostname or IP address (provided by your IT Administrator) and click "Create"

 6. Wait for the connection to be created

7. Go back to "Network and Sharing Center" and click on "Change adapter settings"

 8. Right click on "VPN Connection" (Assuming you are using the same name as me)

 9. Click "Properties" in the right click menu

 10. Click on "Security" tab. Change type of VPN to "Point to Point Tunneling Protocol (PPTP)", check "Allow these protocols" radio button, and make sure "Microsoft CHAP Version 2 (MS-CHAP v2)" check box is ticked

 11. Go back to "Network and Sharing Center", right click on "VPN Connection", and click "Connect/ Disconenct" on right click menu

 12. Click on "VPN Connection" in Network & Internet Settings

13. Click "Connect"

 14. Enter your username and password (Provided by your IT Administrator) and click "OK" to connect to VPN Server

 15. Connection to VPN is being established just have to wait for it. If you encountered error this part, contact your IT Administrator with the error message returned

16. You are now successfully connected to your Office VPN Server via PPTP protocol

Note: Variables that you should change is VPN Server hostname/ IP address, your own username, and your own password. All these information should have been given by your IT Administrator. Check with your Office's IT Department if you aren't sure about your login credentials.

Monday, 4 January 2016

How to Enter BIOS on Windows 10 Laptop

Entering BIOS on Windows 10 Laptop

Scenario: Hitting the F2 key to enter BIOS during laptop power/ start up on does not work. It continues to boot up into Windows 10 login screen.

Solution

Windows 10 keeps the Fast Startup feature same as Windows 8. In Fast Startup mode, it only saves the system booting information. When the you press the power button of the system, it will boot the system to the user's default setting. 

Fast Startup could have some issues such as:
1) Press F2 will not enter BIOS configuration when booting the system
2) Press F9 will not restore the system to factory default setting when booting the system

The two actions will work only when the system shut down completely. Since the concept of Fast Startup is similar to Sleep Mode, it means the system will not shut down completely. This the reason that the two actions can't work.

To disable Fast Startup upon next shut down, perform the following,
1. Hold and press [Shift] then turn off the system. 


How to Upload H.265/ HEVC MP4 Video to YouTube

H.265/ HEVC MP4 Video Unsupported by YouTube



Scenario: After finished uploading your video to YouTube, you get the following error "The video has failed to process. Please make sure you are uploading a supported file type."

Solution: You'll need to use a 3rd party H.265/ HEVC video converter and convert your video to H.264 format which is supported by YouTube.

1. I'm using PAVtube Video Converter. Download it from www.pavtube.com. This is a paid software but comes with free trial. However the trial version comes with their watermark in video after conversion.
2. Install and run the program.

Click add file or add folder for multiple files

Select the check box for video(s) you wish to convert

Select the output video file format you wish to have

Conversion of video begins

Conversion of video completed

Note: You'll need a fast PC processor for video encoding. If your using a slower processor, your PC might be lagging during conversion period. If you like the software, do purchase a full version of it to support it's further development.