CONTENTS

IPSec & VPN: Technical Details

Technical details. 

1. Address pools.  LAN1’s internal (private) address pool for its network is 10.10.10.0 with a netmask of 255.255.255.0
LAN1’s external (public) address pool is 192.168.2.1 – 192.168.2.63 However, 192.168.2.1 has to be assigned to PIX1’s outside interface. 

LAN2’s internal (private) address pool for its network is 10.10.3.0 with a netmask of 255.255.255.0
LAN2’s external (public) address pool is 192.168.10.1 – 192.168.10.63 However, 192.168.10.1 has to be assigned to PIX2’s outside interface.  

2. IP addresses for the PIX firewalls.  PIX1 will have an inside interface of 10.10.10.1 and an outside interface of 192.168.2.1.  PIX2 will use an inside interface of 10.10.3.1 and an outside interface of 192.168.10.1. 

3. Routing information and default route settings.  Traffic between LAN1 and LAN2 has to go through a public routed network in this assignment. The routing settings for this network have been set for you but you must take care of indicating the correct default gateways to the firewalls that will take care of the traffic of LAN1 and LAN2.  On PIX1 you need to set the default gateway to be 192.168.2.65 and PIX2 you need to set the default gateway to be 192.168.10.65. 

4. Configuring the PIX firewalls. 
In order to configure the PIX firewalls you will connect the blue cable that ends in a serial adapter to the serial port on the back of PC1. Once you log in to your user account (explained later) you can activate the Connect to Serial Port icon located on your desktop. Press the Enter key several times to “wake up” the connection.

When you are finished configuring one of the PIX, simply pull out the blue cable and connect it to the Console port of any other PIX you need to configure.

You will not be using the PIX Device Manager’s graphical user interface to configure the firewall in this assignment.

Erasing previous configurations on the PIX firewall
Before starting to configure the PIX firewall you should erase any previous configuration already stored on it so that you can start your work from an unconfigured system. To do this enter privileged mode on the PIX firewall and use the following commands:

write erase
reload

These commands erase the current configuration from the flash memory of the PIX and reboot the firewall. To start configuring the PIX answer yes to any prompt that shows up except for the one that says Pre-configure PIX Firewall now through iterative prompts? to which you should answer no.

After all this you’ll be left at the prompt of the unprivileged mode of the PIX. Since there is no configuration stored on it, the enable (privileged mode) password is blank. When asked for the enable password just press the Enter key.

When you have finished this lab assignment, erase the configuration that you have provided to the PIX firewall so the next student team will also start from an unconfigured system.

5. Log in for the Windows machines.  For your work in this lab you will use the username seclab with password seclab1 on all Windows 2000 based machines.

6. Telnet and FTP service activation.  The PCs for this lab are the Windows 2000 Professional machines that have been labeled PC1, PC2 and PC3. These machines have the Telnet service installed and activated. However, for this lab you have to manually activate the FTP Server service on a machine if it has not previously been activated. You can do this by clicking on the Start FTP Server icon on the Desktop screen of each PC.

When you activate the FTP Server, you should see the initial screen of the Quick’n easy FTP server. If not, check to see if you have a small icon on the lower right hand corner of your screen and click on it to activate the initial screen (the icon looks like a small world globe with a stripe running diagonal across it).

Once on the initial screen of the Quick’n easy FTP server click on the Start button to start the FTP service on that machine.

7. Establishing an FTP session. To establish an FTP session from machine A to machine B do the following:

1. Open a command screen from machine A: Select Start -> Run and write cmd in the Run command window. A black text based window should open up.

2. On the command screen to start an FTP session of machine B by using ftp <ip_address_of_Machine_B>

3. Login as user anonymous , there is no password so you can press the Enter key at the password prompt.

4. When you want to logout of the FTP server type quit

8. Establishing a Telnet Session.   To establish a Telnet session from machine A to machine B do the following:

1. Open a command screen from machine A: Select Start -> Run and write cmd in the Run command window. A black text based window should open up.

2. On the command screen to start an FTP session of machine B use telnet <ip_address_of_Machine_B>

3. Login as user seclab , the login password is seclab1. If you are prompted for a domain, just press the Enter key

4. When you want to exit the telnet session type exit.