CONTENTS

IPSec & VPN: VPN Tunnel Parameters

VPN Tunnel parameters. 

1. Use only ESP since traffic is going through a “public” network.

2. Use pre-shared keys for device authentication. The key can be a string of characters and numbers selected by you. Example: cisco123.

3. For encryption use DES only.

All other parameter values (DH group, HMAC standard, etc) should be chosen by each student group.

Running Ethereal to capture packets.  The software application Ethereal is installed on all computers of the security lab. However for this lab you will only need to activate it in PC2 . To activate Ethereal and start a packet capture, do the following:

1. Login into each machine as seclab

2. Activate the Ethereal icon that is on the Desktop

3. Go to the Capture menu and click on the OK button to start the packet capture. A capture progress window should pop-up.

4. Once enough packets have been captured or enough time has elapsed, click on the Stop button. Capture only the packets you need in order to make your analysis easier.

5. Once you have stopped the packet capture, you should be able to recognize three different screen sections: The packet list section (upper section), the packet details section (middle section) and the packet bytes section (lower section). Each time you select a packet in the packet list section the other two sections will change accordingly. You can now analyze the captured packets as you wish.

The Filter text field on the main screen allows you to specify which packets should be displayed on the packet list section of the screen. Use this to get a view of only those packets that you are interested in. For example, if you write telnet in this field you will only see the packets related to a captured telnet session.