Implementing Virtual Private Network In ABC Enterprise L.T.D. For Enhanced Security. (70 Characters)

The ABC enterprise L.T.D is Business Company which deals with supply and distribution of the furniture, however it is a small medium enterprise.

This company is two branches which are located in two nearby towns namely town A and town B, in these branches there are departments in them where the branch A has the management and finance department while the branch B has Operation And Distribution Departments.

The management of this enterprise L.T.D has found it important to install a network that will enable easy communication, sharing of the information and cut on cost since they will share resources like the servers and printers in those departments.

Therefore in order to set up that network there will be configuration of the virtual private network which will enable the encryption in the connection in order to improve the security in the network sections that might not be less secured.

This virtual private network will therefore be useful in terms of the boosting the security level in the network infrastructures that will be used to link the two branches and their respective departments.

The ABC virtual private network is going to cover the two branches where there will be two separate networks then they get linked using three routers and thus the two branches will be able to communicate with each other.

The network will be having two subnetworks which are network A which will be allocated ip address   192.168.1.1/24 and the subnetworks B will be allocated ip addresses 192.168.2.1/24 .

However each department in the network A will be allocated two computers ,one server for file storage and a printer  while the departments in the network B will be having one computer each and a printer that will be used by all departments.

During the implementations process there will be some limitations to be set this is to ensure that there are no other hosts that can externally access the network resources like the server, printers or even the network computer this will be done through use of the firewalls which will be implemented by the use of access-list in the routers.

The ABC network will be having two subnets A and B and also there will be a set tunnel that will set between the two networks.

Below are the network parts that will be used and the service VPN parts that will be used to do the implementation of the VPN network and services.

The network A is the part of the network that will be hosting the management and finance departments and the following will be the required items.

Item name	Model	Units
Router	2621-XM	1
Switch	2690-24TT	3
Computers	Acer 5327-Z	4
Server	WDC WD800JD-22LSA0	1
Printer	Canon LBP 7018C Laserjet Printer	1

The network B is the part of the network that will be hosting the operations and distribution departments and the following will be the required items.

Item name	Model	Units
Router	2621-XM	1
Switch	2690-24TT	3
Computers	Acer 5327-Z	2
Printer	Canon LBP 7018C Laserjet Printer	1

This is the part of the network that will be used to implement the network and its subnets and the tunnel part will allow the router for network A and router for network B to communicate virtually, the following will be the requirements for the VPN service part.

Requirements (Network Parts and VPN Service Parts)

Router name	Router model	Network interfaces
		Fa 0/0		Fa 0/1
		Ip address	Network mask	Ip address	Network mask
Router 0	2621-XM	192.168.1.1	255.255.255.0	1.0.0.1	255.0.0.0
Router 1	2621-XM	1.0.0.2	255.0.0.0	2.0.0.1	255.0.0.0
Router 2	2621-XM	2.0.0.2	255.0.0.0	192.168.2.1	255.255.255.0

The above will be the requirements to configure the VPN services in the ABC networks.

The ABC network will be implemented by various steps where there will be the logical design and the physical design implementation, using the logical design there will be indication of the IP addresses that are associated with each network interfaces.

However the network physical designing part will be used to indicate the physical connection of the ABC network as discussed below.

The ABC network logical design will be done using the network drawing tool ,this will indicate the ip addresses that will be associated with the different networks that form the entire ABC network as shown in the figure below.

The logical network above will be the foot print that will be used to make the physical design of the ABC network ,however this physical network will be able to show the actual components used in the logical network .

The physical design will also indicate the physical devices connection using the various connection medium and also the ip address of the different sub-networks will be indicated as well, therefore in the implementation of the physical design a simulation tool is used for this case the packet tracer is going to be used for the physical network design as in figure below.

The implementation of the ABC network will use the topology that will link all the computer devices in the separate network and this will enhance efficient communication of the network devices.

The topologies used are two which includes the following:

The star topology is used to link the devices within the separate network A and B devices ,this is done where a switch is centrally located between two switches that from the two departments and the router that links that network to the corresponding network therefore forming the star topologies.  

The ABC will have the various network sections and will be having the respective IP addresses, however this is done by use of the IP addressing scheme which will assign the various devices their respective IP addresses ,below is the table showing the IP addressing scheme used in the ABC network.

Device name	Ip address	Network mask	Default gateways
Router 0	Fa 0/0 192.168.1.1 Fa 0/1 1.0.0.1 Tunnel 10 172.16.2.1	255.255.255.0 255.0.0.0 255.255.0.0	192.168.1.1 1.0.0.1 172.16.2.1
Router 1	Fa 0/0 1.0.0.2 Fa 0/1 2.0.0.1	255.0.0.0 255.0.0.0	1.0.0.2 2.0.0.1
Router 2	Fa 0/0 2.0.0.2 Fa 0/1 192.168.2.1 Tunnel 20 172.16.2.2	255.0.0.0 255.255.255.0 255.255.0.0	2.0.0.2 192.168.2.1 172.16.2.2
Server 0	192.168.1.2	255.255.255.0	192.168.1.1
Pc0	192.168.1.3	255.255.255.0	192.168.1.1
Pc1	192.168.1.4	255.255.255.0	192.168.1.1
Pc2	192.168.1.5	255.255.255.0	192.168.1.1
Pc3	192.168.1.6	255.255.255.0	192.168.1.1
Pc4	192.168.2.2	255.255.255.0	192.168.2.1
Pc5	192.168.2.3	255.255.255.0	192.168.2.1

The ABC network requires the enforcement of the security this is done by various ways where the network will be installed with the firewall devices where there will control of the people who can have access to the entire network or one segment of the network, however the other way to ensure there is network security is by implementation of the VPN services in the network

The network redundancy and failing over plans are very important aspect that had been implemented this will assist to prevent the failure in the system and setting up of the means to recover the network in case of failure ,this had been  implemented through the following ways:

1. Setting of the security policies: This is where the network has ability of to prevent the intruders where for this ABC network there is installation of the firewalls by setting of the access-lists to the respective routers.
2. Putting of the disasters recovery plans: The network has to be set the systems to ensure they disasters can be recovered in case of corruption of data, in this case the network has been installed a server system that will be mainly used for data backup.
3. And setting the business continuity plans: To ensure the continuity of the business the network is allocated the network IP addresses that will ensure in case of expansion in the company the IP address will accommodate the addition host devices.

All these features are indicated in the figure below.

The VPN network is implemented in the ABC network to ensure that the devices installed can be able to communicate between each other ,however below are  the procedures used to do the configurations of the VPN.

Solution Design

This is done by opening the router 0 CLI menu and enter the following codes to configure interfaces fa 0/0 and fa 0/1 as below.

Router>enable

Router#configure t

Enter configuration commands, one per line.  End with CNTL/Z.

Router(config)#hostname ROUTER1

Router1(config)#interface fa 0/0

Router1(config-if)#ip address 192.168.1.1 255.255.255.0

Router1(config-if)#no shutdown

Router1(config-if)#exit

Router1(config)#int fa 0/1

Router1(config-if)#ip address 1.0.0.1 255.0.0.0

Router1(config-if)#no shutdown

This is done by opening the router 1 CLI menu and enter the following codes to configure interfaces fa 0/0 and fa 0/1.

Router>enable

Router#configure t

Enter configuration commands, one per line.  End with CNTL/Z.

Router(config)#interface fa 0/0

Router(config-if)#ip address 1.0.0.2 255.0.0.0

Router(config-if)#no shut

Router(config-if)#exit

Router(config)#int fa 0/1

Router(config-if)#ip address 2.0.0.1 255.0.0.0

Router(config-if)#no shut

This is done by opening the router 2 CLI menu and enter the following codes to configure interfaces fa 0/0 and fa 0/1 as below.

Router>enable

Router#configure t

Enter configuration commands, one per line.  End with CNTL/Z.

Router(config)#interface fa 0/0

Router(config-if)#ip address 2.0.0.2 255.0.0.0

Router(config-if)#no shut

Router(config-if)#exit

Router(config)#interface fa 0/1

Router(config-if)#ip address 192.168.2.1 255.255.255.0

Router(config-if)#no shut

This is done to ensure that the three routers can communicate or ping each other easily in the network, the routing of the router one is done by opening the router 0 and router 1 and in the CLI tab enter these commands below [4].

Routing in Router 0

Router 1>enable

Router1#configure terminal

Enter configuration commands, one per line.  End with CNTL/Z.

Router1(config)#ip route 0.0.0.0 0.0.0.0 1.0.0.2

Router 1(config)# 

Routing in Router

Router>enable

Router#configure terminal

Enter configuration commands, one per line.  End with CNTL/Z.

Router(config)#ip route 0.0.0.0 0.0.0.0 2.0.0.1

This is done in order to test whether the routers 0and routers 2 are able to communicate with each other before we proceed with setting up VPN services it is done as follows.

Ping router 2 from the router 0 to test connectivity as follows.

Router1>enable

Router1#ping 2.0.0.2

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 2.0.0.2, timeout is 2 seconds: 

Success rate is 100 percent (5/5), round-trip min/avg/max = 0/0/0 ms 

Ping the router 0 from the router 2 to test the connection using the below commands. 

Router>enable

Router#ping 1.0.0.1 

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 1.0.0.1, timeout is 2 seconds: 

Success rate is 100 percent (5/5), round-trip min/avg/max = 0/0/1 ms

In order to set up the VPN we shall use the two routers which are router 0 and the router 2, these will enable transmission of the signals using the VPN between the two routers.

This will be done using the following configurations steps [5].

VPN creation on router 0.

The initial step will to create a virtual private network in the router 0 which will be done using the following codes entered after opening the CLI option as below.

Router>enable

Router#configure terminal

Enter configuration commands, one per line.  End with CNTL/Z.

Router(config)#interface tunnel 10

Router(config-if)#ip address 172.16.2.1 255.255.0.0

Router(config-if)#tunnel source fa 0/1

Router(config-if)#tunnel destination 2.0.0.2

Router(config-if)#no shutdown 

The  second step will be creating a virtual private network in the router 2 which will be done using the following codes entered after opening the CLI option as below.

Router>enable

Router#configure terminal

Enter configuration commands, one per line.  End with CNTL/Z.

Router(config)#interface tunnel 20

Router(config-if)#ip address 172.16.2.2 255.255.0.0

Router(config-if)#tunnel source fa 0/0

Router(config-if)#tunnel destination 1.0.0.1

Router(config-if)#

Router(config-if)#no shutdown

This is where the communication between the router 0 and the router 2 is tested by pinging each and checks the results if they are communicating with each other as follows.

Ping router 2 from the router 0 to tests the results of communication.

Router>enable

Router#ping 172.16.2.2

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 172.16.2.2, timeout is 2 seconds:v

Success rate is 100 percent (5/5), round-trip min/avg/max = 0/7/36 ms 

Ping router 0 from the router 2 to tests the results of communication.

Router>enable

Router#ping 172.16.2.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 172.16.2.1, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 0/0/1 ms [6].

Therefore from the above results it shows that the VPN configuration between the two routers is well configured and thus they can be able to communicate with each other.

 The created VPN tunnel need to be routed this is to allow the two networks to be able to communicate to each other ,this is done as follows in the both routers.

VPN routing in router 0 ,the routing is done by use of the following codes .

Router>enable

Router#configure t

Enter configuration commands, one per line.  End with CNTL/Z.

Router(config)#ip route 192.168.2.0 255.255.255.0 172.16.2.2 

VPN routing in router 2 ,the routing is done by use of the following codes .

Router>enable

Router#configure t

Enter configuration commands, one per line.  End with CNTL/Z.

Router(config)#ip route 192.168.1.0 255.255.255.0 172.16.2.1

After performing the routing the testing can be done to show whether the tunnel creation is successfully done this will involve using the ping command on the two routers to try to access the network A and network B then the command to show status of the tunnel in either of the network segments as below [7].

Ping router 2 from router 0 

Ping router 0 from router 2

Showing router 0 tunnels interfaces. 

Showing router 2 tunnels interfaces.

Ping PC4 in network B from PC0 in network A  

Ping PC0 in network A from PC4 in network B 

Therefore from the above test there is clear indication that the VPN configuration had been configured successfully. 

References

A.Thomas,The Practice of System and Network Administration, New York: Addison-Wesley Professional.

D.Jeff,Routing TCP/IP, London: Cisco Press.,2016.

D.Kevin, Cisco IOS Cookbook, New York: O'Reilly Media,2015.

E.Douglas, Internetworking with TCP/IP Principles, Protocols, and Architecture, New York: Prentice Hall,2015.

K.James , Computer Networking: A Top-Down Approach, Toronto:Pearson publishers,2014.

L.John,Computer Architecture:A Quantitative Approach,New York:Morgan Kaufmann publishers ,2015.

S.Andrew,TCP/IP Network Administration Craig Hunt Computer,New Yorj: O'Reilly Media,2014.