Donnerstag, 2. April 2009

EN - VPN network with OSPF on PIX/ ASA and routers (Task 2)

OK I´ve changed the way how I will handle the answering of the tasks. The problem is that Task 1 was (at least I think) informative but it was also quite a lot to read. So I´ll split up the solutions to my self created tasks into smaller chunks, thus will make it easier to read, understand and find (if you search for the problem).

So how will task 2 be divided?

Task 2.1 Recreating the customers network
Basic OSPF configuration on routers and PIX/ASA

Task 2.2 Adding security features and VPN endpoint routers
Enabling OSPF MD5 Authentication on PIX/ASA and Routers
Adding new VPN edge routers to the OSPF Network

Task 2.3 Creating ISP Access
Basic OSPF Configuration between 3 ISPs (nothing fancy)

Task 2.4 Creating HSRP on the VPN endpoint routers
Basic HSRP Configuration on the two VPN routers

Task 2.5 Adding VPN Support for VPN Clients
Creating VPN access on VPN Edge routers

Task 2.6 Adding Site 2 Site VPN
Creating Site2Site VPN between routers and PIX/ASA

Task 2.7 Adding network extension mode Clients (NEM)
Creating VPN hardware clients (Routers and PIX/ASA)for NEM access

Task 2.8 Full Redundancy
Enabling SSO on Routers

The next few days I´ll post solution step by step. But first some pictures to explain the network concept.



This is the basic network that I´ve found at the customer location. The routers of the inner core routing network are running OSPF with no security features enabled the routers are most times non Cisco products but since we focus on Cisco network devices we ignore this fact. ;)
The outer core routing network is nearly the same like the inner core routing network but in future the customer plans to divide those network parts more. (but this is future planing and not covered here). Last is the edge network, this part contains network devices that connect to the Internet. In this scenario the primary edge is a ASA/ PIX but in the customer scenario there is an other firewall device in place (but this fact is ignored to ;) )



Here you can see the planed next stage, where two VPN routers are placed in the edge network. These routers are connected to two independent ISPs routers for redundancy issues.

As always if you got questions just drop a not into the comments.
More to come.

Cheers NWG

Keine Kommentare:

Kommentar veröffentlichen