Friday, March 13, 2015

VPN SITE TO SITE ON INTERNET BEHIND NATED NETWORK (Mikrotik - alternative)





Based on the first post


Problem:
Often we establish VPN site to site on the internet using public IPs as the tunnel source and destination, but if one of the nodes do not have public IP from the ISP?
In these cases we can use tools SSL VPN like Teamviewer, Logmein or other, but if one side we have equipment such as PLC, CCTV systems or other we must seek alternatives, for example the question below.


Scenario:
One network located behind another nated network initiates a VPN client that will establish a secure tunnel enabling bidirectional IP traffic between the sites.


Elements of this laboratory:
- Host computer capable to virtualize.
- Oracle VirtualBox
- - 04 routers running Mikrotik RouterOS (version 6.27)
- Oracle VirtualBox
- - 03 guests


Below the configuration of each router:


main_branch router config




internet router config




front_nat_network router config




remote_branch router config




remote users config (routing table, avoid default route)




Graphical about secure protocol Vs non secure

Sunday, March 8, 2015

VPN SITE TO SITE ON INTERNET BEHIND NATED NETWORK (Cisco Systems - alternative)





Problem:
Often we establish VPN site to site on the internet using public IPs as the tunnel source and destination, but if one of the nodes do not have public IP from the ISP?
In these cases we can use tools SSL VPN like Teamviewer, Logmein or other, but if one side we have equipment such as PLC, CCTV systems or other we must seek alternatives, for example the question below.


Scenario:
One network located behind another nated network initiates a VPN client that will establish a secure tunnel enabling bidirectional IP traffic between the sites.


Elements of this laboratory:
- Host computer capable to virtualize.
- GNS3
- - 04 routers running Cisco IOS K9 (c2691-adventerprisek9-mz.124-15.T14)
- Oracle VirtualBox
- - 03 guests


Below the configuration of each router:


main_branch router config




internet router config




front_nat_network router config




remote_branch router config




remote users config