Basic VPN configuration

Teruja!!! itu yang dapat aku katakan… lama aku menunggu saat mendapat peluang seperti ini… pagi tadi dengar radio IKIM, Allah itu maha mengetahui kenapa kita dihadirkan di sesuatu tempat… yalah seperti aku… yang lama dahagakan ‘Job Scope’ yang dapat memberi pengertian dalam hidup ku… akhirnya aku ketemu jua… walaupun sebab musabab aku tukar pekerjaan kerana hubby aku nak tukar kerja dan sukar memberi komitmen kepada keluarga sekiranya aku bekerja ‘shift’…

Hari ini, mari pelajari ilmu rangkaian atau network… semalam aku dapat ‘configure’ VPN for new SAP customer… aku dahlah tak familiar dengan VPN… rupanya VPN subject ni termasuk dalam CCNP… so apa yang aku pelajari selama ini iaitu CCNA tak cukup… hehehe… itulah ilmu itukan tiada sempadan… belajar, belajar, belajar seperti Ustazah Siti Nur Bahiyah punya motto dari perkataan ‘BEST’…

Jom kita mulakan… apa itu VPN… kalau kita ungkai ‘Virtual Private Address’… apa itu… hah… keperluannya secara am… contohlah… sesiapa yang pernah akses syarikat punya ‘internal’ dokumen dari rumah… kebiasaannya mereka kena masuk satu tetingkap di mana mereka kena memasukkan kunci pengenalan supaya mereka dapat mengakses kepada data yang mereka kehendaki… medium akses dari rangkaian yang tidak dipercayai… ‘untrusted’ atau ‘global/public network’ kepada rangkaian yang dipercayai… ‘trusted’ atau ‘private network’… ini yang dapat aku terangkan secara amnya… secara teknikal memang memecahkan kepala… hahaha….

Ok, permulaan kita atau proses pertama ‘configure’ ‘preshared key’ (sebenarnya ada proses yang patut kita ‘configure’ sebelum itu tapi aku akan nyatakan terus proses yang utama)

—‘Command’ ‘configure’ ‘preshared key’ untuk memberi kepercayaan kepada dua belah pihak—
crypto isakmp key $$$$$$$$$$$$ address x.x.x.x no-xauth

$$$$$$$$$$$$: ‘preshared key’ samada encrypt atau decrypt
x.x.x.x: IP pihak sebelah sana yang dipersetujui (‘Public’ IP)

Proses seterusnya, kita kena menyenaraikan akses dari pihak sini dan pihak sana.

—‘Command’ ‘configure’ ‘access list’—
ip access-list extended acl-NAME
permit ip x.x.x.x 0.0.0.255 x.x.x.x 0.0.0.255

acl-name: buat ‘title’ ‘access list’
x.x.x.x: (kanan) IP belah kita (kiri) IP belah kawan kita (‘Private IP)
0.0.0.255: Ini menunjukkan IP x.x.x.x adalah dalam rangkuman Kelas C IP dan kenapa kita tulis sebegitu kerana kita mahu ‘IP range’ dari .1 hingga .255

Proses yang terakhir adalah kita buat peta perjalanan atau ‘route map’ 🙂

—‘Command’ ‘configure’ ‘route map’—
crypto map Route_Map_NAME ipsec-isakmp
description crypto map NAME
set peer x.x.x.x
set security-association lifetime seconds 28800
set transform-set NAME
match address acl-NAME

Route_Map_Name: ‘Title’ peta perjalanan ini macam ‘inquiry’ dan ‘recall’
description crypto map NAME: ini kita melabelkan terperinci peta perjalan untuk apa
set security-association lifetime seconds xxxxx: ‘SA’ jangka hayat per saat, bergantung persetujuan kedua belah pihak
set transform-set NAME: ‘transform-set’ ini kita ibaratkan lebuh raya atau jalan negeri untuk memberi jalan, boleh juga sebagai terowong atau ‘Tunnel’ dan ini seperti ‘inquiry’ dan ‘recall’ di mana telah ‘configure’ pada ‘header’.
match address acl-NAME: hah, ini ingat tak tadi kita buat ‘access-list’… so sama teori ‘inquiry’ dan ‘recall’… kita panggil ‘IP’ yang berpadananan dengan ‘access-list’

P/S: Peringatan! kena pastikan ‘environment’ masa buat ‘configuration’ adalah dalam ‘privilege mode’ iaitu ‘enable’ dan ‘config terminal’.

OK! untuk memmastikan ‘configuration’ yang kita buat tadi betul, so kita kena guna ‘command verification’ perhatikan status untuk Phase I iaitu ‘isakmp’ dan Phase II iaitu ‘ipsec sa’. Jika kedua2 dalam status yang ideal… alamatnya berjayalah ‘configuration’ kita tadi sekiranya kedua belah pihak ‘configure’ VPN pada masa yang sama.

—‘PHASE I’:’isakmp verification’—
show crypto isakmp sa

Contohnya:-
dst src state conn-id slot
x.x.x.x x.x.x.x QM_IDLE 2 0
x.x.x.x x.x.x.x QM_IDLE 1 0

—‘PHASE II’: ‘IPsec sa’—
show crypto IPsec sa

Contohnya:-

interface: HSSI1/0
Crypto map tag: AS1VPN, local addr. 200.1.1.1
protected vrf:
local ident (addr/mask/prot/port): (211.0.0.0/255.0.0.0/0/0)
remote ident (addr/mask/prot/port): (212.0.0.0/255.0.0.0/0/0)
current_peer: 200.1.1.2:500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
#pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 1, #recv errors 0

local crypto endpt.: 200.1.1.1, remote crypto endpt.: 200.1.1.2
path mtu 1500, media mtu 1500
current outbound spi: 770BFB0E
inbound esp sas:
spi: 0xBAB54AEB(3132443371)
transform: esp-aes esp-sha-hmac ,
in use settings ={Tunnel, }
slot: 0, conn id: 2000, flow_id: 7, crypto map: AS1VPN

crypto engine type: Software, engine_id: 1
sa timing: remaining key lifetime (k/sec): (4439346/3318)
ike_cookies: 3A2297BC 4BED61BF 7571B28B 40217AB8
IV size: 16 bytes
replay detection support: Y

inbound ah sas:

inbound pcp sas:
outbound esp sas:
spi: 0x770BFB0E(1997273870)
transform: esp-aes esp-sha-hmac ,
in use settings ={Tunnel, }
slot: 0, conn id: 2001, flow_id: 8, crypto map: AS1VPN
crypto engine type: Software, engine_id: 1
sa timing: remaining key lifetime (k/sec): (4439347/3316)
ike_cookies: 3A2297BC 4BED61BF 7571B28B 40217AB8
IV size: 16 bytes
replay detection support: Y

outbound ah sas:

outbound pcp sas:

Status ‘isakmp sa’ untuk panduan adalah seperti di bawah:-

—Status ‘isakmp sa’ (Main Mode)—
MM_NO_STATE
The ISAKMP SA has been created, but nothing else has happened yet. It is “larval” at this stage—there is no state.

MM_SA_SETUP
The peers have agreed on parameters for the ISAKMP SA.

MM_KEY_EXCH
The peers have exchanged Diffie-Hellman public keys and have generated a shared secret. The ISAKMP SA remains unauthenticated.

MM_KEY_AUTH
The ISAKMP SA has been authenticated. If the router initiated this exchange, this state transitions immediately to QM_IDLE, and a Quick Mode exchange begins.

Lastly, cubaan ‘ping’ ke gateway IP dan IP pertama yang kau ‘assign’ for server.

OK! aku dah mula lalok… so sampai di sini… bila aku ada masa lagi aku sambung dengan ‘task’ yang lain.

Advertisements

Amigurumi… polish your crochet skills

I bumped into an article inside ‘The Sun’ newspaper and I was really excited reading how the girls develop their hobby of making amigurumi and weave by themselves. ‘Crochet’… yeah I know that skill since my primary school where I learnt from friends, teachers and my mother. At the bottom of the article, there is a foot notes where directed me to watch ‘Amigurumi Manuals’ videos in Youtube. Let’s try! Enjoy!





P/S: ‘AMIGURUMI’ where ‘Ami’ is meaning Knitted and ‘Gurumi’ comes from word ‘Nuigurumi’ which is Stuffed Toy

Shawl… How to look prettier with it

Nowadays, shawl is the famous jilbab among girls. I am also tempted and interested to wear shawl and bought 3 different designs of shawls to try it on. But, I really didn’t know how to wear it as pretty as others wear it until I found several videos “How to wear shawl”. Enjoy!









Aching head… hilarious… Headache every time school holiday is coming

I like fancy tips ad that was emailed by ANMUM Club to my inbox and I would like to share with everybody who is always having headache to think or plan an exciting activities for their children. Enjoy!

India, the next trip destination after Indochina?

I love traveling others countries and it becomes my hobby to plan 4 trips per year. I started loving it after I made a trip plan to Medan, Indonesia for 2 days 1 night last year and I found it was really enjoy and refresh. It was a starting point of my hobby traveling outside Malaysia. At first, I said that I want to explore whole Indonesia, after that I will extend trip plan to Indochina, China and maybe India.

Today, I asked Swapnil, my colleague who is a local Indian and he recommended some places that I should go based on my interest. I love history buildings and he suggested me to go to New Delhi, Agra, Fatepur Shikri, Amritsar and Rajastan. I was excited and immediately searched those cities through Google and chose images to see photos of the places. It is really amazing and mostly of the buildings have a beautiful and unique architectures.

New Delhi; he said the famous places are Jama Mosque, Red Fort, Qutub Minar and Iron Pillar.

  Iron Pillar

Jama Mosque – claimed as the largest mosques in Asia

Qutub Minar

Red Fort

As we knew, Taj Mahal is well known and famous place in India and it is located in Agra, India.

Taj Mahal

Fatepur Shikri, Rajastan the uniqueness of this state is divided to land and desert. And he narrated that this state is used to be India capital city for 10 years and because of inadequate of water supply, New Delhi took replace as India capital city. It looks like abandon city and nobody lives there but it is really beautiful city where many palaces were built here.

Fatepur Shikri Palace

Amritsar; where the Golden Temple can be founded here.

Golden Temple

Jaipur; well known as Pink city because mostly the buildings are painted in pink color.

Hawa Mahal – Voila! painted in pink.

Those cities are located in North of India. So, in term of food, he said that the common cuisines are nan and Indian ‘roti’ which are made from wheat flour and rice is rarely consumed. He also mentioned that taxi and train are the best transportation to commute from one place to another place. More, business hour in here starts from 10a.m. to 8p.m. and usually they extend their operation until 12a.m. He suggested that the best month to travel in India is February where the end of winter season and the start of rainy season which is likely autumn season. And he also said that the best gifts to bring back home is Taj Mahal miniature which is made from marble.

Cuci-cuci mata – Baby Kimono

1. Baby Kimono Romper – Blue

Size: 70, 80, 90, 100

Material: Cotton

Color: Blue, Beige

2. Baby Kimono Romper – Polka Dot – Navy and Ivory Color

Size: 80, 90, 95

Material: Cotton

Color: Navy, Ivory

3. Baby Kimono Romper – Check – Purple and Green Color

Size: 80, 90, 100

Material: Cotton

Color: Purple, Green

4. Baby Kimono Romper – Fancy – Blue and Green Color

Size: 80, 90, 100

Material: Cotton

Color: Purple, Green