IPSec Lab - IPSec Lab m1 m1 Network B Network A m2 m3 m2 m3...

Info iconThis preview shows pages 1–3. Sign up to view the full content.

View Full Document Right Arrow Icon
IPSec Lab Network B Network A m3 m2 m3 m2 m1 m1 Ideally in this lab you will have access to six linux boxes, with two of boxes having three interface cards and serving as a router. If you have only two linux boxes, you can do a scaled back version of lab using only the transport mode between the two linux boxes. The lab described below assumes you create the full set-up, as shown in the above figure. Part 1:IPSec connection with Manual Keying in the same network (Transport mode) Throuhgout this lab, you will be using the ESP protocol (rather than the AH protocol). In this part, you will set up IPsec SAs between two hosts m1 and m3 (transport mode) in one of the networks. All traffic will pass through m2. Using m2, you will test your SAs by sniffing and examining the packets sent between the two hosts. You may use any sniffer you want (e.g., Wireshark, Snort, or tcpdump). To create your SAs, you will need to edit the setkey configuration files in m1 and m3. To edit the configuration file with vi, type vi /etc/setkey.conf. Answer the following questions: 1. Explain, in detail, how you configured and setup the IPsec SAs. Include your configuration file in your report ( setkey.conf file). 2. What features of IPsec are being used in this example? Confidentiality? Integrity? Authentication? What options in the ESP protocol are being used? What crypto algorithms are being used? Examine one of the IPsec encrypted packets. Answer the following questions:
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
3. Is the IP header encrypted? How large is the IP header. Is the entire IP payload encrypted? 4. What is the protocol number for ESP? 5. Can you tell whether the datagram is carrying UDP, TCP, or ICMP data?How? 6. What is the SPI for this SA from your host to your partner’s host? What is the SPI for this SA from your partner’s host to your host? 7. How are the sequence numbers changing in each of the SAs? 8. In your own words describe in what cases is manual keying feasible and in what cases it is not. Support your solutions with screenshots of sniffed traffic where required. Before you begin the lab you might want to review the Power Point lecture and gather more information about IPSec and its implementation methods. Some useful websites are: z http://www.ipsec-howto.org/x304.html . This document provides several examples, many of which you’ll find very useful in this lab. z
Background image of page 2
Image of page 3
This is the end of the preview. Sign up to access the rest of the document.

Page1 / 6

IPSec Lab - IPSec Lab m1 m1 Network B Network A m2 m3 m2 m3...

This preview shows document pages 1 - 3. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online