Download - vpn
1 CCNS Final Project Kamdar Sdn Bhd – Virtual Private Network (VPN)
TABLE OF CONTENT
CHAPTER 1:.......................................................................................................................4
INTRODUCTION...............................................................................................................4
COMPANY BACKGROUND............................................................................................5
Mission........................................................................................................................6
Vision...........................................................................................................................6
ORGANIZATIONAL CHART...........................................................................................6
CHAPTER SUMMARY.....................................................................................................7
CHAPTER 2:.......................................................................................................................8
GATHERING INFORMATION.........................................................................................8
ANALYSIS OF BUSINESS INFORMATION...................................................................9
INTERVIEW THE STAFF...............................................................................................10
CHAPTER SUMMARY...................................................................................................14
CHAPTER 3:.....................................................................................................................15
NETWORK ARCHITECHTURE.....................................................................................15
NETWORK ARCHITECTURE OVERVIEW..................................................................16
INTRODUCTION.............................................................................................................16
Remote Access VPN..................................................................................................17
VPN SECURITY...............................................................................................................19
VPN TECHNOLOGIES....................................................................................................21
VPN Components..............................................................................................................23
VPN ADVANTAGES AND DISADVANTAGES...........................................................25
Advantages of VPN.......................................................................................................25
Disadvantages of VPN...................................................................................................26
CHAPTER SUMMARY...................................................................................................27
Hazwani binti Ishak 01-200807-00311
Kuala Lumpur Metropolitan University
2 CCNS Final Project Kamdar Sdn Bhd – Virtual Private Network (VPN)
CHAPTER 4:.....................................................................................................................28
NETWORK COSTING.....................................................................................................28
VPN CONCENTRATOR..................................................................................................29
Technical Specification.............................................................................................30
Model and Price.........................................................................................................33
VPN OPTIMIZED ROUTER............................................................................................34
Advantages....................................................................................................................35
Security..........................................................................................................................37
4.1.1 Specification....................................................................................................38
4.1.2 Model and Price...............................................................................................38
PIX FIREWALL................................................................................................................39
Deploy Comprehensive Network Security....................................................................39
4.1.3 Technical Specification...................................................................................40
4.1.4 System Requirements......................................................................................42
Model and Price.............................................................................................................42
NETWORK COSTING.....................................................................................................43
CHAPTER SUMMARY...................................................................................................44
CHAPTER 5:.....................................................................................................................45
TESTING AND IMPLEMENTATION............................................................................45
EXISTING NETWORK....................................................................................................46
IMPLEMENTATION OF THE NETWORK....................................................................47
CHAPTER SUMMARY...................................................................................................53
CHAPTER 6:.....................................................................................................................54
NETWORKING GUIDELINES.......................................................................................54
HP PROLIANT DL120 G6 SERVER...............................................................................55
DEBUGGING THE PPPOE SERVER.............................................................................56
CONFIGURATION VPN 1750-RF ROUTER ON HP PROLIANT DL120 G6 SERVER
...........................................................................................................................................57
CHAPTER SUMMARY...................................................................................................59
Hazwani binti Ishak 01-200807-00311
Kuala Lumpur Metropolitan University
3 CCNS Final Project Kamdar Sdn Bhd – Virtual Private Network (VPN)
CHAPTER 7:.....................................................................................................................60
MAINTENANCE..............................................................................................................60
PERFORMING MAINTENANCE...................................................................................61
Preventive......................................................................................................................61
Adaptive.........................................................................................................................61
Corrective......................................................................................................................61
Protective.......................................................................................................................62
CHAPTER SUMMARY...................................................................................................63
CHAPTER 8:.....................................................................................................................64
REVIEW AND EVALUATION.......................................................................................64
BACKUP AND RECOVERY...........................................................................................65
UNINTERRUPTABLE POWER SUPPLY......................................................................66
IMPLEMENTATION METHOD.....................................................................................67
CHAPTER SUMMARY...................................................................................................68
CHAPTER 9:.....................................................................................................................69
CONCLUSION..................................................................................................................69
CONCLUSION OF VPN PROPOSAL.............................................................................70
CHAPTER 10:...................................................................................................................72
FUTURE PLANNING......................................................................................................72
KAMDAR NETWORK SYSTEM IN FUTURE..............................................................73
APPENDIXES...................................................................................................................74
Kamdar main headquarter address and branches...............................................................75
Hazwani binti Ishak 01-200807-00311
Kuala Lumpur Metropolitan University
4 CCNS Final Project Kamdar Sdn Bhd – Virtual Private Network (VPN)
CHAPTER 1:
INTRODUCTION
Hazwani binti Ishak 01-200807-00311
Kuala Lumpur Metropolitan University
5 CCNS Final Project Kamdar Sdn Bhd – Virtual Private Network (VPN)
COMPANY BACKGROUND
Kamdar Group (M) Berhad (Kamdar) store opened in 1950 and in 1972, Kamdar
was incorporated as a private limited company. Kamdar is proud to be celebrating its
35th anniversary this year. A humble beginning trading in textile and haberdashery,
Kamdar has evolved into a specialized department store, focusing on textile and textile
based products for men, women children and apparels together with rugs, accessories and
luggage.
Textiles Furnishing Fabrics Ladies’s Fashion Men’s Wear Children’s Clothing Traditional & Modern Wear
The Kamdar brand stands for quality of service, history and value for money. The
company is perceived by the public as a trustworthy, value-for-money store with a
difference. The Kamdar logo, with its distinctive typeface and green and white corporate
colours – fostering an environmentally aware, clean, fresh and new image – is instantly
recognisable throughout Malaysia.
Despite the extremely intensive competition in the retail industry, Kamdar has
grown turnover and earning impressively at the year 5-year CAGR of 8% and 10%
respectively since 1996. compared to other listed retailers, Kamdar has the most superior
PBT margin and second highest PBT-level among retailers in Malaysia.
A family enterprise, Kamdar today spans 3 generations. With the support of
customers, advisers, business associates, employees, professionals and suppliers, Kamdar
has grown to twenty one outlets spanning the length and breadth of Peninsular Malaysia.
In future, Kamdar plans to open more outlets to explore new growth areas and strategies
to further grow the Kamdar brand.
Kamdar proceeded to list on the Main Board of Bursa Malaysia on 29 March 2005
and this is the first step to a new more vibrant, transparent and inclusive business
enterprise. After more than 50 years of growth, Kamdar has 21 outlets around Malaysia
and employs about 1,200 staff.
Hazwani binti Ishak 01-200807-00311
Kuala Lumpur Metropolitan University
6 CCNS Final Project Kamdar Sdn Bhd – Virtual Private Network (VPN)
Mission
To be the leading departmental store in Malaysia by offering a wide range
of textiles, furnishings and related products through persistent quality, range of
products at competitive prices to exceed customers expectations.
Vision
To be a premier global fashion and retail enterprise, distinguished by the
creativity, variety and quality of our product offerings.
ORGANIZATIONAL CHART
Hazwani binti Ishak 01-200807-00311
Kuala Lumpur Metropolitan University
7 CCNS Final Project Kamdar Sdn Bhd – Virtual Private Network (VPN)
CHAPTER SUMMARY
In this chapter 1, the background and information about Kamdar Sdn Bhd has
been interpret. The real business structure has been explained according to project
requirements.
The Kamdar Group (M) Berhad is committed to a corporate culture that
emphasises good corporate governance and practices throughout the company and its
subsidiaries.
As Kamdar started as a family business, it has been running through 3
generations. The succeed of the business goals determined by their strategic planning in
business.
Kamdar focused on textiles business in Malaysia and it is one of successful
textiles business which managed to open 21 chain stores all over Malaysia. Kamdar has
been supported Malaysian with varieties of fabrics and fashions that suits Malaysian
taste.
Hazwani binti Ishak 01-200807-00311
Kuala Lumpur Metropolitan University
8 CCNS Final Project Kamdar Sdn Bhd – Virtual Private Network (VPN)
CHAPTER 2:
GATHERING INFORMATION
Hazwani binti Ishak 01-200807-00311
Kuala Lumpur Metropolitan University
9 CCNS Final Project Kamdar Sdn Bhd – Virtual Private Network (VPN)
ANALYSIS OF BUSINESS INFORMATION
Location
KAMDAR GROUP (M) BERHADLocations: Jalan Tuanku Abdul RahmanAddress: 113,Jalan Tuanku Abdul Rahman,50100 Kuala Lumpur.
Phone: +603.2698.8488Fax: +603.2698.8400
Current network
Kamdar using internet which is basic ethernet topology and backbone
fiber. Traditional Ethernet employs a star topology, meaning that all devices or
hosts on the network use the same shared communication line. Each device
possesses an Ethernet address, also known as MAC address. Sending devices use
Ethernet addresses to specify the intended recipient of messages. Data sent over
the Ethernet exists in the forms of frames.
Hazwani binti Ishak 01-200807-00311
Kuala Lumpur Metropolitan University
10 CCNS Final Project Kamdar Sdn Bhd – Virtual Private Network (VPN)
The Ethernet header contains the addresses of both the intended recipient
and the sender. In traditional Ethernet, this protocol for broadcasting, listening,
and detecting collisions is known as CSMA/CD (Carrier Sense Multiple Access /
Collision Detection). Some newer forms of Ethernet do not use CSMA/CD.
Instead, they use the so-called full duplex Ethernet protocol, which supports
point-to-point simultaneous sends and receives with no listening required.
INTERVIEW THE STAFF
The interview had been held on Thursday,12th November 2009, 10.00 am at
Kamdar Jalan Tunku Abdul Rahman, Kuala Lumpur with Miss Jenice Lew.
WHAT ARE THE CURRENT NETWORK IMPLEMENTED IN KAMDAR?
Currently Kamdar is using basic Ethernet Star topology and backbone fiber and employs
star topology.
WHEN IT’S IMPLEMENTED
Kamdar implemented the network on 2004 with the basic infrastructure. The basic
infrastructure was implemented is star topology. A star network features a central
connection point called a hub. Devices typically connect to the hub with Unshielded
Twisted Pair (UTP) Ethernet.
Figure 1: Kamdar star topology network
Hazwani binti Ishak 01-200807-00311
Kuala Lumpur Metropolitan University
11 CCNS Final Project Kamdar Sdn Bhd – Virtual Private Network (VPN)
Compared to the bus topology, a star network generally requires more cable, but a failure
in any star network cable will only take down one computer's network access and not the
entire LAN
WHAT ARE THE EQUIPMENTS ARE USING CURRENTLY?
* 3COM SWITHCES AND HP PROLIANT DL120 G6 SERVER
3Com supplied a chassis with six line cards, each with 48 gigabit Ethernet ports
that use SFP transceivers for copper or fiber. The company says it has less costly gigabit
Ethernet cards with integrated copper transceivers now under development. It already
ships larger (10-slot) and smaller (two- and three-slot) versions of the same switch. In
3Com's terminology, the slot counts refer to the number available for line cards each
chassis actually has two additional slots for redundant management modules.
The HP ProLiant DL120 G6 Server is a new low cost, entry level rack-optimized
server. Low on cost, but not short on performance. The DL120 G6 supports Intel®
Xeon®, Pentium®, and Core i-3 processors with all the performance advantages of 4
cores and 2 cores. An array of Intel Xeon® processors, provide the ability to choose the
appropriate processor based on application demands and cost. The single processor, 1U
server, is ideal for single-application IT infrastructure, web and edge-of-network
applications. The DL120 G6 provides three PCI-Express slots. Additional upgrades,
including HP SAS HBAs and Smart Array Controllers, provide support for SAS hard
disk drives. The remote management offered by the integrated LO100i, provides the
DL120 G6 a low-cost, effective solution for remotely managing servers anywhere,
anytime.
Hazwani binti Ishak 01-200807-00311
Kuala Lumpur Metropolitan University
12 CCNS Final Project Kamdar Sdn Bhd – Virtual Private Network (VPN)
COST OF THE MAINTAINING THE CURRENT SYSTEM?
The total cost for the maintenance of the equipments is RM52,000.00 per year. The major
system that Kamdar spent for was the anti-spam and intrusion detection system and
intrusion prevent system.
Anti-spam: To prevent email spam, both end users and administration of e-mail
systems use various anti-spam techniques. Some of these techniques have been
embedded in products, services and software to ease the burden on users and
administrators. No one technique is a complete solution to the spam problem, and
each has trade-offs between incorrectly rejecting legitimate e-mail vs. not
rejecting all spam, and the associated costs in time and effort. Anti-spam
techniques can be broken into four broad categories: those that require actions by
individuals, those that can be automated by e-mail administrators, those that can
be automated by e-mail senders and those employed by researchers and law
enforcement officials.
WHAT TYPES OF OPERATING SYSTEM?
The operating system that this company is using is Windows Server 2003 and
Windows XP. Their feedback about the operating system was fine. Their never face any
problem with the Windows Server 2003 operating system.
WHAT ARE THE TYPES OF BANDWIDTH THAT IS BEING USED?
* INTERNET BROADBAND
STREAMYX : The technology which supports Streamyx service is DSL. It
stands for Digital Subscriber Line. DSL is the next generation of Internet access
technology. DSL is a direct connection to the Internet that is always on.
Technology has basically enhanced the copper pair to enable data communication
at rates of up to 4Mbps.
Hazwani binti Ishak 01-200807-00311
Kuala Lumpur Metropolitan University
13 CCNS Final Project Kamdar Sdn Bhd – Virtual Private Network (VPN)
VDSL: VDSL (Very high bit-rate Digital Line Subscriber) is next generation
DSL at super-accelerated rates of 52 Mbps (megabytes per second) downstream
and 12 mbps upstream. Downstream data rates refer to download speeds, or the
speed at which data travels to computer, while upstream data rates refer to upload
speeds, or the speed at which data travels from computer to the Internet. VDSL
architecture is based one of two technologies: QAM (Quadrature amplitude
modulation) or DMT (Discrete multitone modulation).
These two technologies are not compatible with each other and according
to many manufacturers, DMT is more commonly used. VDSL is able to deliver
great bandwidth over standard telephone lines because voice communications
through the telephone require only a fraction of the wire's capability. For a rough
analogy, consider a multilane freeway where only the slow lane is being utilized
for traffic traveling at very slow speeds. By opening the other lanes to faster
hybrid traffic, the entire freeway can be utilized, or in this case, the entire wire
pair. A telephone or fax can also be used simultaneous to VDSL Internet access or
other VDSL services.
Hazwani binti Ishak 01-200807-00311
Kuala Lumpur Metropolitan University
14 CCNS Final Project Kamdar Sdn Bhd – Virtual Private Network (VPN)
CHAPTER SUMMARY
According the interview and research, Kamdar networking system were totally
controlled by the HP ProLiant DL120 G6 Server system and using the star topology can
be of the advantages for the company’s management.
Hazwani binti Ishak 01-200807-00311
Kuala Lumpur Metropolitan University
15 CCNS Final Project Kamdar Sdn Bhd – Virtual Private Network (VPN)
CHAPTER 3:
NETWORK ARCHITECHTURE
Hazwani binti Ishak 01-200807-00311
Kuala Lumpur Metropolitan University
16 CCNS Final Project Kamdar Sdn Bhd – Virtual Private Network (VPN)
NETWORK ARCHITECTURE OVERVIEW
Network architecture is the design of a communications network. It is a
framework for the specification of a network's physical components and their functional
organization and configuration, its operational principles and procedures, as well as data
formats used in its operation. In computing, the network architecture is a characteristic of
a computer network. The most prominent architecture today is evident in the framework
of the Internet, which is based on the Internet Protocol Suite.
There are any numbers of specific classifications but all lie on a continuum between the
dumb network and the intelligent computer network. Other networks contain various
elements of these two classical types to make them suitable for various types of
applications. Recently the context aware network, which is a synthesis of the two, has
gained much interest with its ability to combine the best elements of both.
INTRODUCTION
Since there’s are need of expending business to global scale and logistic, the
company’s facilities needs to maintain a fast, secure and reliable communication
wherever their location is. Recently the most popular alternatives is by using leased lines
to maintain WAN (Wide Area Network) connections. Leased lines, ranging
from ISDN (integrated services digital network, 128 Kbps) to OC3 (Optical Carrier-3, 155
Mbps) fiber, provided a company with a way to expand its private network beyond its
immediate geographic area. A WAN had obvious advantages over a public network like
the Internet when it came to reliability, performance and security. But maintaining a
WAN, particularly when using leased lines, can become quite expensive and often rises
in cost as the distance between the offices increases.
Nowadays, company is considering VPN (Virtual Private Network) to
accommodate the needs of remote employees and distant offices. VPN is a private
network that uses a public network (usually the Internet) to connect remote sites or users
together. Instead of using a dedicated, such as leased line, a VPN uses "virtual"
connections routed through the Internet from the company's private network to the remote
site or employee also help distant colleagues work together, much like desktop sharing.
Hazwani binti Ishak 01-200807-00311
Kuala Lumpur Metropolitan University
17 CCNS Final Project Kamdar Sdn Bhd – Virtual Private Network (VPN)
A well-designed VPN can greatly benefit a company. For example, it can:
Extend geographic connectivity
Improve security
Reduce operational costs versus traditional WAN
Reduce transit time and transportation costs for remote users
Improve productivity
Simplify network topology
Provide global networking opportunities
Provide telecommuter support
Provide broadband networking compatibility
Provide faster ROI (return on investment) than traditional WAN
Features are needed in a well-designed VPN :
Security
Reliability
Scalability
Network management
Policy management
Remote Access VPN
There are two common types of VPN, Remote-access that also known as
virtual private dial-up network (VPDN) is a user-to-LAN connection used by a
company that has employees who need to connect to the private network from
various remote locations. Typically, a corporation that wishes to set up a large
remote-access VPN will outsource to an enterprise service provider (ESP). The
ESP sets up a network access server (NAS) and provides the remote users with
desktop client software for their computers. The telecommuters can then dial a
toll-free number to reach the NAS and use their VPN client software to access the
corporate network.
Hazwani binti Ishak 01-200807-00311
Kuala Lumpur Metropolitan University
18 CCNS Final Project Kamdar Sdn Bhd – Virtual Private Network (VPN)
A large firms wil need remote-access VPN with hundreds of sales
people in the field. Remote-access VPNs permit
secure, encrypted connections between a company's private network and
remote users through a third-party service provider.
Site-to-Site VPN
Through the use of dedicated equipment and large-scale encryption, a
company can connect multiple fixed sites over a public network such as the
Internet. Site-to-site VPNs can be one of two types:
Intranet-based - If a company has one or more remote locations that they wish to
join in a single private network, they can create an intranet VPN to connect LAN
to LAN.
Extranet-based - When a company has a close relationship with another
company (for example, a partner, supplier or customer), they can build an extranet
VPN that connects LAN to LAN, and that allows all of the various companies to
work in a shared environment.
Hazwani binti Ishak 01-200807-00311
Kuala Lumpur Metropolitan University
19 CCNS Final Project Kamdar Sdn Bhd – Virtual Private Network (VPN)
VPN SECURITY
A well-designed VPN uses several methods for keeping company’s connection
and data secure:
Firewalls
A firewall provides a strong barrier between private network and the Internet.
Firewalls can be set to restrict the number of open ports, what type of packets are
passed through and which protocols are allowed through. Some VPN products, such
as Cisco's 1700 routers, can be upgraded to include firewall capabilities by running
the appropriate Cisco IOS on them. Its important to have a good firewall in place
before implementing a VPN, but a firewall can also be used to terminate the VPN
sessions.
Encryption
Encryption is the process of taking all the data that one computer is sending to
another and encoding it into a form that only the other computer will be able to
decode. Most computer encryption systems belong in one of two categories:
o Symmetric-key encryption
o Public-key encryption
In symmetric-key encryption, each computer has a secret key (code) that it
can use to encrypt a packet of information before it is sent over the network to
another computer. Symmetric-key requires knowledge of which computers will be
talking to each other so the key can be install on each one. It is essentially the same
as a secret code that each of the two computers must know in order to decode the
information. The code provides the key to decoding the message.
Public-key encryption uses a combination of a private key and a public key.
The private key is known only to network admin computer, while the public key is
given by network admin computer to any computer that wants to communicate
securely with it. To decode an encrypted message, a computer must use the public
key, provided by the originating computer, and its own private key. A very popular
public-key encryption utility is called Pretty Good Privacy (PGP), which allows
you to encrypt almost anything.
Hazwani binti Ishak 01-200807-00311
Kuala Lumpur Metropolitan University
20 CCNS Final Project Kamdar Sdn Bhd – Virtual Private Network (VPN)
IPSec
Internet Protocol Security Protocol (IPSec) provides enhanced security
features such as better encryption algorithms and more comprehensive authentication.
IPSec has two encryption modes: tunnel and transport. Tunnel encrypts the
header and the payload of each packet while transport only encrypts the payload.
Only systems that are IPSec compliant can take advantage of this protocol. Also, all
devices must use a common key and the firewalls of each network must have very
similar security policies set up. IPSec can encrypt data between various devices, such
as:
o Router to router
o Firewall to router
o PC to router
o PC to server
AAA Server
AAA (authentication, authorization and accounting) servers are used for more
secure access in a remote-access VPN environment. When a request to establish a
session c omes in from a dial-up client, the request is proxied to the AAA server.
AAA then checks the following:
o Authentication
o Authorization
o Aaccounting
The accounting information is especially useful for tracking client use for
security auditing, billing or reporting purposes.
Hazwani binti Ishak 01-200807-00311
Kuala Lumpur Metropolitan University
21 CCNS Final Project Kamdar Sdn Bhd – Virtual Private Network (VPN)
VPN TECHNOLOGIES
Depending on the type of VPN (remote-access or site-to-site), certain components
needed to build the network are:
Desktop software client for each remote user
Dedicated hardware such as a VPN concentrator or secure PIX firewall
Dedicated VPN server for dial-up services
NAS (network access server) used by service provider for remote-user VPN
access
VPN network and policy-management center
Because there is no widely accepted standard for implementing a VPN, many
companies have developed turn-key solutions on their own.
Tunneling
Most VPNs rely on tunneling to create a private network that reaches across the
Internet. It is the process of placing an entire packet within another packet and
sending it over a network. The protocol of the outer packet is understood by the
network and both points, called tunnel interfaces, where the packet enters and
exits the network. Tunneling requires three different protocols:
o Carrier protocol - The protocol used by the network that the information
is traveling over
o Encapsulating protocol - The protocol (GRE, IPSec, L2F, PPTP, L2TP)
that is wrapped around the original data
o Passenger protocol - The original data (IPX, NetBeui, IP) being carried
Tunneling has amazing implications for VPNs. For example, network admin can
place a packet that uses a protocol not supported on the Internet (such as NetBeui)
inside an IP packet and send it safely over the Internet or put a packet that uses a
private (non-routable) IP address inside a packet that uses aglobally unique IP
address to extend a private network over the Internet.
Hazwani binti Ishak 01-200807-00311
Kuala Lumpur Metropolitan University
22 CCNS Final Project Kamdar Sdn Bhd – Virtual Private Network (VPN)
Tunneling: Site-to-Site
In a site-to-site VPN, GRE (generic routing encapsulation) is normally the
encapsulating protocol that provides the framework for how to package the
passenger protocol for transport over the carrier protocol, which is typically IP-
based. This includes information on what type of packet that encapsulating and
information about the connection between the client and server. Instead of GRE,
IPSec in tunnel mode is sometimes used as the encapsulating protocol. IPSec
works well on both remote-access and site-to-site VPNs. IPSec must be supported
at both tunnel interfaces to use.
Tunneling: Remote-Access
In a remote-access VPN, tunneling normally takes place using PPP. Part of the
TCP/IP stack, PPP is the carrier for other IP protocols when communicating over
the network between the host computer and a remote system. Remote-access VPN
tunneling relies on PPP. Each of the protocols listed below were built using the
basic structure of PPP and are used by remote-access VPNs.
o L2F (Layer 2 Forwarding) - Developed by Cisco, L2F will use any
authentication scheme supported by PPP.
o PPTP (Point-to-Point Tunneling Protocol) - PPTP was created by the
PPTP Forum, a consortium which includes US Robotics, Microsoft,
3COM, Ascend and ECI Telematics. PPTP supports 40-bit and 128-bit
encryption and will use any authentication scheme supported by PPP.
o L2TP (Layer 2 Tunneling Protocol) - L2TP is the product of a partnership
between the members of the PPTP Forum, Cisco and the IETF (Internet
Engineering Task Force). Combining features of both PPTP and L2F,
L2TP also fully supports IPSec.
L2TP can be used as a tunneling protocol for site-to-site VPNs as well as remote-
access VPNs. In fact, L2TP can create a tunnel between:
o Client and router
o NAS and router
Hazwani binti Ishak 01-200807-00311
Kuala Lumpur Metropolitan University
23 CCNS Final Project Kamdar Sdn Bhd – Virtual Private Network (VPN)
o Router and router
VPN Components
VPN Concentrator
Incorporating the most advanced encryption and authentication techniques
available, Cisco VPN concentrators are built specifically for creating a remote-
access VPN. Its provide high availability, high performance and scalability and
include components, called scalable encryption processing (SEP) modules, that
enable users to easily increase capacity and throughput. The concentrators are
offered in models suitable for everything from small businesses with up to 100
remote-access users to large organizations with up to 10,000 simultaneous remote
users.
Figure 2: Cisco VPN 3000 Concentrator
Hazwani binti Ishak 01-200807-00311
Kuala Lumpur Metropolitan University
24 CCNS Final Project Kamdar Sdn Bhd – Virtual Private Network (VPN)
VPN-Optimized Router
Cisco's VPN-optimized routers provide scalability, routing, security and
QoS (quality of se rvice). Based on the Cisco IOS (Internet Operating System)
software, there is a router suitable for every situation, from small-office/home-
office (SOHO) access through central-site VPN aggregation, to large-scale
enterprise needs.
Figure 3: Cisco 1750 Modular Access Router
Cisco Secure PIX Firewall
An amazing piece of technology, the PIX (private Internet exchange)
firewall combines dynamic network address translation, proxy server, packet
filtration, firewall and VPN capabilities in a single piece of hardware.
Figure 4: The Cisco PIX Firewall
Instead of using Cisco IOS, this device has a highly streamlined OS that
trades the ability to handle a variety of protocols for extreme robustness and
performance by focusing on IP.
Hazwani binti Ishak 01-200807-00311
Kuala Lumpur Metropolitan University
25 CCNS Final Project Kamdar Sdn Bhd – Virtual Private Network (VPN)
VPN ADVANTAGES AND DISADVANTAGES
Advantages of VPN
LOW COST
One way a VPN lowers costs is by eliminating the need for expensive
long-distance leased lines. With VPNs, an organization needs only a relatively
short dedicated connection to the service provider. This connection could be a
local leased line or it could be a local broadband connection such as DSL
service.
A third, more subtle way that VPNs may lower costs is through
offloading of the support burden. With VPNs, the service provider rather than
the organization must support dial-up access for example. Service providers
can in theory charge much less for their support than it costs a company
internally because the public provider's cost is shared amongst potentially
thousands of customers.
SCALABILITY
The cost to an organization of traditional leased lines may be
reasonable at first but can increase exponentially as the organization grows. A
company with two branch offices, for example, can deploy just one dedicated
line to connect the two locations. If a third branch office needs to come online,
just two additional lines will be required to directly connect that location to
the other two.
However, as an organization grows and more companies must be
added to the network, the number of leased lines required increases
dramatically. Four branch offices require six lines for full connectivity, five
offices require ten lines, and so on.
Mathematicians call this phenomenon a combinatorial explosion, and
in a traditional WAN this explosion limits the flexibility for growth. VPNs
Hazwani binti Ishak 01-200807-00311
Kuala Lumpur Metropolitan University
26 CCNS Final Project Kamdar Sdn Bhd – Virtual Private Network (VPN)
that utilize the Internet avoid this problem by simply tapping into the
geographically-distributed access already available.
Disadvantages of VPN
VPNs require an in-depth understanding of public network security issues
and proper deployment of precautions.
The availability and performance of an organization's wide-area VPN
(over the Internet in particular) depends on factors largely outside of their
control.
VPN technologies from different vendors may not work well together due
to immature standards.
Hazwani binti Ishak 01-200807-00311
Kuala Lumpur Metropolitan University
27 CCNS Final Project Kamdar Sdn Bhd – Virtual Private Network (VPN)
CHAPTER SUMMARY
In chapter 3, the discussion tells about the technology that Kamdar is currently
having. Based on the interview session Kamdar says that they would like to try a new
implementation of VPN. And as a try out, a Site-to-site Internal VPN will be a great to
measure how it will be use by company and the effects of this technology to company
environment and profits.
Hereby, Kamdar will be using a few VPN devices such as Concentrator, Firewall
and most importantly VPN Router after considering the advantages and disadvantages of
the technology.
Hazwani binti Ishak 01-200807-00311
Kuala Lumpur Metropolitan University
28 CCNS Final Project Kamdar Sdn Bhd – Virtual Private Network (VPN)
CHAPTER 4:
NETWORK COSTING
Hazwani binti Ishak 01-200807-00311
Kuala Lumpur Metropolitan University
29 CCNS Final Project Kamdar Sdn Bhd – Virtual Private Network (VPN)
VPN CONCENTRATOR
Cisco VPN 3000 Series Concentrators can provide KAMDAR with unprecedented
cost savings through flexible, reliable, and high-performance remote-access solutions.
The Cisco VPN 3000 Series offers solutions for the most diverse remote-access
deployments by offering both IP Security (IPsec) and Secure Sockets Layer (SSL) VPN
connectivity on a single platform.
New features in Cisco VPN 3000 Series Concentrator Software v4.7 deliver
extensive application access, industry-leading endpoint security, data integrity protection,
infrastructure access, and network compliance validation controls. Benefits of the Cisco
VPN 3000 Series include:
Advanced endpoint security: Cisco Secure Desktop offers preconnection
security posture assessment and seeks to minimize the data left behind after an
SSL VPN session terminates.
Broad application support for SSL VPN: The Cisco VPN 3000 Series
Concentrator platform offers extensive application support through its
dynamically downloaded SSL VPN client for WebVPN, enabling network-layer
connectivity to virtually any application.
Posture assessment, policy enforcement, and remediation: IPsec-enabled
network admission control (NAC) uses the network infrastructure to enforce
security policy compliance on all devices seeking to access network computing
resources.
Ease of deployment with zero-touch remote endpoint
management: Integrated Web-based management on Cisco VPN 3000 Series
Concentrators provides a simple, easy-to-manage interface to configure and
monitor all remote-access users.
Cisco VPN Client software is provided with all the Cisco VPN 3000 Series
models and includes unlimited distribution licensing. Cisco WebVPN, also provided with
no additional licensing fees, enables full network access to virtually any application.
Hazwani binti Ishak 01-200807-00311
Kuala Lumpur Metropolitan University
30 CCNS Final Project Kamdar Sdn Bhd – Virtual Private Network (VPN)
Cisco VPN 3000 Series Concentrators are available in both nonredundant and
redundant configurations, allowing users to build the most robust, reliable, and cost-
effective networks possible.
Technical Specification
Hardware
Processor Motorola PowerPC processor
Memory • Redundant system images (Flash)• Variable memory options (Figure 6)
Encryption • Cisco VPN 3005, 3015: Software• Cisco VPN 3020, 3030, 3060, and 3080: Hardware
Embedded LAN Interfaces
• Cisco VPN 3005: Two autosensing, full-duplex 10/100BASE-TX Fast Ethernet (public/untrusted, private/trusted)
• Cisco VPN 3015, 3020, 3030, 3060, and 3080: Three autosensing, full-duplex 10/100BASE-TX Fast Ethernet (public/untrusted, private/trusted, and DMZ)
Instrumentation • Cisco VPN 3005: Unit status indicator (front panel); status LEDs for Ethernet ports (rear panel)
• Cisco VPN 3015, 3020, 3030, 3060, and 3080: Status LEDs for system, expansion modules, power supplies, Ethernet modules, and fan (front panel); status LEDs for Ethernet modules, expansion modules, and power supplies (rear panel)
• Cisco VPN 3015, 3020, 3030, 3060, and 3080: Activity monitor displays the number of sessions, aggregate throughput, or CPU utilization, and is push-button selectable
Software
Client Software Compatibility
• Cisco SSL VPN Client for network-layer connectivity using an SSL-capable Web browser on remote system
• Cisco IPsec VPN Client for Windows 98, ME, NT
Hazwani binti Ishak 01-200807-00311
Kuala Lumpur Metropolitan University
31 CCNS Final Project Kamdar Sdn Bhd – Virtual Private Network (VPN)
4.0, 2000, and XP; Linux (Intel); Solaris (UltraSparc 32- and 64-bit); and Mac OS X 10.2, 10.3, and 10.4, including centralized split-tunneling control and data compression
• Microsoft PPTP, Microsoft Point-to-Point Encryption (MPPE), and Microsoft Point-to-Point Compression (MPPC); Microsoft Challenge Handshake Authentication Protocol (MSCHAP) v1 and v2; and Extensible Authentication Protocol (EAP) and RADIUS passthrough for EAP-Transport Layer Security (EAP-TLS) and EAP-Generic Token Card (EAP-GTC) support
• Microsoft L2TP and IPsec for Windows 2000 and XP, including Windows XP Dynamic Host Control Protocol (DHCP) option for route population
• Microsoft L2TP and IPsec for Windows 98, ME, and NT Workstation 4.0
Tunneling Protocols • Cisco SSL VPN (HTTPS/SSL-based)• IPsec, PPTP, L2TP, L2TP/IPsec, NAT Transparent IPsec, Ratified IPsec/UDP (with autodetection and fragmentation avoidance), IPsec/TCP
• Support for Cisco EasyVPN (client and network extension mode)
Encryption/Authentication
• IPsec Encapsulating Security Payload (ESP) using DES/3DES (56/168-bit) or AES (128/192/256-bit) with Message Digest Algorithm 5 (MD5) or Secure Hashing Algorithm (SHA); or MPPE using 40/128-bit RC4
Key Management • Internet Key Exchange (IKE)• Diffie-Hellman (DH) groups 1, 2, 5, and 7 (ECDH)
• RSA certificates (SSL and IPsec)
Routing • Routing Initiation Protocol (RIP), RIPv2, Open Shortest Path First (OSPF), Reverse Route Injection (RRI), static routing, automatic endpoint discovery, NAT, and Classless Interdomain Routing (CIDR)
• IPsec fragmentation policy control, including support for Path Maximum Transmission Unit (MTU) Discovery (PMTUD)
• Interface MTU control
Hazwani binti Ishak 01-200807-00311
Kuala Lumpur Metropolitan University
32 CCNS Final Project Kamdar Sdn Bhd – Virtual Private Network (VPN)
Third-Party Compatibility
iPass Ready, Funk Steel-Belted RADIUS, Microsoft Internet Explorer, Netscape Communicator, Entrust, Baltimore, and SA Keon
High Availability • Virtual Router Redundancy Protocol (VRRP) for multichassis redundancy and multichassis failover
• Remote-access load-balancing clusters supporting both SSL and IPsec connections
• Destination pooling for client-based failover, re-establishment, and connection re-establishment
• Redundant SEP modules (optional), power supplies, and fans (Cisco VPN 3015, 3020, 3030, 3060, and 3080 models)
Management
Configuration • Embedded management interface is accessible through console port, Telnet, SSHv1, and HTTPS
• Administrator access is configurable for five levels of authorization; authentication can be performed externally through TACACS+
• Role-based management policy separates functions for service provider and end-user management
• Monitoring• Event logging and notification through e-mail (SMTP)
• Automatic FTP backup of event logs• Simple Network Management Protocol (SNMP) MIB-II support
• Configurable SNMP traps• Syslog output• System status• Session data (including client assign IP, encryption type connection duration, client OS, and client version)
• General statistics
Security
Authentication and Accounting Servers
• Support for redundant external authentication servers, including:- RADIUS- Kerberos/Active Directory authentication
Hazwani binti Ishak 01-200807-00311
Kuala Lumpur Metropolitan University
33 CCNS Final Project Kamdar Sdn Bhd – Virtual Private Network (VPN)
- Microsoft NT Domain authentication- Microsoft NT Domain authentication with password expiration (MSCHAPv2); IPsec only
RSA Security Dynamics (SecurID Ready), Including Native Support for RSA 5 (Load Balancing, Resiliency)
• User authorization through Lightweight Directory Access Protocol (LDAP) or RADIUS
• Internal authentication server for up to 100 users• X.509v3 digital certificates, including certificate revocation list (CRL)/LDAP and CRL/HTTP, CRL caching, and backup CRL distribution point support
• RADIUS accounting• TACACS+ administrative user authentication
Internet-Based Packet Filtering
• Source and destination IP address• Port and protocol type• Fragment protection• FTP session filtering• Site-to-site filters and NAT (for overlapping address space)
Policy Management • By individual user or group- Filter profiles (defined internally or externally)- Idle and maximum session timeouts- Time and day access control- Tunneling protocol and security authorization profiles- IP pool and servers- Authentication pool and servers
Certification Federal Information Processing Standards (FIPS) 140-2 Level 2 (3.6), FIPS 140-1 Level 2 (3.1), and VPNC
Model and Price
CISCO CVPN 3005-E/FE VPN 3000 Concentrator 64Mb v4.7
Key Features
Type: Concentrator
Data Transfer Rate: 100 Mbps
Connectivity: Cable
Platform: PC
Hazwani binti Ishak 01-200807-00311
Kuala Lumpur Metropolitan University
34 CCNS Final Project Kamdar Sdn Bhd – Virtual Private Network (VPN)
Price: RM 291.60
Figure 5: CISCO CVPN 3005-E/FE VPN 3000 Concentrator 64Mb v4.7
VPN OPTIMIZED ROUTER
VPN Router that suggested to Kamdar will be Cisco 1750 Access Router. The
Cisco 1750 access router delivers these capabilities with the power of Cisco
IOS® software in a modular integrated access solution. The Cisco 1750 provides a cost-
effective solution to support applications, including:
Secure Internet, intranet, and extranet access with optional firewall
Multiservice voice/fax/data integration
VPN access
Broadband DSL and cable connectivity
The Cisco 1750 features a modular architecture that enables users to cost-
effectively upgrade or add WAN and voice interfaces to accommodate changing
requirements and growth. Integrated network services and functions, including an
optional firewall, CSU/DSU, and VPN features, reduce the complexity of deploying and
managing branch office solutions. Most important, the Cisco 1750 offers investment
protection with a RISC architecture and features to support new technologies and
applications, including voice/fax/data integration and VPNs, when users are ready to
deploy them.
The Cisco 1750 is available in three models that enable users to easily tailor an
access solution to suit their branch office requirements today and in the future:
Cisco 1750—The most basic model available, this unit provides everything a small
branch office needs for data networking now, with a simple upgrade path to support
Hazwani binti Ishak 01-200807-00311
Kuala Lumpur Metropolitan University
35 CCNS Final Project Kamdar Sdn Bhd – Virtual Private Network (VPN)
integrated voice/fax/data applications when needed. A convenient voice upgrade kit is
available to provide voice/fax/data support as needed.
Cisco 1750-2V Multiservice model—This model includes all the features,
memory, and DSP needed for immediate support of integrated voice/fax/data
applications with up to two analog voice ports. Voice and WAN interface cards
are available separately.
Cisco 1750-4V Multiservice model—This model includes all the features,
memory, and DSPs needed to support integrated multiservice voice/fax/data
applications immediately with up to four analog voice ports. Voice and WAN
interface cards are available separately.
Since all Cisco 1750 models offer three modular slots for voice and data interface
cards, an autosensing 10/100BaseT Ethernet LAN port, a console port, and an auxiliary
port. The Cisco 1750 supports the same WAN interface cards as the Cisco 1600, 1720,
2600, and 3600 routers, and the same analog voice interface cards and voice-over-IP
technology as the Cisco 2600 and 3600 routers, simplifying spanning support
requirements. The WAN interface cards support a wide range of services, including
synchronous and asynchronous serial, Integrated Services Digital Network Basic Rate
Interface (ISDN BRI), and serial with DSU/CSU options for primary and backup WAN
connectivity. The voice interface cards include support for Foreign Exchange Office
(FXO), Foreign Exchange Station (FXS), and Ear & Mouth (E&M). Combined, these
interfaces support a comprehensive set of applications, including multiservice
voice/fax/data integration, Frame Relay, ISDN BRI, SMDS, X.25, broadband DSL and
cable services, VPNs, and more.
Advantages
The Cisco 1700 series supports the value of end-to-end Cisco network
solutions with the following benefits:
Hazwani binti Ishak 01-200807-00311
Kuala Lumpur Metropolitan University
36 CCNS Final Project Kamdar Sdn Bhd – Virtual Private Network (VPN)
Flexibility—The modular Cisco 1750 adapts easily to fit the needs of
businesses. Interchangeable WAN interface cards enable easy additions or
changes in WAN technologies without requiring a forklift upgrade of the
entire platform. Modular data and voice slots enable users to tailor data and
voice services as needed. With the ability to use the same field-upgradable
WAN and voice interface cards across multiple Cisco access router platforms,
the Cisco 1750 reduces requirements for spare parts inventory and support
training. In addition, the autosensing 10/100BaseT Fast Ethernet port enables
easy migration to high-speed local networks.
Multiservice Access—For businesses that have data networking needs today
and want to integrate multiservice data/voice/video/fax capabilities now or in
the future, the Cisco 1750 offers a flexible, cost-effective answer. The Cisco
1750 enables network managers to save on long-distance interoffice
billing costs and interoperates with next-generation voice-enabled applications
such as integrated messaging and Web-based call centers. The Cisco 1750
works with the existing telephone infrastructure—phones, fax machines, key
telephone systems (KTS) units, and PBX—minimizing capital costs.
Lower Cost of Ownership—The Cisco 1750 router provides a complete
solution for integrated voice and data access in a single product, eliminating
the need to install and maintain a large number of separate devices. You can
combine optional functions, including a voice gateway, dynamic firewall,
VPN tunnel server, DSU/CSU, ISDN network termination-1 (NT1) device,
and more to reduce deployment and management costs. This solution can be
managed remotely using network management applications such as
CiscoWorks and CiscoView or any SNMP-based management tool.
Investment Protection—The Cisco 1750 RISC architecture, Cisco IOS
software, and modular slots provide solid investment protection to companies
that want a platform that offers data connectivity today and an easy migration
path to implement services such as multiservice data/voice/video integration,
VPNs, and broadband DSL and cable communications in the near future. A
Hazwani binti Ishak 01-200807-00311
Kuala Lumpur Metropolitan University
37 CCNS Final Project Kamdar Sdn Bhd – Virtual Private Network (VPN)
slot on the 1700 series motherboard offers the ability to support future
hardware-assisted data encryption at T1/E1 speeds.
Hazwani binti Ishak 01-200807-00311
Kuala Lumpur Metropolitan University
38 CCNS Final Project Kamdar Sdn Bhd – Virtual Private Network (VPN)
Security
Cisco IOS software supports an extensive set of basic and advanced
network security features, including access control lists (ACLs), user
authentication, authorization, and accounting (such as PAP/CHAP, TACACS+, and
RADIUS), and data encryption. To increase security, the integrated Cisco IOS
Firewall Feature Set protects internal LANs from attacks with context-based access
control (CBAC), while IPSec tunneling with data encryption standard (DES) and
triple DES encryption provide standards-based data privacy, integrity, and
authenticity as data travels through a public network.
For remote access VPNs, Layer 2 Forwarding (L2F) and Layer 2 Tunneling
Protocol (L2TP) combine with IPSec encryption to provide a secure multiprotocol
solution (for IP, IPX, and AppleTalk traffic, and more). Mobile users can dial in to
a service provider's local point of presence (POP) and data is "tunneled" (or
encapsulated inside a second protocol such as IPSec or L2TP) back to the Cisco
1750 router to securely access the corporate network via the Internet.
Hazwani binti Ishak 01-200807-00311
Kuala Lumpur Metropolitan University
39 CCNS Final Project Kamdar Sdn Bhd – Virtual Private Network (VPN)
4.1.1 Specification
4.1.2 Model and Price
CISCO 1750-RF Router
Price: RM 179.80
Figure 6: CISCO 1750-RF Router
Hazwani binti Ishak 01-200807-00311
Kuala Lumpur Metropolitan University
40 CCNS Final Project Kamdar Sdn Bhd – Virtual Private Network (VPN)
PIX FIREWALL
Cisco PIX Security Appliance customers are encouraged to migrate to Cisco ASA
5500 Series Adaptive Security Appliances. Built on the same software foundation as
Cisco PIX Security Appliances, the Cisco ASA 5500 Series offers more robust firewall
and IPsec VPN capabilities, as well as many additional benefits, including:
Significantly better performance and scalability
Secure Sockets Layer (SSL) VPN support (including clientless, portal-based
remote access)
Advanced Unified Communications (voice/video) security
A modular design that allows you to add features such as intrusion prevention
(IPS), anti-virus, anti-spam, anti-phishing, and URL filtering.
Migration to the Cisco ASA 5500 Series is straightforward. Customers can take
advantage of their knowledge and investment in Cisco PIX Security Appliances, because
there are essentially no changes in user interface, operations, or training.
Get additional information about the Cisco PIX Security Appliances end-of-sale
announcement.
Deploy Comprehensive Network Security
Cisco adaptive security appliances integrate industry-leading
firewalls, unified communications security , VPN technology,intrusion prevention,
and content security in a unified platform to:
Stop attacks before they penetrate the network perimeter
Protect resources and data, as well as voice, video, and multimedia traffic
Control network and application activity
Reduce deployment and operational costs
Cisco ASA 5500 Series Adaptive Security Appliances also provide:
Adaptable architecture for rapid and customized security services
deployment
Hazwani binti Ishak 01-200807-00311
Kuala Lumpur Metropolitan University
41 CCNS Final Project Kamdar Sdn Bhd – Virtual Private Network (VPN)
Advanced intrusion prevention services that defend against a broad range
of threats
Highly secure remote access and unified communications to enhance
mobility, collaboration, and productivity
4.1.3 Technical Specification
VPN Client Compatibility
Cisco PIX Firewalls support a wide variety of software- and hardware-
based VPN clients, which include the following:
Software IPSec VPN clients Cisco Secure VPN Client, Version 1.1
Cisco VPN 3000 Concentrator Client,
Version 2.5 and later
Cisco VPN Client for Windows, Version
3.0 and later
Cisco VPN Client for Linux, Version 3.5
and later
Cisco VPN Client for Solaris, Version
3.5 and later
Cisco VPN Client for Mac OS X,
Version 3.5 and later
Hardware IPSec VPN
clients
Cisco VPN 3002 Hardware Client,
Version 3.0 and higher
Cisco IOS Software Easy VPN Remote,
Release 12.2(8)YJ
Cisco PIX Firewall, Version 6.2 and
higher
Hazwani binti Ishak 01-200807-00311
Kuala Lumpur Metropolitan University
42 CCNS Final Project Kamdar Sdn Bhd – Virtual Private Network (VPN)
Layer 2 Tunneling Protocol (L2TP)/IPSecVPN clients
Microsoft Windows 2000
Point-to-Point Tunneling Protocol (PPTP)VPN clients
Microsoft Windows 95Microsoft Windows 98Microsoft Windows NT 4.0
Microsoft Windows 2000
Easy VPN Server Compatibility
Cisco PIX Firewalls can now act as hardware-based VPN clients, taking
advantage of the new Cisco Easy VPN Remote capabilities in Cisco PIX Firewall
Software. The following Cisco Easy VPN Server platforms are supported for this
deployment scenario:
Cisco Site-to-Site VPN Compatibility
In addition to providing interoperability for many third-party VPN products,
Cisco PIX Firewalls interoperate with the following Cisco VPN products for site-
to-site VPN connectivity:
Hazwani binti Ishak 01-200807-00311
Kuala Lumpur Metropolitan University
43 CCNS Final Project Kamdar Sdn Bhd – Virtual Private Network (VPN)
4.1.4 System Requirements
Model and Price
CISCO PIX 506E (PIX-506E) Firewall
Key Features
Connectivity: Wired
Firewall Features: Stateful Packet Inspection (SPI) DoS Prevention
Intrusion Prevention Content Filtering URL Filtering
NAT Support: Static Dynamic Policy based PAT
Price: RM 647.80
Figure 7: PIX-506E Firewall
Hazwani binti Ishak 01-200807-00311
Kuala Lumpur Metropolitan University
44 CCNS Final Project Kamdar Sdn Bhd – Virtual Private Network (VPN)
NETWORK COSTING
To sum all up of the three additional VPN devices into Kamdar network system:
Device Cost Available at
CISCO CVPN 3005-
E/FE VPN 3000
Concentrator 64Mb
v4.7
RM 291.60 http://cgi.ebay.com.my/ws/eBayISAPI.dll?
ViewItem&item=390152358154
CISCO 1750-RF
Router
RM 179.80 http://www.shopping.com/xPO-Cisco-1750-
CISCO1750-RF
CISCO PIX 506E
(PIX-506E) Firewall
RM 647.80 http://www3.shopping.com/xPO-Cisco-PIX-
Firewall-506E-PIX-506E
TOTAL: RM 1119.20
So the total cost of developing new VPN connection for Kamdar will be RM 1119.20.
Hazwani binti Ishak 01-200807-00311
Kuala Lumpur Metropolitan University
45 CCNS Final Project Kamdar Sdn Bhd – Virtual Private Network (VPN)
CHAPTER SUMMARY
Chapter 4 discussed about the proposed devices that important to realize VPN
networking for Kamdar.
As the usage of Cisco VPN 3005-E/FE concentrator proposed because it offers
best-in-class remote-access VPN devices that provide businesses with unprecedented cost
savings through flexible, reliable, and high-performance remote-access solutions. The
Cisco VPN 3015 offers solutions for the most diverse remote-access deployments by
offering both IP Security (IPSec) and Secure Sockets Layer (SSL)-based VPN
connectivity on a single platform.
The Cisco 1750 modular access router is the single solution for giving
small/medium-sized businesses and enterprise small branch offices robust WAN data
connections today. Most important, the Cisco 1750 offers investment protection with a
RISC architecture and features to support new technologies and applications, including
data/voice/fax integration, and VPNs, when Kamdar are ready to deploy them. The Cisco
1750 delivers routing capabilities with the power of Cisco IOS software in a modular
integrated access solution. The Cisco 1750 provides a cost-effective solution to support
applications, including: secure Internet, intranet, and extranet access with optional
firewall; multiservice data/voice/fax integration; VPN access; broadband access. The
Cisco 1750 features a modular architecture that enables users to cost-effectively upgrade
or add WAN and voice interfaces to accommodate changing requirements and growth.
While to secure this VPN connection, the Cisco PIX 506E Firewall are proposed.
It is an enhanced version of the widely popular Cisco PIX 506 Firewall, delivers
enterprise-class security for remote office/branch office environments in a robust, reliable
appliance. Ideal for securing Internet connections for remote/branch offices, the Cisco
PIX 506E Firewall, provides a wide range of rich security capabilities and powerful
remote management capabilities in a cost-effective, high-performance solution. The PIX
506E also delivers improved 3DES VPN performance, with up to 70% more performance
than the PIX 506, when using certain applications. Kamdar can take advantage of their
knowledge and investment in Cisco PIX Security Appliances, because there are
essentially no changes in user interface, operations, or training.
Hazwani binti Ishak 01-200807-00311
Kuala Lumpur Metropolitan University
46 CCNS Final Project Kamdar Sdn Bhd – Virtual Private Network (VPN)
CHAPTER 5:
TESTING AND IMPLEMENTATION
Hazwani binti Ishak 01-200807-00311
Kuala Lumpur Metropolitan University
47 CCNS Final Project Kamdar Sdn Bhd – Virtual Private Network (VPN)
EXISTING NETWORK
Figure 8: Existing Kamdar Network
Figure 8 above shows the existing implementation of the Kamdar which is
with switch, HP ProLiant DL120 G6, VDSL, PANEAGLE, and Internet. The
switch with 5 Mbps is the main connection to the current server while the switch
with 1 Mbps is just the backup for the switch of 5 Mbps. Now the focus is the
Fortigate-310B. As proposed to the network, VPN connection will be added to
this network system.
Hazwani binti Ishak 01-200807-00311
Kuala Lumpur Metropolitan University
48 CCNS Final Project Kamdar Sdn Bhd – Virtual Private Network (VPN)
IMPLEMENTATION OF THE NETWORK
To implement the new network by using the proposed design, several new devices
are needed.
Figure 9: Proposed new network for Kamdar
CISCO CVPN 3005-E/FE Concentrator
Before You Begin
Save the current VPN 3005 configuration file and copy it to a remote system
before you proceed. See the Administration | File Management | TFTP Transfer
screen in the VPN Concentrator Manager.
Hazwani binti Ishak 01-200807-00311
Kuala Lumpur Metropolitan University
49 CCNS Final Project Kamdar Sdn Bhd – Virtual Private Network (VPN)
Caution!
The VPN Concentrator and the battery contain electronic components that are
sensitive to electrostatic discharge (ESD). Improper handling could damage
components. Leave the battery in its protective ESD-shielded envelope until
instructed to remove it, and handle it only as instructed. If you have reservations
about installing the battery, ask for assistance from a qualified technician.
Parts Cisco Supplies
The battery upgrade kit includes these parts:
New battery—M4T28 part number prefix.
Disposable wrist strap ESD protection kit.
Documentation.
Tools You Need
No. 2 Phillips screwdriver.
Shutting Down and Powering Off
Shut down and power off the VPN 3005 Concentrator or VPN 3002 Hardware
Client before you install the module.
Step 1 Using the VPN Concentrator Manager, shut down the VPN 3005/3002
(see the Administration | System Reboot screen).
Step 2 Turn power off: press O on the power switch on the rear of the chassis.
Step 3 Disconnect power cord from the system and the power outlet.
Step 4 Disconnect all network cables and the console cable.
Hazwani binti Ishak 01-200807-00311
Kuala Lumpur Metropolitan University
50 CCNS Final Project Kamdar Sdn Bhd – Virtual Private Network (VPN)
Warning!
Hazardous voltages and the risk of electrical shock may be present inside the
VPN Concentrator chassis. Always disconnect the power cord before
removing the chassis cover. Never operate the VPN Concentrator with the
cover removed.
CISCO 1750-RF Router
To configure a Cisco 1700 using the Ethernet WAN Interface Card (WIC-
1ENET) to act as a Point-to-Point Protocol over Ethernet (PPPoE) client with
Network Address Translation (NAT).
Components Used
The information in this document is based on these software and hardware
versions:
Cisco IOS® Software Release 12.1(3) XT1 or later to support the Cisco
1700 WIC-1ENET.
For this sample configuration, the Cisco 6400 Universal Access
Concentrator-Node Route Processor (UAC-NRP) was running Cisco IOS
Software Release 12.1(3)DC1.
To support PPPoE, you must have the ADSL+PLUS feature set. The ADSL-only
feature set does not support PPPoE on the Cisco 1700.
The information in this document was created from the devices in a specific lab
environment. All of the devices used in this document started with a cleared
(default) configuration. If your network is live, make sure that you understand the
potential impact of any command.
Hazwani binti Ishak 01-200807-00311
Kuala Lumpur Metropolitan University
51 CCNS Final Project Kamdar Sdn Bhd – Virtual Private Network (VPN)
Background Theory
The WIC-1ENET is a 10BASE-T card developed for the Cisco 1700 series
routers. The WIC-1ENET provides a second Ethernet interface for the Cisco
1700, which helps to use the rich functionality of Cisco IOS Software with any
Digital Subscriber Line (DSL) or Cable modem.
The PPPoE client feature allows the PPPoE functionality to be moved to the
router. Multiple PCs can be installed behind the Cisco 1700 Fast Ethernet
interface and, before their traffic is sent to the PPPoE session, it can be encrypted,
filtered, and so on, and NAT can run. Running PPPoE on the router removes the
need of using PPPoE client software on the PCs.
Processor Requirements
Revision B5 of the MPC 860 Microprocessor is required. This processor is used
in all Cisco 1700 series routers shipped after November 21, 1999. Cisco 1700
serial numbers starting with JAB0347XXXX have been manufactured with the
Model MPC860 revision B5 microprocessor.
The date code is built into the serial number. The format is LLLYYWWSSSS,
where:
LLL is the location at which the unit was built.
YY is the year that the unit was built (1997=01, 1998=02, 1999=03,
2000=04).
WW is the work week of the year that the unit was built.
SSSS is the serial number.
The processor version information is displayed at bootup. You can also verify the
processor revision by issuing the show version command at the Router# prompt.
Memory Requirements
To run Cisco 1700 IOS images that support the Cisco WIC-1ENET, the router
must have a minimum amount of Flash memory and DRAM.
Hazwani binti Ishak 01-200807-00311
Kuala Lumpur Metropolitan University
52 CCNS Final Project Kamdar Sdn Bhd – Virtual Private Network (VPN)
WIC-1ENET Restrictions and Unsupported Features
WIC-1ENET is not supported in platforms other than the Cisco 1700.
Only a twisted pair RJ-45 connection is supported; there is no attachment
unit interface (AUI) or BNC interface support.
There is no Auto Negotiation (Auto Sensing) between half-duplex and
full-duplex modes.
WIC-1ENET cannot be used for TFTP file downloading while the host is
in ROMMON.
WIC-1ENET is not recognized by the Cisco 1700 when it is in ROMMON
mode.
Current Cisco IOS Software supports the WIC-1ENET only in Slot 0 of a
Cisco 1700.
Configure
In this section, you are presented with the information to configure the features
described in this document.
The PPPoE client is configured on the Cisco 1700 with the virtual private dial-up
network (VPDN) commands. (VPDN commands are not needed for Cisco IOS
Software Release 12.2(13)T or later.) Make sure that you configure these
commands first.
CISCO PIX 506E Firewall
The following sections in the Installation Guide for Cisco Secure PIX
Firewall Version 5.2 are supported on a certified PIX Firewall and should be
followed when installing the certified PIX Firewall:
Introduction, including safety recommendations, maintaining safety with
electricity, and general site requirements in Chapter 1, "Introduction"
Installation Overview and Installing a PIX 515, PIX 520, and PIX 525
models and Hardware and Software requirements for version 5.2 in
Chapter 2, "Installing a PIX Firewall"
Installing the PIX Firewall Syslog Server (PFSS) in Chapter 4, "Installing
the PIX Firewall Syslog Server (PFSS)"
Hazwani binti Ishak 01-200807-00311
Kuala Lumpur Metropolitan University
53 CCNS Final Project Kamdar Sdn Bhd – Virtual Private Network (VPN)
Opening a PIX Firewall Chassis for PIX 515, PIX 520, and PIX 525
models in Chapter 5, "Opening a PIX Firewall Chassis"
Installing a Memory Upgrade for PIX 515, PIX 520, and PIX 525 models
in Chapter 6, "Installing a Memory Upgrade"
Installing a Circuit Board for PIX 515, PIX 520, and PIX 525 models in
Chapter 7, "Installing a Circuit Board"
Installing a DC Voltage PIX 515 and PIX 520 in Chapter 8, "Installing a
DC Voltage PIX 515 or PIX 520"
The following sections in the Installation Guide for Cisco Secure PIX
Firewall Version 5.2 are not supported on the certified configuration of the PIX
Firewall. The features covered by these sections are outside the scope of the
evaluated PIX Firewall and should not be installed:
Installing Failover in Chapter 3, "Installing Failover"
Installing a Private Link VPN board in Chapter 7, "Installing a Circuit
Board"
Installing the PIX Firewall Setup Wizard in Chapter 9, "Installing the PIX
Firewall Setup Wizard"
Hazwani binti Ishak 01-200807-00311
Kuala Lumpur Metropolitan University
54 CCNS Final Project Kamdar Sdn Bhd – Virtual Private Network (VPN)
CHAPTER SUMMARY
As summary of the chapter, the implementation of VPN connection to company is
not costly and can bring many benefits to company. The additional VPN will not
interrupt the existing Kamdar network system but it will improve the company’s network
efficiency.
After company decided to implement an appliance-based dedicated VPN solution
with a low-end VPN concentrator, a Cisco 3005 VPN concentrator. The Cisco VPN
Concentrator collects all the traffic, from different centers over the Internet to the central
Kamdar operating center. The partners' users are bound by a stringent enterprise-wide
security policy implemented by Kamdar which pre-defines the level of access and
services available to users on Kamdar’s network. The VPN concentrator is at Kamdar
corporate office where the company's SAP servers are also hosted. The 2 Mbps pipe at
the corporate office has 80 percent utilization at present. No QoS tools are in use on the
VPN setup. There is some in-built redundancy in the VPN concentrator.
At the client end, many locations have more than one phone connection or
Internet account. At places where wired telephone links are not stable, Wireless in Local
Loop (WLL) links are used to connect to the local ISP. These links have been deployed
by Kamdar and provide 9.6 or 14.4 Kbps bandwidth.
Hazwani binti Ishak 01-200807-00311
Kuala Lumpur Metropolitan University
55 CCNS Final Project Kamdar Sdn Bhd – Virtual Private Network (VPN)
CHAPTER 6:
NETWORKING GUIDELINES
Hazwani binti Ishak 01-200807-00311
Kuala Lumpur Metropolitan University
56 CCNS Final Project Kamdar Sdn Bhd – Virtual Private Network (VPN)
HP PROLIANT DL120 G6 SERVER
Figure 10: HP Proliant DL120 G6 Server
Right Sized, Right Priced Solution
• An array of 4 core Intel® Xeon® processors and dual core Pentium® and Core i-3
processors, enable you to pick the right processor based on workload requirements
• Support for large form factor SATA and SAS hard disk drives provides both low-cost,
high-capacity drives and high performance, high reliability drives
• Integrated SATA RAID 0/1 and an array of SAS HBAs and Smart Array Controllers
• Affordable performance for scale-out applications
• Provides essential features for computing needs
Easy-To-Own and Manage
• Easy-access, rack-optimized 1U chassis for fast deployment and efficient maintenance
• Offers the control to respond quickly to server issues wherever they occur
• Browser and command line interface access
• Essential, integrated entry-level remote management at an affordable price
Service and Support
• Upholds HP's reputation of dependability, by conducting some of the most rigorous and
thorough testing in the industry
• Full range of service and support for every budget including startup, installation,
Hazwani binti Ishak 01-200807-00311
Kuala Lumpur Metropolitan University
57 CCNS Final Project Kamdar Sdn Bhd – Virtual Private Network (VPN)
extended warranty, network planning, software updates and others
• Access to HP helpdesks and service professionals for around the clock support
Table 1: Technical Specification of HP PROLIANT DL120 G6 SERVER
DEBUGGING THE PPPOE SERVER
Configuration on server are stressed on PPPOE server configuration for VPN at:
Layer 4 - PPP layer
Layer 3 - Ethernet layer
Layer 2 - ATM layer
Hazwani binti Ishak 01-200807-00311
Kuala Lumpur Metropolitan University
58 CCNS Final Project Kamdar Sdn Bhd – Virtual Private Network (VPN)
Layer 1 - DSL physical layer
Hazwani binti Ishak 01-200807-00311
Kuala Lumpur Metropolitan University
59 CCNS Final Project Kamdar Sdn Bhd – Virtual Private Network (VPN)
CONFIGURATION VPN 1750-RF ROUTER ON HP
PROLIANT DL120 G6 SERVER
! vpdn enable no vpdn logging! vpdn-group pppoe request-dialin
!--- The PPPoE client requests to establish !--- a session with the aggregation unit (6400 NRP).!--- These VPDN commands are not needed with !--- Cisco IOS Software Release 12.2(13)T or later.
protocol pppoe ! int Dialer1 ip address negotiated encapsulation ppp ip mtu 1492
!--- The Ethernet MTU is 1500 by default !--- (1492 + PPPoE headers = 1500).
ip nat outside dialer pool 1
!--- This ties to interface Ethernet0.
dialer-group 1 ppp authentication chap callin ppp chap hostname <username>ppp chap password <password>!
!--- The ISP instructs you regarding !--- the type of authentication to use.!--- To change from PPP Challenge Handshake Authentication !--- Protocol(CHAP) to PPP Password Authentication Protocol (PAP),!--- replace these three lines:!--- ppp authentication chap callin!--- ppp chap hostname !--- ppp chap password
Hazwani binti Ishak 01-200807-00311
Kuala Lumpur Metropolitan University
60 CCNS Final Project Kamdar Sdn Bhd – Virtual Private Network (VPN)
!--- with these two lines:!--- ppp authentication pap callin.
ppp pap sent-username <username> password <password>
!dialer-list 1 protocol ip permit!
!--- This is the internal Ethernet network.
interface FastEthernet0 ip address 10.0.0.1 255.255.255.0 ip nat inside!interface Ethernet0 pppoe enable pppoe-client dial-pool-number 1
!--- The PPPoE client code ties into a dialer !--- interface upon which a virtual-access !--- interface is cloned.
!
!--- For NAT, you overload on the !--- Dialer1 interface and add a default route!--- out of the Dialer1 interface because!--- the IP address can change.
ip nat inside source list 1 interface Dialer1 overloadip classlessip route 0.0.0.0 0.0.0.0 dialer1no ip http server!dialer-list 1 protocol ip permitaccess-list 1 permit 10.0.0.0 0.0.0.255
!--- This is for NAT.
Hazwani binti Ishak 01-200807-00311
Kuala Lumpur Metropolitan University
61 CCNS Final Project Kamdar Sdn Bhd – Virtual Private Network (VPN)
CHAPTER SUMMARY
To install VPN for Kamdar, the server used by company need basic configuration
that suitable with the server specification. It is because HP Proliant DL120 G6 server s a
usual and easy configured server that widely used so it is suitable to install VPN for
Kamdar. Since Configuration VPN 1750-RF router on HP Proliant DL120 G6 server
stressed on PPPOE configuration for VPN connection, this chapter only state the coding
that suitable to be configure at HP Proliant DL120 G6 server.
Hazwani binti Ishak 01-200807-00311
Kuala Lumpur Metropolitan University
62 CCNS Final Project Kamdar Sdn Bhd – Virtual Private Network (VPN)
CHAPTER 7:
MAINTENANCE
Hazwani binti Ishak 01-200807-00311
Kuala Lumpur Metropolitan University
63 CCNS Final Project Kamdar Sdn Bhd – Virtual Private Network (VPN)
PERFORMING MAINTENANCE
Some maintenance activities may consume a significant portion of the facility
expenses and manpower. Facility maintenance activities generally fall into four
categories: preventive, adaptive, corrective and protective. Each category has particular
costs associated and specific benefits.
Preventive
Preventive maintenance plans designed to keep business running efficiently.
Preventive allows monitoring computers and network hardware and software to help
prevent problems or errors that may cause loss of important data or loss of business.
Adaptive
As users more and more on the network, they become coupled to logical services
and decoupled from physical services. This decoupling means that users do not care
where servers are located, as long as they can get the services they need.
Corrective
Some data changes by the minute while other data can be archived once a year.
Corrective maintenance is probably the most commonly used maintenance approach, but
it is easy to see its limitations. When equipment fails, it often leads to downtime in
production. In most cases this is costly business. Also, if the equipment needs to be
replaced, the cost of replacing it alone can be substantial. It is also important to consider
health, safety and environment (HSE) issues related to malfunctioning equipment.
Hazwani binti Ishak 01-200807-00311
Kuala Lumpur Metropolitan University
64 CCNS Final Project Kamdar Sdn Bhd – Virtual Private Network (VPN)
Protective
UNINTERRUPTIBLE POWER SUPPLY
A UPS differs from an auxiliary or emergency power system or standby generator
in that it will provide instantaneous or near-instantaneous protection from input power
interruptions by means of one or more attached batteries and associated electronic
circuitry for low power users, and or by means of diesel generators and flywheels for
high power users.
With this type of UPS, a user's equipment is normally connected directly to
incoming utility power with the same voltage transient clamping devices used in a
common surge protected plug strip connected across the power line.
BACKUP AND RECOVERY
Media failure can also cause data loss or damage. Media failure can happen when
the media the data files or transaction logs are stored on fail. Most databases will be
stored on computer hard drives or across groups of hard drives on designated servers.
Hard drives are mechanical devices, just like automobiles, and are made up of parts and
pieces that work together
HDD backup may also mean a backup of all data files or just all files from a hard
disk or creating a hard disk image. HDD backup is rather an inefficient method of a
backup, as usually a backup of the whole drive is not required.
5S IMPLEMENTATION METHOD
5S implementation methodology is a system to reduce workplace waste and
optimize productivity by maintaining an orderly workplace. The use of visual reminders
helps to achieve consistent improvements as well. 5S Implementation "cleans up" and
organizes the workplace, without changing its existing configuration, and it is typically
the first lean method which an organization puts into effect.
Hazwani binti Ishak 01-200807-00311
Kuala Lumpur Metropolitan University
65 CCNS Final Project Kamdar Sdn Bhd – Virtual Private Network (VPN)
CHAPTER SUMMARY
For the maintenance method the four methods should be concern all over the
system. Each method produces their specific tasks. Preventive is essential to keep
computers, servers and networking equipment running smoothly and reliably. Adaptive is
the ability of the system to support user’s changing needs. Some data changes by the
minute while other data can be archived once a year. Corrective maintenance is probably
the most commonly used maintenance approach, but it is easy to see its limitations.
Hazwani binti Ishak 01-200807-00311
Kuala Lumpur Metropolitan University
66 CCNS Final Project Kamdar Sdn Bhd – Virtual Private Network (VPN)
CHAPTER 8:
REVIEW AND EVALUATION
Hazwani binti Ishak 01-200807-00311
Kuala Lumpur Metropolitan University
67 CCNS Final Project Kamdar Sdn Bhd – Virtual Private Network (VPN)
BACKUP AND RECOVERY
Backups are useful primarily for two purposes. The first is to restore a state
following a disaster (called disaster recovery). The second is to restore small numbers of
files after they have been accidentally deleted or corrupted. Data loss is also very
common. 66% of internet users have suffered from serious data loss.
Advantages
Improved data security
Reduced data entry, storage, and retrieval costs
Facilitated development of new applications program
Disadvantages
Damage to database affects virtually all applications programs
Extensive conversion costs in moving form a file-based system to a database
system
Hazwani binti Ishak 01-200807-00311
Kuala Lumpur Metropolitan University
68 CCNS Final Project Kamdar Sdn Bhd – Virtual Private Network (VPN)
UNINTERRUPTABLE POWER SUPPLY
An uninterruptible power supply, also uninterruptible power
source, UPS or battery/flywheel backup, is an electrical apparatus that provides
emergency power to a load when the input power source, typically the utility mains, fails.
A UPS differs from an auxiliary or emergency power system or standby generator in that
it will provide instantaneous or near-instantaneous protection from input power
interruptions by means of one or more attached batteries and associated electronic
circuitry for low power users, and or by means of diesel generators and flywheels for
high power users. The on-battery runtime of most uninterruptible power sources is
relatively short—5–15 minutes being typical for smaller units—but sufficient to allow
time to bring an auxiliary power source on line, or to properly shut down the protected
equipment.
The general categories of modern UPS systems are on-line, line-
interactive or standby. An on-line UPS uses a "double conversion" method of accepting
AC input, rectifying to DC for passing through the battery (or battery strings), then
inverting back to 120V/240V AC for powering the protected equipment. A line-
interactive UPS maintains the inverter in line and redirects the battery's DC current path
from the normal charging mode to supplying current when power is lost. In a standby
("off-line") system the load is powered directly by the input power and the backup power
circuitry is only invoked when the utility power fails. Most UPS below 1 kVA are of the
line-interactive or standby variety which are usually less expensive.
For large power units, dynamic uninterruptible power supplies are sometimes used. A
synchronous motor/alternator is connected on the mains via a choke. Energy is stored in a
flywheel. When the mains power fails, an Eddy-current regulation maintains the power
Hazwani binti Ishak 01-200807-00311
Kuala Lumpur Metropolitan University
69 CCNS Final Project Kamdar Sdn Bhd – Virtual Private Network (VPN)
on the load. DUPS are sometimes combined or integrated with a diesel-generator[clarification
needed], forming a diesel rotary uninterruptible power supply, or DRUPS.
Figure 11: Offline/ Standby UPS
IMPLEMENTATION METHOD
Implementation methodology is a system to reduce workplace waste and optimize
productivity by maintaining an orderly workplace. The use of visual reminders helps to
achieve consistent improvements as well.
Hazwani binti Ishak 01-200807-00311
Kuala Lumpur Metropolitan University
70 CCNS Final Project Kamdar Sdn Bhd – Virtual Private Network (VPN)
CHAPTER SUMMARY
Based on the review and evaluation, the topic that has been discussed in chapter 7
Maintenance Method was repeated. It is for review once again the product or the
implementation works with error or not. Upon on the review each of the implementations
having their own advantages and disadvantages. Since a backup system contains at least
one copy of all data worth saving, the data storage requirements are considerable.
Organizing this storage space and managing the backup process is a complicated
undertaking.
Hazwani binti Ishak 01-200807-00311
Kuala Lumpur Metropolitan University
71 CCNS Final Project Kamdar Sdn Bhd – Virtual Private Network (VPN)
CHAPTER 9:
CONCLUSION
Hazwani binti Ishak 01-200807-00311
Kuala Lumpur Metropolitan University
72 CCNS Final Project Kamdar Sdn Bhd – Virtual Private Network (VPN)
CONCLUSION OF VPN PROPOSAL
As a conclusion VPN can save an organization money in several situations:
eliminating the need for expensive long-distance leased lines
reducing long-distance telephone charges
offloading support costs
VPNs vs leased lines - Organizations historically needed to rent network capacity such
as T1 lines to achieve full, secured connectivity between their office locations. With a
VPN, you use public network infrastructure including the Internet to make these
connections and tap into that virtual network through much cheaper local leased lines or
even just broadband connections to a nearby Internet Service Provider (ISP).
Long distance phone charges - A VPN also can replace remote access servers and long-
distance dialup network connections commonly used in the past by business travelers
needing to access to their company intranet. For example, with an Internet VPN, clients
need only connect to the nearest service provider's access point that is usually local.
Support costs - With VPNs, the cost of maintaining servers tends to be less than other
approaches because organizations can outsource the needed support from professional
third-party service providers. These provides enjoy a much lower cost structure through
economy of scale by servicing many business clients.
Using VPN
To use a VPN, each client must possess the appropriate networking software or hardware
support on their local network and computers. When set up properly, VPN solutions are
easy to use and sometimes can be made to work automatically as part of network sign on.
VPN technology also works well with WiFi local area networking. Some organizations use
VPNs to secure wireless connections to their local access points when working inside the
office. These solutions provide strong protection without affecting performance
excessively.
Hazwani binti Ishak 01-200807-00311
Kuala Lumpur Metropolitan University
73 CCNS Final Project Kamdar Sdn Bhd – Virtual Private Network (VPN)
Limitations of a VPN
Despite their popularity, VPNs are not perfect and limitations exist as is true for any
technology. Organizations should consider issues like the below when deploying and
using virtual private networks in their operations:
VPNs require detailed understanding of network security issues and careful
installation / configuration to ensure sufficient protection on a public network
like the Internet.
The reliability and performance of an Internet-based VPN is not under an
organization's direct control. Instead, the solution relies on an ISP and their
quality of service.
Historically, VPN products and solutions from different vendors have not always
been compatible due to issues with VPN technology standards. Attempting to
mix and match equipment may cause technical problems, and using equipment
from one provider may not give as great a cost savings.
Hazwani binti Ishak 01-200807-00311
Kuala Lumpur Metropolitan University
74 CCNS Final Project Kamdar Sdn Bhd – Virtual Private Network (VPN)
CHAPTER 10:
FUTURE PLANNING
Hazwani binti Ishak 01-200807-00311
Kuala Lumpur Metropolitan University
75 CCNS Final Project Kamdar Sdn Bhd – Virtual Private Network (VPN)
KAMDAR NETWORK SYSTEM IN FUTURE
Kamdar plans to extend the VPN to other Kamdar locations which are part of the
Kamdar WAN and have ISDN/VSAT/leased lines as primary connectivity. This will act
as a fallback option. It also plans to extend VPN access to more mobile users.
Since the new site-to-site Intranet VPN implementation will be a try out for
Kamdar to see the success and efficiency of new network, if the result of using the new
network is success, this network will be implement to all Kamdar branch all over
Malaysia to be site-to-site Extranet VPN. Then its not only Kamdar’s staffs can enter
Kamdar system, maybe it ca be extend to customers of Kamdar.
Almost identical to Intranets, except they are meant for external business partners.
As such, firewall access restrictions are used in conjunction with VPN tunnels, so that
business partners are only able to gain secure access to specific data / resources, while not
gaining access to private corporate information.
Benefit : Businesses enjoy the same policies as a private network, including security,
QoS, manageability, and reliability.
Hazwani binti Ishak 01-200807-00311
Kuala Lumpur Metropolitan University
76 CCNS Final Project Kamdar Sdn Bhd – Virtual Private Network (VPN)
APPENDIXES
Hazwani binti Ishak 01-200807-00311
Kuala Lumpur Metropolitan University
77 CCNS Final Project Kamdar Sdn Bhd – Virtual Private Network (VPN)
Kamdar main headquarter address and branches
Kamdar can be reached by this address:
KAMDAR GROUP (M) BERHAD
113, JALAN TUANKU ABDUL RAHMAN,
50100 KUALA LUMPUR
Phone +603.2693.8988 (Hunting Line)
Fax +603.2698.8400
Email [email protected]
Contact Person Ms Helen
Office Hour Monday - Friday 8:30am - 5:30pm
Outlets Hour Monday - Sunday 10am - 10pm
As Kamdar have reached over 20 outlet crossover Malaysia, they are at:
KUALA LUMPUR
1. Locations: Jalan Tuanku Abdul Rahman
Address: 113,Jalan Tuanku Abdul Rahman,
50100 Kuala Lumpur.
Phone: +603.2698.8488
Fax:+603.2698.8400
2. Locations: Jalan Tuanku Abdul Rahman
Address: 171,Jalan Tuanku Abdul Rahman,
50100 Kuala Lumpur.
Phone: +603.2691.5708 / +603.2692.6896
Fax: +603.2691.5371
3. Locations: Jalan Tuanku Abdul Rahman
Address: 429-435,Jln Tuanku Abdul Rahman,
50100 Kuala Lumpur.
Phone: +603.2693.9513/12/15
Fax: +603.2691.1054
Hazwani binti Ishak 01-200807-00311
Kuala Lumpur Metropolitan University
78 CCNS Final Project Kamdar Sdn Bhd – Virtual Private Network (VPN)
4. Locations: Mid Valley Mega Mall
Address: FJA-2(B),1st Floor,Mid Valley Mega Mall, Batu 2 1/2, Jalan Klang
Lama,
58000 Kuala Lumpur.
Phone: +603.2938.3052
Fax: +603.2284.6739
SELANGOR
1. Locations: SS2, Petaling Jaya
Address: 61,Jalan SS2/64,Petaling Jaya,
47300 Selangor.
Phone: +603.7877.2870
Fax: +603.7875.8895
2. Locations: Kajang
Address: E23-GA,Jalan Prima Saujana 2/D,
Sec 2,Taman Prima Saujana,
43000 Kajang,Selangor.
Phone: +603.8734.3390/84/71
Fax:+603.8734.3357
3. Locations: Klang
Address: 1st Floor,Complex Mais.Lot 336, Sec 23, Simpang Jalan Kapar,
Jalan Meru, 41050 Klang,Selangor.
Phone: +603.3341.0715/749
Fax:+603.3341.1016
4. Locations: IOI Mall, Puchong
Address: Lot ES 8 & ES 9,2nd,Floor,IOI Mall,
Batu 9,Jln Puchong,Bdr Puchong Jaya, 47170 Puchong,Selangor.
Phone: +603.8071.1866
Fax:+603.8070.9366
Hazwani binti Ishak 01-200807-00311
Kuala Lumpur Metropolitan University
79 CCNS Final Project Kamdar Sdn Bhd – Virtual Private Network (VPN)
THE PROPOSAL
Hazwani binti Ishak 01-200807-00311
Kuala Lumpur Metropolitan University
80 CCNS Final Project Kamdar Sdn Bhd – Virtual Private Network (VPN)
1.0 INDUSTRY
1.0.1 Textiles and Clothing
The first actual textile, as opposed to skins sewn together, was
probably felt. Surviving examples of Nale binding, another early textile method,
date from 6500 BCE. Our knowledge of ancient textiles and clothing has
expanded in the recent past thanks to modern technological developments. Our
knowledge of cultures varies greatly with the climatic conditions to which
archeological deposits are exposed; the Middle East and the arid fringes
of China have provided many very early samples in good condition, but the early
development of textiles in the Indian Subcontinent, sub-Saharan African and other
moist parts of the world remains unclear. In northern Eurasia can also preserve
textiles very well.
Textiles is a felt or spun fibers made into yarn and subsequently netted,
looped, knit or woven to make fabrics. Its appeared first at Middle east during the
late stone age. From ancient times until this present day, the methods of textile
production have continually evolved, and the choices of textiles available have
influenced on how people carried their possession, clothed themselves and
decorated their surroundings.
Textiles history studies can be discovered via archeology representation of
textiles and their manufacture in art; and documents concerning the manufacture,
acquisition, use, and trade of fabrics, tools, and finished garments.
Early woven clothing was often made of full loom widths draped, tied, or
pinned in place such as:
Ancient Near East
The earliest known woven textiles of the Near East may be fabrics used to wrap
the dead excavated at a Neolithic site at Airiel in Anatolia, carbonized in a fire
and radiocarbon dated to c. 6000 BC. Flax cultivation is evidenced from c. 8000
Hazwani binti Ishak 01-200807-00311
Kuala Lumpur Metropolitan University
81 CCNS Final Project Kamdar Sdn Bhd – Virtual Private Network (VPN)
BC in the Near East, but the breeding of sheep with a wooly fleece rather than
hair occurs much later, c. 3000 BC.
Ancient India
Cotton has been spun, woven, and dyed since prehistoric times. It clothed the
people of ancient India, Egypt, and China. Hundreds of years before the Christian
era cotton textiles were woven in India with matchless skill, and their use spread
to the Mediterranean countries. In the 1st century, Arab traders brought fine
muslin and calico to Italy and Spain.
Ancient Egypt
Evidence exists for production of linen cloth in Ancient Egypt in the Neolithic
period, c. 5500 BC. Cultivation of domesticated wild flax, probably an import
from the Levant, is documented as early as c. 6000 BC. Other bast fibers
including rush, reed, palm and papyrus were used alone or with linen to make
rope and other textiles.
Ancient China
The earliest evidence of silk production in China was found at the sites of
Yangshao culture in Xia, Shanxi, where a cocoon of bombyx mori, the
domesticated silkworm, cut in half by a sharp knife is dated to between 5000 and
3000 BC. Scraps of silk were found in a Liangzhu culture site at Qianshanyang in
Huzhou, Zhejiang, dating back to 2700 BC.[16][17] Other fragments have been
recovered from royal tombs in the Shang Dynasty (ca. 1600 BC - c. 1046 BC).
1.0.2 Textiles and Apparel in Malaysia
The growth of Malaysia's textiles and apparel industry accelerated in the
early 1970s when the country embarked on export-oriented industrialization. With
exports valued at RM 10.49 while imports amounted to RM 5.46 billion thus
making Malaysia a net exporter of textiles and textile products. There are 662
Hazwani binti Ishak 01-200807-00311
Kuala Lumpur Metropolitan University
82 CCNS Final Project Kamdar Sdn Bhd – Virtual Private Network (VPN)
licensed companies in production with investments of RM8.3 billion. The
industry employs more than 68,264 workers.
The industry currently encompasses a broad range of integrated activities
ranging from polymerisation and man-made fibre production, spinning,
texturizing, weaving, knitting, dyeing, printing and finishing of yarn and fabrics;
manufacture of made-up garments and other made-up textile goods such as
carpets, bed and table linen and ropes. The industry also covers the manufacture
of non-woven fabrics for personal care products, made-up garments, furniture and
bedding as well as construction and engineering applications.
2.0 WORLD TREND
2.0.1 Company Introduction
Levi Strauss & Co. is a worldwide corporation organized into three
geographic divisions: Levi Strauss Americas (LSA), based in San Francisco; Levi
Strauss Europe, Middle East and Africa (LSEMA), based in Brussels; and Asia
Pacific Division (APD), based in Singapore. The company employs a staff of
approximately 10,500 people worldwide, and owns and develops a few brands.
Levi's, the main brand, was founded in 1873 in San Francisco, specializing
in riveted denim jeans and different lines of casual and street fashion.
2004 saw a sharp decline of selling while facing of global outsourcing, so
the company was closed and the Edmonton manufacturing plant shut
down. Dockers (Levi’s clothing line) that was launched in 1986 has sold largely
through department store chains. It helped the company grow through the mid-
1990s, as denim sales began to fade. Levi Strauss attempted to sell the brand in
2004 to relieve part of the company's $2 billion outstanding debt.
Launched in 2003, Levi Strauss Signature features jeanswear and
casualwear. In November 2007, Levi's released a mobile phone in co-operation
with ModeLabs. Many of the phone's cosmetic attributes are customisable at the
point of purchase.
Hazwani binti Ishak 01-200807-00311
Kuala Lumpur Metropolitan University
83 CCNS Final Project Kamdar Sdn Bhd – Virtual Private Network (VPN)
George P. Simpkins Sr, the Levi’s CEO is credited with the company's
record paced expansion of its manufacturing capacity from fewer than 16 plants to
more than 63 plants nationwide from 1964 through 1974. Perhaps most
impressive, however, was that Levi's expansion under Simpkins was
accomplished without a single unionized employee as a result of Levi's' and the
Hass families' strong stance on human rights and Simpkins' use of "pay for
performance" manufacturing at the sewing machine operator level up. As a result,
Levi's' plants were perhaps the highest performing, best organized and cleanest
textile facilities of their time. Levi's even piped in massive amounts of air
conditioning into its press plants, which were known in the industry to be
notoriously hot, for the comfort of Levi's workers.
3.0 LOCAL
3.0.1 Textile and Apparel in Malaysia
The growth of Malaysia's textiles and apparel industry accelerated in the
early 1970s when the country embarked on export-oriented industrialization. With
exports valued at RM 10.49 while imports amounted to RM 5.46 billion thus
making Malaysia a net exporter of textiles and textile products. There are 662
licensed companies in production with investments of RM8.3 billion. The
industry employs more than 68,264 workers.
The industry currently encompasses a broad range of integrated activities
ranging from polymerisation and man-made fibre production, spinning,
texturizing, weaving, knitting, dyeing, printing and finishing of yarn and fabrics;
manufacture of made-up garments and other made-up textile goods such as
carpets, bed and table linen and ropes. The industry also covers the manufacture
of non-woven fabrics for personal care products, made-up garments, furniture and
bedding as well as construction and engineering applications.
Hazwani binti Ishak 01-200807-00311
Kuala Lumpur Metropolitan University
84 CCNS Final Project Kamdar Sdn Bhd – Virtual Private Network (VPN)
3.0.2 Kamdar Group (M) Berhad
Kamdar Group (M) Berhad was established in Malaysia since 1972, and
has since achieved a dominant position in the garment and textile departmental
store industry.
The Kamdar brand name has been well known for several generations. It
has become part of Malaysian history, a fact of which Kamdar is very proud.
Kamdar is well known for its extensive range and quality of garment and textile
products. Kamdar stores specialize in textile fabric, furnishing fabric, in-house
designed garments for ladies, men and children’s clothes, Indian clothing and
school uniforms.
4.0 AREA OF FOCUS
4.0.1 NETWORKING - VPN
VPN (Virtual Private Network) is a networking types which some of the links
between nodes carried by open connections or virtual circuits in larger network
area e.g.: Internet, as opposed running on single private network.
As the world of business is changing to be more sophisticated with technology
nowadays, many businesses have to consider on global markets and logistics. As
to achieve this goals, there are needs of way to maintain fast, secure and reliable
communications within network system (branches, customers, suppliers).
The use of leased lines to maintain WAN (Wide Area Network) provide a
company with a way to expand its private network beyond its immediate
geographic area. However maintaining a WAN, particularly when using leased
lines, can become quite expensive and often rises in cost as the distance between
the offices increases.
As the popularity of the Internet grew, businesses turned to it as a means of
extending their own networks. First came intranets, which are password-
protected sites designed for use only by company employees. Now, many
companies are creating their own VPN (virtual private network) to
accommodate the needs of remote employees and distant offices.
Hazwani binti Ishak 01-200807-00311
Kuala Lumpur Metropolitan University
85 CCNS Final Project Kamdar Sdn Bhd – Virtual Private Network (VPN)
Basically a VPN is a private network that use public network e.g.: Internet; to
connect to remote sites or users of company. Instead of using leased-line, VPN
use virtual connection routed through Internet from company’s private network to
remote sites or employee. It’s mostly about help distant colleagues work together,
much like desktop sharing.
For Kamdar, it is proposed to develop a new Site-to-Site Internal VPN. With
Intranet VPN, gateways at various physical locations within the same business
negotiate a securecommunication channel across the Internet known as a VPN
tunnel. An example would be a network that exists in several buildings connected
to a data center or mainframe that has secure access through private lines. Users
from the networks on either side of the tunnel can communicate with one another
as if it were a single network. These may need strong encryption and strict
performance and bandwidth requirements.
The advantage of Site-to-Site Internal VPN is the substantial cost savings over
traditional leased-line or frame relay technologies through the use of Internet to
bridge potentially long distances between sites. With VPN, Kamdar employee can
keep sharing information and company’s data with secure and reliable way. Its
important as to keep and maintain business data integrity for company’s future
use.
Hazwani binti Ishak 01-200807-00311
Kuala Lumpur Metropolitan University