Long time since I visited last here, so I am asking to see if anyone can suggest easy to use simple way to setup home VPN server? I am still researching.
I think I spent few times on few pages with instructions on MSFT's web page, however it got too complicated for my home low-end server running sole Windows Server 12. If I vaguely remember, also, one aspect of my home wireless router did not meet the need, (Something related to static IP facing public internet??)
Well, the primary reason is that I am looking for a way to transfer files easily in and out between my home server and laptop wherever I go by setting up virtual secure connection wherever they are internet. By doing that, I am hoping to be dependent on online cloud storage like dropbox, google drive, one drive and the like.
Thanks.,
when I try re-do using Microsoft WS 2012 instruction, I immediately hit a roadblock
technet instruction says -> add roles -> network policye and acccess services -> next -> next and expect to see routing and remote access services but the fucking actual windows 2012 does not show that PIece of crap.
It only lists 3 other items, network policy server, health registration and one other crap.
This is why I fucking hate windows, waste of time and effort wasted several hours of my precious life's moment. I need to look elsewhere.
So I got 210-260 CCNA Security with seemingly good instruction on Cisco ASA SSH VPN setup.
Thought may be I can get older ASA like this one over ebay:
http://www.ebay.com/itm/Cisco-ASA5505-BUN-K9-Firewall-Security-Appliance-50-Users-ASA5505-50-BUN-K9-/252837337683?hash=item3ade479a53:g:K84AAOSwB-1Y1APh
Since I am completely blind here, I wonder if this combo work. Old ASA box with newer CCNA security guide.
Quote from: ggnfs000 on October 03, 2017, 01:07:35 AM
So I got 210-260 CCNA Security with seemingly good instruction on Cisco ASA SSH VPN setup.
Thought may be I can get older ASA like this one over ebay:
http://www.ebay.com/itm/Cisco-ASA5505-BUN-K9-Firewall-Security-Appliance-50-Users-ASA5505-50-BUN-K9-/252837337683?hash=item3ade479a53:g:K84AAOSwB-1Y1APh
Since I am completely blind here, I wonder if this combo work. Old ASA box with newer CCNA security guide.
Option one buy a real firewall
Option two Cisco 800 series and configure sslvpn
Option three prosumer router with an open VPN derivative and GUI
OK, I looked at ASA 55xx series doc-s, am I correct that it functions as both small switch, router as well as add'l security modules? Basically replace the home router with this one.
Port 0 is public net, rest is internal network. https://www.cisco.com/c/en/us/td/docs/security/asa/quick_start/5505/5505-poster.html
5505 acts as a small switch, none of the others do.
The port 0 thing is incorrect unless you configure it that way
You have to REALLY know the ASA gear to set thing up correctly for what you want, I would advise against the ASA line.
I don't really do home gear so my XP with this is quite limited, but if I were you I would look at IPcop's VPN. IPcop is a fairly well known name, and I think free. I did a quick search on youtube and found a few videos on how to set it up.
Quote from: ggnfs000 on October 03, 2017, 05:52:13 PM
OK, I looked at ASA 55xx series doc-s, am I correct that it functions as both small switch, router as well as add'l security modules? Basically replace the home router with this one.
Port 0 is public net, rest is internal network. https://www.cisco.com/c/en/us/td/docs/security/asa/quick_start/5505/5505-poster.html
Maybe. I can't do that because my ISP connection is way faster than what my 5505 can handle. 5505 tops out at 100-150Mbps. My line is now 1Gbps. I like my speed, even if that makes me more of a developer in that attitude. :developers:
Also, you have GOT to keep that thing up to date. If something breaks through the ISP router, you have some legal recourse to accuse them of not following due diligence. If it's your own gear, too bad so sad if you suffer a breach.
Quote from: dlots on October 04, 2017, 08:44:50 AM
5505 acts as a small switch, none of the others do.
5506 does this now, it didn't when first released but they introduced it in 9.7 IIRC.
Have a look at pfSense, I've only used the VM briefly but it seemed pretty solid and it gets a lot of good feedback. Looks like you can run it on hardware too:
https://www.pfsense.org/products/
Quote from: deanwebb on October 04, 2017, 08:46:46 AM
Quote from: ggnfs000 on October 03, 2017, 05:52:13 PM
OK, I looked at ASA 55xx series doc-s, am I correct that it functions as both small switch, router as well as add'l security modules? Basically replace the home router with this one.
Port 0 is public net, rest is internal network. https://www.cisco.com/c/en/us/td/docs/security/asa/quick_start/5505/5505-poster.html
Maybe. I can't do that because my ISP connection is way faster than what my 5505 can handle. 5505 tops out at 100-150Mbps. My line is now 1Gbps. I like my speed, even if that makes me more of a developer in that attitude. :developers:
Also, you have GOT to keep that thing up to date. If something breaks through the ISP router, you have some legal recourse to accuse them of not following due diligence. If it's your own gear, too bad so sad if you suffer a breach.
That is only through VPN? I think I dont expect to transfer large data mostly be using to download upload and open smaller files, browsing through directories etc., Hoping it is manageable.
That's the speed through the firewall itself, for any and all traffic.
OK, i guess i will see how slow it gets, i think my internet is pretty slow gotta look at my plan.
Hell the packet tracer had one (and only one) 5500 device available, going to see how much i can practice on that.
the 5500 is not what I would suggest for 'easiest'... you can't even ping through one until you know the magic thing you have to do LOL (CCNA security question #1....)
Quote from: wintermute000 on October 06, 2017, 12:27:07 AM
the 5500 is not what I would suggest for 'easiest'... you can't even ping through one until you know the magic thing you have to do LOL (CCNA security question #1....)
wha?
Q1 A. Put it in the round file?
:smug:
Quote from: wintermute000 on October 06, 2017, 12:27:07 AM
the 5500 is not what I would suggest for 'easiest'... you can't even ping through one until you know the magic thing you have to do LOL (CCNA security question #1....)
Ping through the 5505? Oh jeez...
:morty:
You can get an unlimited edition of Pulse Secure virtual appliance for lab use, max 3 concurrent users I thought. Much more granular than any firewall-based VPN solution imho.
Haven't set it up myself though, I use the Juniper SRX Dynamic VPN with the Pulse Secure client, wasn't too bad to set up.
You could get a trial version of the vSRX and use that...
Quote from: SimonV on October 06, 2017, 01:18:59 PM
You can get an unlimited edition of Pulse Secure virtual appliance for lab use, max 3 concurrent users I thought. Much more granular than any firewall-based VPN solution imho.
Haven't set it up myself though, I use the Juniper SRX Dynamic VPN with the Pulse Secure client, wasn't too bad to set up.
You could get a trial version of the vSRX and use that...
Thank I 'll look into that.
Quote from: wintermute000 on October 06, 2017, 12:27:07 AM
the 5500 is not what I would suggest for 'easiest'... you can't even ping through one until you know the magic thing you have to do LOL (CCNA security question #1....)
Yes, I am virtually Looking at the ccna security and so far covered 1/3rd. I am posing to read through enough chapters to be able configure comfortably. As long as the devices work a documented, it usually goes straightforward. What is "really" difficult is it does not work a documented.
Code changes can result in problems... try to have the same code version as is apparent in the materials. There are some major revisions in which syntax changes dramatically. Be sure you're also studying materials for the current test. Then check with us here before you go in, so we can make sure you got your stuff together. Cisco cert tests seem to be something of a bait and switch operation of late, where you can't pass unless you took the live class, peeked at the answers (BIG NO-NO), or went above and beyond in your study to read whitepapers and stuff ***BEST PRACTICE***.
:fail2:
Quote from: ggnfs000 on October 06, 2017, 03:13:29 PM
As long as the devices work a documented, it usually goes straightforward. What is "really" difficult is it does not work as documented.
That second part by definition is Cisco.
:haha3:
Quote from: ristau5741 on October 08, 2017, 08:05:51 AM
Quote from: ggnfs000 on October 06, 2017, 03:13:29 PM
As long as the devices work a documented, it usually goes straightforward. What is "really" difficult is it does not work as documented.
That second part by definition is Cisco.
:haha3:
it is not just cisco, it is virtually most of open source projects.
just latest casualty, needed to do a quick crash course on python django project and tried setting up on linux server according to instruction but it ended fucking riddled with errors like 400, 404 and all sorts of web errors. But they advertise 'em as "for perfectionists" AN touted it as a simple to setup. Fuck this!
As for VPN, i hit the 2 roadblocks immediately:
from CCNA security book, the 3 rd instruction starting with "ip local..." for setting VPN on 5505 was not available on 5505 on packet tracer. Why it is not available whether the software does not support it, different models, fucking beats me.
CCP downloaded and installed but wont fucking run, it requires java 1.6 or later when I already got 1.8. Even reverting back to older version 1.7 and 1.6 wont run.
Thinking about getting the fuck out of this software indsutry and doing something meaningful.
You can keep using packet tracers, and asking **** questions, or you can do it properly. Told you twice already, your choice.
ASAv works in Unetlab/EVE-NG/GNS3/VIRL.
CCP HAHAHAHAAHAHAHAHAHAHA are you serious. Nobody in their right mind uses that java abomination. Apologies for the CCNA sec courseware..... but yeah with ASAs its CLI or ASDM all the way. You have no chance with CCP
CCP and Java...
:flipdesk:
Basically, you'll have to scrub Java off your system and install ONLY the version that that CCP wants. Alternatively, get GNS3 spun up and run the 5520 image that's floating out on the Internet, running 8.02 code, then connect to it via a VM running only Java 1.6. You will use CCP *only* for the CCNA-Security, never again afterward. Never ever ever ever again, not even on CCNP-Security.
The ASA in Packet Tracer will not have all code features activated. This is why I recommend GNS3. Getting the ASA to run in GNS3 is no picnic, but it's free.
An actual 5505 on eBay is going for around $55-65, not bad. I spent just over $100 on mine, back in 2013. I had a lot of fun with it. I got it to do a VPN with the 5520 in GNS3, that was a real hoot. Then I did a VPN with an 1841 ISR - those are down around the $50-60 range, as well - and that pretty much was all the VPNing I had to do.
Wintermute is correct about using either CLI or ASDM in the real world. And ASDM comes with its own Java nightmares. Thanks to Cisco, you will learn more about Java versioning than you ever wanted to.