So I am trying to configure a VPN client on cisco packet tracer but I am having some issues with configuring the ACL. In my task, I am trying to create a VPN tunnel between R4 and R2. I am trying to Block the odd-numbered IP addresses in R2 LAN from using the VPN tunnel. How am I meant to write this access list? I will attach an image to better represent this.
VPN diagram:
The line in the ACL which would accomplish what you wanted (block odd ip addresses from /24 range):
access-list 101 deny ip 209.165.1.1 0.0.0.254 dst_ip dst_wildcard
If you wanted to block all even numbers, you would write this:
access-list 101 deny ip 209.165.1.0 0.0.0.254 dst_ip dst_wildcard
This should be the first line in the ACL which is configured on the R2 G0/0 interface, since it should be checked first. After that, you can write rest of the entries, like permitting the whole network to go out of the the S0/0/0 interface and so on.
Related
Have a small question..
I got below two ips from my team-mate...
G/W Details: 172.27.180.201 (abc/xyz)
Server Details: 192.168.40.132 (abc/xyz).
When I ping to 201, it goes fine. But ping to 132 didnt work.
Now if I do ssh to 201 and from there I ping to 132, then ping works fine.
So I am thinking what kind of changes I have to do in my Linux-machine(Any static route ??), so that I can directly ping to 132 machine ?
Please help me and let me know if I need to provide any other output details...
Thanks.
The 2 machines (G/W & Server) are in different networks since they are using different private IP address ranges.
Private IP address ranges are as follows:
Class A network 192.168.0.0 - 192.168.255.255 (65,536 IP addresses)
Class B network 172.16.0.0 - 172.31.255.255 (1,048,576 IP addresses)
Class C network 10.0.0.0 - 10.255.255.255 (16,777,216 IP addresses)
Since you can ping G/W:
you are either in the same network and have a class B IP address
you are in a different network which has access to G/W's network by some means (gateway, vpn tunnel etc.)
G/W can ping Server because it has access to Server's network (or Server itself) by some means (gateway, vpn tunnel, firewall etc.)
Disclaimer: I'm not a network expert, my jargon maybe not appropriate :)
172.27.180.201 should do NAT for you.
Or 192.168.40.132 add route.
You can't access 192.168.40.132 only changing your host.
Currently I am using the native Cloud SQL instance that is getting billed against the same project. However to cut some cost, I intend to shift the databases to my other mysql sitting at my other hosting. But I need to put a static IP on the allowed hosts in order to make it work. I added the 4 hosts that they make you add as A records to point the domain. But it didn't work. I read about Sockets API.. but didn't really get it. It's confusing. How to make it work? putting those 4 IP in makes it workable once or twice randomly when once of those provided IP is active I guess but whenever some other IP from the pool gets active, it doesn't work!
Have you looked at Serverless VPC Access with VPC Access Connector as described here?
You should be able to use the VPC Access Connector Source IP CIDR range at your MySql end as allowed IP list.
However you must ensure the connection is secure with a VPN or interconnect.
I'm trying to access my Google Compute Engine VM at 104.197.83.224. I tried to allow HTTP and HTTPS traffic but it errors out both times. It gives the error Invalid Fingerprint.
Could use some help. Thanks!
Also, although I haven't used my VM at all, I've gotten a bunch of requests on it. And its starting to charge me even though I'm not using it. How can I prevent that?
It sounds like you've stored a previous SSH key for that IP address in your ~/.ssh/known_hosts file. Check that file for entries that have the same IP address as your current instance and remove them.
Unfortunately, SSH assumes that IP addresses and SSH keys are assigned fairly statically (rather than using signatures from some central trust authority like SSL), which is a problem when you start to have cloud services which may assign the same IP address to different VMs several times during one day (if the VMs are started and shut down quickly, for example). I think that the gcloud ssh comm
i am creating an application with client-server architecture in java. What i am trying to achieve is a simple client-server architecture connected via LAN with a ethernet switch, the server is having a server module of application running and also having MySQL database, the clients do their processing and submit results on server database, database also used for authentication.
the Server would be the only machine in network that will be connected to WAN through any ISP, the IP address of server machine cannot be guaranteed to be static, in this condition how the clients may connect to the server database? As the IP address of server is fluid..
One more doubt is that i've to authenticate the clients also on the basis of there IP addresses (or it may also be physical MAC address, if simple to implement), i've a table in database that the server admin can update and stores the IP addresses of valid clients, now on connecting via LAN what will be the IP addresses allocated to the machines to be stored in database and will they be static? i've googled for this but did not found relevant answers...
I hope i am clear with my question .I am sorry if the question is not related to stackoverflow,but it contains programming with database and networking too.
Thanks.
As I see it you have a few separate problems:
1. The IP addresses on the client machine are probably NOT static - a very high proportion of users are allocated dynamic addresses by their ISPs
2. There is no way to reliably connect to your Server as it has no static IP address.
The first problem can be solved by using the MAC address as you suggest (although this is easy to spoof if an attacker wants to) or some locally stored access keys.
The second is much more difficult (and really the reason why we have static IP addresses) - you need to use a VPN or some kind of forwarding service which does have a fixed IP afaik.
Assume that there is a web-page called whatisyourip.com and that I have a web-page called changeip.com. A user wants to enter the site whatisyourip.com through changeip.com. Normally, changeip.com would be a proxy server so the user can hide his ip address. That's how users reach forbidden web-pages in their countries. But I want to ask, is there a way to show a different ip address to whatisyourip.com while connecting it through changeip.com without using it as a proxy server?
is there a way to show a different ip address to whatisyourip.com while connecting it through changeip.com without using it as a proxy server?
Short answer: Yes. Make changeip.com a VPN server and assign different IP addresses to those VPN clients. Ensure they send all traffic through the VPN. This usually involves modification of the local routing table on the VPN client workstations for everything to work correctly.
Longer answer... There are several reliable ways to hide IP addresses of TCP sessions...
HTTP Proxy - you already described this situation
Network address Translation - this doesn't sound likely in your scenario
VPN Tunneling - Possible solution instead of HTTP proxy, even if it's something as simple as an SSL VPN. Depending on your constraints, this could also be a viable option.
You can't. TCP connections require a 3-way handshake. You can certainly send a SYN packet to the server to start the process, then change your IP address. but when the site responds with the 2nd-stage of the handshake (SYN+ACK), that packet is now going to your old IP address and your system will drop it - it has no idea that the server is responding to something that was started on the old IP.
You could try something like the Tor network, which offers end-to-end encryption of traffic and cloaking of origins, but it's not something I'd consider "reliable".
Not unless you spoof your IP, in which case the response will go to the forged IP. So no.