ISP Setup

Setup will be done in different phases

The first phase will be to set up a network topography as in the following image.

In which the following aspects will be configured

  • DHCP both client and server

  • DNS

  • Give ip to the interfaces and name them to differentiate them.

  • Create internal networks.

  • Create a DMZ and use firewall rules.

  • Creations of vlan and bridges.

  • Creation of VPN between two routers of different networks with IPsec.

  • Create basic NAT rules in the firewall, such as masquerading.

All this section will be in the document of configuration of a ISP network .

Phase 1 configuration with GNS3: link .

The second phase will have some changes in the network topography with respect to the previous one as seen in the following image.

In this part we will implement some technologies so that our network has greater availability

  • A backup lines Failover will be implemented for both routers with the two ISPs, for when one of them fails, it will automatically pull the other.

  • A VRRP will be implemented between the two company routers for the static networks of the DMZ and the LAN2 with this we help that when a router is damaged we continue to have a connection thanks to the fact that it was pulled through the other router, it is a process very similar to failover.

  • A bandwidth will be implemented in the LAN 2 network since they have internet access, to see how it is configured and how it works.

  • A load balancing will be implemented for the DMZ.

All this section will be in the document of Configuration of Tools that provide High Availability .

Phase 2 configuration with GNS3: link .

The third phase will mainly consist of setting up an IDS

In this phase the following will be implemented

  • Port knocking is implemented in both routers, to provide a layer of security against those who want to connect remotely to the router, using a port code.

  • Both routers will be configured to send us mail when errors or any anomaly are detected that we want to be notified, the mail will also be configured so that at a certain time of each day it will send us a backup of the router configuration.

  • Mikrotik will be configured to send all the packets that cross the router to a computer with Suricata installed as IDS.

  • A Kali system is mounted, to simulate that someone has entered our router and performs a network scan with nmap, to check if Suricata detects it.

  • Layer 7 protocol is configured to filter several pages and not have access to them.

All this will be in the files Suricata-Mikrotik and in the Security Tools configuration .

Phase 3 configuration with GNS3: link .

NextResources

Last updated

Logo

ISPbills all right reserved.