Objective:
The main objective of this assignment is to make efficient use of VPNs as means of secure connections between different locations of an international company. The student will build the company network and then configure Site-to-Site IPsec VPNs between multiple office locations of a fictitious company called Future Tech Enterprises, verify the VPN tunnels, and ensure secure communication between these sites.
Scenario: Global Tech Enterprises
Future Tech Enterprises is a multinational corporation with headquarters in New York and
branch offices in Abu Dhabi and London. The company needs to ensure secure
communication between its offices over the internet. Each site has its own local network, and
the organization wants to establish secure Site-to-Site IPsec VPN tunnels between these
locations to protect sensitive data during transmission.
Network Overview:
New York Office:
Network: 10.11.1.0/24
Router: NY-R1
External IP: 203.0.113.1
Abu Dhabi Office:
Network: 10.22.2.0/24
Router: AD-R1
External IP: 198.51.100.1
London Office:
Network: 10.33.3.0/24
Router: LDN-R1
External IP: 192.0.2.1
Your task is to configure and verify Site-to-Site IPsec VPNs between these three offices to
ensure that all communication over the public internet is encrypted and secure.
Part 1: Understanding Site-to-Site IPsec VPNs (20 points)
Conduct your own research and explain the following questions (Make sure to add the necessary citations):
- List two advantage and two disadvantages of the use of VPNs to connect different sites of this company
- Define what a Site-to-Site IPsec VPN is and explain its relevance to Future Tech Enterprises.
- Describe the different phases of IPsec (IKE Phase 1 and IKE Phase 2) and how they secure communication between the New York, Abu Dhabi and London offices.
- Discuss the encryption and authentication algorithms that would be appropriate for a multinational corporation like Future Tech Enterprises.
- Compare IPSEC Site-to-Site VPNs with any other alternative. List a scenario where IPSEC remains the preferred choice and another scenario where an alternative might be better suited for Future Tech Enterprises.
Part 2: Configuring the Site-to-Site IPsec VPNs (50 points)
Network Topology Setup (10 points)
Using network simulation software (e.g., Cisco Packet Tracer) design a network topology that
includes the New York, Abu Dhabi, and London offices.
Include network address assignments, routing configurations (static routing), and firewall settings as
necessary.
Provide a diagram of the network topology showing how each office connects to the other two.
After configuring static routing test your routing configuration by pinging between office networks. Include screenshots showing successful pings.
IPsec VPN Configuration (30 points)
Configure the IPsec VPN on the routers at each office (NY-R1, AD-R1, LDN-R1). Ensure the
configurations include:
- ISAKMP Policy
- IPsec Transform Set
- Crypto Map
- Access Control Lists (ACLs) for interesting traffic between the sites
- Applying the Crypto Map to the appropriate interfaces
- Document the configuration commands used on each router, explaining the purpose of each
- command.
Verification (10 points)
Verify that the IPsec VPN tunnels are established successfully between all three offices. Provide
output from relevant verification commands (e.g., show crypto isakmp sa, show crypto ipsec
sa).
Demonstrate secure communication between the offices by pinging between devices on
different networks (e.g., from a device in the New York office to a device in the London office)
and observing encrypted traffic. Make sure to add screenshots in the report
Part 3: Testing and Troubleshooting (20 points)
_Testing the VPN Tunnels _(10 points)
Test the VPN tunnels by initiating traffic that matches the ACLs defined in the configuration,
ensuring that communication between New York, Abu Dhabi, and London is secure.
Provide evidence (screenshots or command outputs) showing successful data transmission over
the VPNs.
Part 4: Reflection and Documentation (10 points)
Write a reflection on what you learned during this assignment. Highlight any challenges you
faced, particularly in managing multiple VPN tunnels, and how you overcame them.
** Add references and also sign the Academic Integrity Disclaimer in the report template.
Submission
Each student must submit 2 files in the given order:
- Primary file submission: Full report in a single PDF containing answers to all the Parts along with the screenshots wherever applicable. Name the report firstname_lastname_A1.pdf. Use the following to compile your report.
- Secondary file submission: A packet tracer file. Make sure the user account details under packet tracer file must have username a s your firstname_lastname and email must match your ZU email.
Assignment Information
> 2000 words
Weight:
15%
Learning Outcomes Added
- : Describe information, network and computer attacks and defenses fundamentals, standards, and security challenges.
- : Evaluate system and network authentication, access control schemes, and components of virtual private networks (VPNs).
HOW TO GET FULL MARK COMPLETE INSTRUCTIONS
PART 1 (20 Marks) THEORY SECTION
What Your Professor Expects
Not just definitions.
He wants:
- Clear explanations
- Correct terminology
- Diagrams (optional but gives bonus impression)
- Proper references (APA style)
- Connection to the scenario
What You MUST Do
1? Write 2 Advantages + 2 Disadvantages
BUT:
- Connect each point to Future Tech Enterprises
- Explain WHY it matters
Example:
Wrong: “VPN is secure.”
Correct: “VPN ensures encrypted communication between New York and London, protecting sensitive financial data from interception.”
2? Define Site-to-Site IPsec VPN
- Clear definition
- Difference from remote access VPN
- Mention IPsec operates at Layer 3
- Explain relevance to multinational company
3? Explain IKE Phase 1 & Phase 2
You must mention:
- ISAKMP SA
- IPsec SA
- Diffie-Hellman
- Encryption negotiation
- Authentication
- Interesting traffic
If you miss these marks deducted.
4? Encryption Algorithms
Mention:
- AES-256
- SHA-256
- DH Group 14
- Pre-Shared Key
Explain WHY enterprise needs strong encryption.
5? Comparison Section
Compare IPsec vs SSL VPN:
Make table:
| Feature | IPsec | SSL VPN |
Professors love comparison tables.
6? References (VERY IMPORTANT)
Minimum 3 academic references:
- Cisco documentation
- NIST
- Stallings textbook
If you skip references automatic mark deduction.
PART 2 (50 Marks) PACKET TRACER (MOST IMPORTANT)
This is where most students lose marks.
You must be organized.
STEP 1: BUILD CLEAN TOPOLOGY (10 Marks)
You need:
- 3 Routers (2811 or 2911)
- 3 Switches
- 3 PCs
- Internet cloud (or serial connections between routers)
IP Addressing (DO NOT GUESS)
Use exactly:
NY LAN:
Router: 10.11.1.1
PC: 10.11.1.10
Gateway: 10.11.1.1
AD LAN:
Router: 10.22.2.1
PC: 10.22.2.10
LDN LAN:
Router: 10.33.3.1
PC: 10.33.3.10
External interfaces:
- NY: 203.0.113.1
- AD: 198.51.100.1
- LDN: 192.0.2.1
REQUIRED SCREENSHOTS
You must include:
- Full topology diagram
- IP configuration of each PC
- Router
show ip route - Successful ping BEFORE VPN
If you skip routing test screenshot marks lost.
STEP 2: STATIC ROUTING
Configure static routes on ALL routers.
Then test:
ping 10.22.2.10ping 10.33.3.10
Take screenshot of successful ping.
STEP 3: CONFIGURE IPSEC VPN (30 Marks MOST CRITICAL)
You must configure:
ISAKMP policy
Pre-shared keys
Transform set
ACL for interesting traffic
Crypto map
Apply crypto map
IMPORTANT: You Need 3 Tunnels
NY AD
NY LDN
AD LDN
If you only configure NY as hub YOU LOSE MARKS.
Your assignment says:
Configure between these three offices
That means FULL MESH.
Common Mistakes That Lose Marks
Forgetting to mirror ACL on other router
Applying crypto map on wrong interface
Wrong peer IP
Using wrong wildcard mask
Not testing traffic
Avoid these.
STEP 4: VERIFICATION (10 Marks)
You MUST include screenshots of:
show crypto isakmp sashow crypto ipsec sa
Expected:
- State = QM_IDLE
- Encrypted packet counter increasing
Then:
Ping from:
- NY PC LDN PC
- AD PC NY PC
Then run:
show crypto ipsec sa
Take screenshot showing encrypted packets.
If you do not show packet counters increasing marks deducted.
PART 3 (20 Marks) TESTING & TROUBLESHOOTING
You must:
- Show traffic triggering VPN
- Explain how tunnel forms
- Mention at least 3 troubleshooting techniques
Example:
- Check ACL match
- Verify PSK
- Verify routing
- Check interface crypto map
If you only say it worked low mark.
PART 4 (10 Marks) REFLECTION
Professor wants:
- What you learned
- Challenges
- How you solved them
- Connection to learning outcomes
Mention:
- SecFundamental
- AuthAccessVPN
That gives strong impression.
SUBMISSION RULES (DON’T LOSE EASY MARKS)
You must submit:
1? PDF Report
Name:
firstname_lastname_A1.pdf
Contains:
- All answers
- All screenshots
- References
- Academic integrity signed
2? Packet Tracer File
VERY IMPORTANT:
Inside Packet Tracer:
Go to:
Options User Profile
Set:
Username: firstname_lastname
Email: your ZU email
If you forget this mark deduction.
HOW TO GET 100%
Here is checklist:
Clear theory
References
Clean topology
Static routing verified
Full mesh VPN
Correct crypto configuration
Tunnel verification screenshots
Packet counters increasing
Troubleshooting explanation
Reflection written properly
File names correct
Packet Tracer user profile correct
FINAL ADVICE (From Experience)
Most students lose marks because:
- They configure only 1 tunnel
- They forget verification screenshots
- They dont explain commands
- They skip references
You will not make these mistakes.
Requirements: 2000 | Python

Leave a Reply
You must be logged in to post a comment.