Final Ngongwa Nana Grace Report 2024-Edit

EXTENTION OF AMHS NETWORK THROUGH VPN TO THE AERODROMES: CASE OF ASECNA
i
ii
CERTICATION
This is to certify that this internship report will focus on “EXTENTION OF AMHS NETWORK
THROUGH VPN TO THE AERODROMES” presented by NGONGWA NANA GRACE to
meet the required to obtain a HIGHER NATIONAL DIPLOMA (HND) in Network and security
by the University Institute of the GOLF OF GUINNEE (IUG) under the supervision of the
Ministry of Higher Education. Approved under the various supervisors:
ACADEMIC SUPERVISOR PROFESSIONAL SUPERVISOR
Name ………………….. Name ………………………………
Signature…………………. Signature ……………………………
Date ………………….. Date ……………………………..
iii
DEDICATION
TO
MY LOVELY
FAMILLY
iv
ACKNOWLEDGEMENTS
So as this emotional moment of my youth, it seem wise and appropriate to address to all those
who have contributed to my training in ASCENA and my education, my sincere and deep thanks
in particular:
To the Almighty GOD, my creator and my master who has always there for me throughout this
academic year, who help us in our moment of joy and in difficult time.
 Mr. LOUISE MARIE DJAMBOU founder and president of IUG.

 Mr. NGOUNE SONNE ERICK FRANCIS the legal representative of ASCEN and his
staff for giving me the chance to carry out my internship in this structure
 To my professional supervisors Mr. NGUEA ARISTIDE, for his availability, his multiple
advice and support.
 To my academic supervisor Mr. BESSONG ETENGENENG for his loneliness and
writing this report.
 To all the administrative staff and teachers of the IUG who, through their lessons and
advice, have enabled me to carry out this work.
 TO my parents MR NANA ROGER and MRS NDJEULEU ROSE who have never
failed to give me the financial and moral support.
 To my sisters (TCHUILENG NANA MICHELE, MBIALEU NANA FABIENNE,
KOUAGNANG NANA CLAUDE and TIOKEP NANA SAGESSE) and my brother
TCHAKOUTIO NJTANG
 To KEBOUE TSOTIE VATIS that has help me with the simulation of my theme.
 Finally to all those whom I love, I like ,whom I clearly admire from near or far ,of whom
I could not name but who have validly participated ,financially ,morally and spiritually in
putting this report to rest.
v
PREFACE
Founded 1993, the university Institute of the Gulf of Guinea (IUG) is a group of three schools of
higher institution located in PK8-Douala. Specialized in fields of commerce and management,
communication and information, industry and new technologies and paramedical sciences. It is
one of the most prestigious private higher institution in Cameroon. IUG trains young professional
in the Technical, Medical and Business environment. Since its creation in 1993, the advance
school of management has been striving to answer the urgent calls of economic operators in need
of foremen and management staff. With the launching of the HIGHER NATIONAL DIPLOMA,
the university Institution of the Gulf Guinea is becoming the first bilingual Higher Institution of
learning in Central Africa.
The Cameroon government has taken as duty to train and educate youths in all fields of
vocational training .In order to build up their professional skills, it is this light the order NO
008/CAB/PR of 19/03/1993, brought about the creation of private state university and higher
professional institute among which is ISTA (Institute superior des Technologies Advances).
ISTA was created by the ministerial order NO 05/0038 of the 12 January 2005. It had as mission
to employ good lecturers who are devoted and willing to train students to obtain the higher
national diploma (HND), after a two-year course. Below are some of the professional offered in
IUG?
 Computer Engineering, Telecommunication

 Building Science and Technology
 Accountancy, Banking and Finance
 Transport and Logistics
 Electrical Power System
 Nursing
vi
LIST OF ABREVIATIONS
ASECNA: Agency for safety of Air Navigation in Africa and Madagascar
AMHS: Aeronautical Message Handling System
IPEC: IP security
ESP: Encapsulation Security Protocol
DES: Data Encryption Standard
ISAKMP: Internet Security Association Key Management Protocol
HMAC: Hashed-Based Message Authentication Code
MD5: Message Digest 5
SHA: Secure Hash Algorithm
AES: Advanced Encryption Standard
TCP: Transport Control Protocol
UDP: User Data Gram Protocol
WIFI: Wireless Fidelity
RSA: Rivest Shamir Adleman
SSTP: Secure Socket Tunneling Protocol
L2TP: Layer 2 Tunneling Protocol
IKEv2: Internet Key Exchange Version
ICAO: International Civil Aviation Organization
SSL: Secure Socket layer
vii
ABSTRACT
In order to put into practice the theoretical knowledge acquired during the academic year
2022/2023, the establishment INSTITUT UNIVERSITAIRE DU GOLFE DE GUINEE (IUG)
has introduced the syllabus of the training and observation internship and familiarization. The
purpose of this one being to guide the students in the professionalization process in the chosen
field.
As a student in Network and security, the aim of the internship was to allow me to have a
practical base on the technical terms of network and security, to have an idea on the organization
of the various reception structures on administrative and operation level of the agency but also to
allow me to immerse myself in the different tasks and know the staff who carry them out on a
daily basis.
With the Representation of the Agency for the Safety of Air Navigation in Africa and
Madagascar, in Cameroon (ASCENA CAMEROON), I carried out an academic internship for a
period of 2 months that is from the 19th June to the 18th August 2023. During this internship I
was asked to work on the EXTENTION OF AMHS NETWORK THROUGH VPN TO THE
AERODROMES OF YAOUNDE AND GAROUA. This report will contain the following: the
presentation of ASECNA and its Representation in Cameroon, the unit where the internship was
carried, activities carried out during the internship and the theme I was given to work on
viii
RESUME
Afin de mettre en pratique les connaissances théoriques acquises au cours de l` année

académique 2023/2024, l `établissement INSTITUT UNIVERSITAIRE DU GOLFE DE
GUINEE (IUG) a mis en place le programme du stage de la formation et dòbservation et de
familiarisation .Le but de celui-ci étant de guider les étudiants dans la démarche de
professionnalisation dans le domaine choisi.
Etudiant en Réseau et sécurité, le but du stage était de me permettre dàvoir une base pratique sur
les termes techniques du réseau et de la sécurité, dàvoir une idée sur lòrganisation des
différentes structures dàccueil au niveau administratif et opération de làgence mais aussi pour
me permettre de mìmprégner des différentes tâches et de connaitre les personnels qui les
réalisent au quotidien.
Au sein de la Représentation de lÀgence pour la sécurité de la Navigation Aérienne en Afrique

et à Madagascar, au Cameroun (ASCENA CAMEROUN), j` ai effectué un stage académique
dùne durée de 2 mois soit du 19 juin au 18 aout 2023. Stage on mà demandé de travailler sur
LÈXTENSION DU RÉSEAU AMHS PAR VPN AUX AÉRODROMES DE YAOUNDÉ ET
GAROUA. Ce rapport contiendra les éléments suivants ; la présentation de lÀSECNA et de sa
Représentation au Cameroun, lùnité ou le stage a été effectué, les activités réalisées pendant le
stage et la thématique sur laquelle il mà été demandé de travailler.
ix
TABLE OF CONTENT
CERTICATION............................................................................................................................................II
DEDICATION............................................................................................................................................III
ACKNOWLEDGEMENTS...........................................................................................................................IV
PREFACE...................................................................................................................................................V
LIST OF ABREVIATIONS............................................................................................................................VI
ABSTRACT...............................................................................................................................................VII
RESUME.................................................................................................................................................VIII
TABLE OF CONTENT.................................................................................................................................IX
GENERAL INTRODUCTION........................................................................................................................1
PART 1:.....................................................................................................................................................2
THE FRAMEWORK (ENVIRONMENT) OF THE TRAINING COURSE.............................................................2
CHAPTER ONE...........................................................................................................................................3
GENERAL PRESENTATION OF THE COMPANY AND OF ITS REPRESENTATION IN CAMEROON.................3
SECTION ONE: HISTORY OF ASECNA, MISSION.....................................................................3
A: CREATION OF THE ASECNA...............................................................................................................3
B: THE MISSION OF ASECNA.................................................................................................................4
SECTION TWO: THE REPRESENTION OF ASECNA IN CAMEROON AND THE GEOGRAPHICAL LOCATION......4
C: The representation of ASECNA in Cameroon...................................................................................4
D: Activities of the Representation.......................................................................................................5
E: GEOGRAPHICAL LOCATION OF ASECNADOUALA..............................................................................7
F: ORGANIZATIONAL OF ASECNA CAMEROON.....................................................................................8
CHAPTER 2: PROGESS OF THE INTERNSHIP..............................................................................................9
SECTION ONE: PRESENTATION OF THE HOST DEPARMENT.........................................................................9
2.1 Introducing the RSI Unit.................................................................................................................9
x
SECTION TWO: ACTIVITIES CARRIED OUT DURING THE INTERNSHIP......................................................10
2.2 DESCRIPTION OF MY DIFFERENT TASKS........................................................................................10
PART TWO: PRACTICAL FRAMEWORK....................................................................................................14
CHAPTER 3. GENERALITIES ON THE EXTENTION OF AMHS NEYWORK THROUGH VPN TO THE
AERODOMES..........................................................................................................................................15
SECTION A: DIAGNOSTIC OF THE SYSTEM..................................................................................................15
3.1 WHAT IS A VPN.............................................................................................................................15
3.2 TYPES OF VPNs.....................................................................................................................................17
3.2.2 SITE TO SITE VPN.......................................................................................................................18
3.3 ENCRYPTING DATA IN A VPN........................................................................................................22
3.4 VPN protocols...............................................................................................................................23
SECTION B: ARCHITECTURE AND CONFIGURATION OF THE PROPOSE SYSTEM..........................................26
3.1Network Architecture of ASECNA..................................................................................................26
3.2 NEW Network Architecture of ASECNA........................................................................................26
3.3 CONFIGURATION OF THE DIFFERENT PROTOCOLS.......................................................................28
3.6 TESTS AND RESULTS.....................................................................................................................31
CHAPTER 4..............................................................................................................................................32
DIFFICULTIES ENCOUNTERED AND RECOMMENDATIONS......................................................................32
SECTION 1: PROBLEM ENCOUNTER DURING THE INTERSHIP.....................................................................32
4.1 Positive remarks...........................................................................................................................32
4.2 Difficulties Encountered...............................................................................................................32
SECTION 2: RECOMMENDATIONS..............................................................................................................32
GENERAL CONCLUSION..........................................................................................................................33
REFERENCES...........................................................................................................................................34
xi
TABLE OF FIGURES
Figure 3 :Organizational chart of ASECNA Douala........................................................................................8

Figure 4 : Client-to-site VPN.......................................................................................................................17
Figure 5 :site-to-site VPN............................................................................................................................19
Figure 6 : consumer vpn.............................................................................................................................21
Figure 7 : ASECNA Architecture..................................................................................................................26
Figure 8 :New network architecture of ASECNA.........................................................................................27
Figure 9 : configuring ISAKMP R1...............................................................................................................29
Figure 10 : IPSEC R1....................................................................................................................................30
Figure 11 : configuring Application of the crypto map..............................................................................31
Figure 12 :Ping from Douala LAN to Yaounde LAN.....................................................................................32
Figure 1 3: Ping from Yaounde LAN to Douala LAN....................................................................................32
xii
LIST OF TABLES
xiii
GENERAL INTRODUCTION
The internship in a company allows students to put into practice the knowledge acquired during
the training; work within a professional team under time and resource constraints; their capacity
for initiative, autonomy and responsibility. I had the privilege of carrying out my internship at
ASECNA DOUALA during a period of two month where I immersed myself in the professional
environment. Demonstrate Aviation safety management is an extremely complex job, and relies
heavily on the proper functioning and quality of an airport’s infrastructure .Meeting the
requirement association with aviation safety requires a look at the energy supply aspect. It is in
this spirit that ASECNA fulfills its main mission which is to ensure safety and navigation in
AFRICA and MADAGASCAR, and pays particular attention to it .Here in Douala, part of this
task is carried out by the RSI department, the department in which I did my internship .These
department is responsible for ensuring the availability and proper functioning of the ASECNA
network. The rest of this work will allow me to better understand the project I have developed
which is based on the Extention of the AMHS network through a VPN.
The organisation of the report is divided into 2 part, Part one is made up of two chapter: chapter 1
and chapter 2 and both subdivide into section 1and 2
Part two is also made up of two chapter: chapter 3 and chapter 4 and both subdivided into section
1 and section 2
1
PART 1:
THE FRAMEWORK (ENVIRONMENT)

OF THE TRAINING COURSE
2
CHAPTER ONE
GENERAL PRESENTATION OF THE COMPANY

AND OF ITS REPRESENTATION IN CAMEROON
Chapter one is made up of two sections, section 1 and section 2 .Section 1 talks about history
ASECNA, its basic aspects and about the member’s states of ASECNA, it’s states members, it’s
mission .section two is about it’ representation and the geographical location and the
organizational hierarchy chart.
SECTION ONE: HISTORY OF ASECNA, MISSION.

A: CREATION OF THE ASECNA
The ASECNA was created on 12 December 1959 by an agreement signed in Saint Louis in
Senegal. ASECNA meaning «Agency for the Safety of Air Navigation in Africa and
Madagascar», with the headquarter in Dakar in Senegal, is a multination public company. Its
main mission consists in ensuring safety in air navigation, in order to cover an airspace surface
area of about 16 100 000km2 including the national airspaces of its 18 African countries states
which are BENIN, BURKINA FASSO, CAMEROON, CENTRAL AFRICA, COMOROES,
CONGO, IVORY COAST, GABON, GUINEA BISSAU, MAURITIUS, MADAGASCAR,
MALI, MAURITANIA, NIGER, SENEGAL, CHAD, TOGO and FRANCE Senegal, as well-
structured organizational chart to ensure the smooth running of the missions that are invited.
3
B: THE MISSION OF ASECNA
Agency is mandated to discharge the following functions:
 Providing en-route air navigation services in the airspaces, coupled with organizing the
airspace and air routes in compliance with the ICAO provisions, publishing aeronautical
information, forecasting and transmitting information related to aviation meteorology;
 Providing aerodromes under its control with air traffic, approach and aerodromes
services in addition to fire fighting and aircraft rescues services. It also has to publish
aeronautical information, conduct forecast and transmit aviation meteorology information;
 Managing schools and offering courses to solve the challenges of civil aviation;
 Defining specification relative to function, systems and devices as well as defining
implemented working procedures and methods, including those relative to the study,
specification about procurement, reception, installation, technical control, in addition to
th1e ones to be kept under operational condition, operation of equipment and installations,
systems of communication, navigation, surveillance, air traffic management and aviation
meteorology
 ASECNA is also responsible for defining the implementation of safety and quality
management system pursuant to the ICAO standards and transmit aviation meteorology
SECTION TWO: THE REPRESENTION OF ASECNA IN CAMEROON AND THE

GEOGRAPHICAL LOCATION
C: The representation of ASECNA in Cameroon

ASECNA is represented in each of its countries members by a Representation. The
Representation of ASECNA in Cameroon is based in Douala and it is in charge of providing air
safety services in
4
three aerodromes: Douala, Yaoundé and Garoua. It is also in charge of the meteorological station
of the Ngaoundéré aerodrome.
By delegation and under the authority of the General Management, the Representations are
responsible for implementing the Agency's strategic orientation in every country.
1: Organization of the representation

The Representation is placed under the responsibility of a Representative. He works in
collaboration with Activity Managers and Heads of Unit and together they ensure the direction
and management of the Representation.
2: The Representative
It represents the Director General in his Representation. He coordinates all the activities of the
Representation and ensures compliance with the policy of the General Management and the
realization of the projects defined by it.
3: Activity Managers
An activity manager is responsible for an administrative or technical area, which he or she
manages. An activity consists of several unit.
4: Head of Unit
A unit is a particular service in an activity. The Heads of Unit coordinate the work in their
respective units.
D: Activities of the Representation

The activities of the representation are divided into two main groups: Administrative and support
activities, and technical operational activities.
In the administrative and support field:
- Administration and Finance activity;
5
- The payroll activity;

- The External Relations Unit
- the Procurement/Purchasing activity;
- The Maintenance of Civil Engineering Infrastructures;
- The Safety, Safety, Quality and Environment activity.
In the technical operational fields:
- Aerodrome Operations activity;

- The Exploitation of Meteorology activity;
- The Control en Route activity;
The Maintenance of Radio – Computer Infrastructures.
6
Figure
1:
ASECNA REPRESENTION
E: GEOGRAPHICAL LOCATION OF ASECNADOUALA
7
Figure 2: Geographical location of ASECNA
8
F: ORGANIZATIONAL OF ASECNA CAMEROON
Figure 1 :Organizational chart of ASECNA Douala
9
CHAPTER 2: PROGESS OF THE

INTERNSHIP
SECTION ONE: PRESENTATION OF THE HOST DEPARMENT

2.1 Introducing the RSI Unit
The RSI/Meteorological Unit is responsible for the maintenance of computer equipment and
systems used for the production and exchange of aeronautical and meteorological data and
information.
- TOPSKY: A system that displays on the air traffic controller's screen a representation of
the airspace under his area of responsibility, air routes and beacons symbolizing aircraft.
The data used to symbolize aircraft comes from RADAR, flight plans, ADS/B;
- SIOMA (Integrated Aeronautical Meteorological Observation System): A system
composed of instruments for measuring the temperature, pressure, direction and strength
of the wind. It automatically generates this information in the form of a message and is
submitted to the assessment of the Aerodrome Meteorological Watchmen for verification,
completion and transmission.
- A Weather Park: A park that brings together equipment for measuring meteorological
parameters and sensors. All this allows the Meteorological Observer to have regular data
on the state of the atmosphere on the surface and to write meteorological observation
messages called SYNOP.
- An altitude observation station: it contains balloons, a helium balloon inflator and probes
connected to a computer system called GRAWMET. To make an observation at altitude,
the Meteorological Observer inflates a balloon with Helium 1 and attaches a probe to it.
10
When the balloon is released, the probe provides the parameters of the atmosphere aloft as
it climbs.
- The Radio/Telephone Channel: It gathers satellite IP telephone lines for communication
between air traffic controllers in adjacent centres and frequencies for Pilot-Controller
communication;
- Aeronautical (FSFTA/AMHS) and meteorological (SMT/SIO) communication networks:
these are the networks set up by ICAO and 2 WMO3 for the exchange of aeronautical and
meteorological messages;
- The INTRANET network: This is an internal network of ASECNA that allows its agents
to have access to various services: internal e-mail, the Enterprise Resource Planning
Software, the invoicing of fees, the ASECNA websites and which offers an opening to the
Internet.
SECTION TWO: ACTIVITIES CARRIED OUT DURING THE INTERNSHIP

2.2 DESCRIPTION OF MY DIFFERENT TASKS
In a quest for an academic internship to complete the year 2023-2024 with practical knowledge,
ASECNA DOUALA gladly opened their door to us though we still had a lot to learn since we
were mostly giving just theory in level 1. My internship lasted for two months (July and
august) .It is a question of recounting the progress of my internship. What were the tasks done?
What were the difficulties encountered? What are the reasons for choosing our topic?
We then took it upon ourselves and decode it at the back of my mind that we have been received
in a cordial and peaceful manner, this thinking we had within allowed us to experience an
interesting and well fulfilled stay. It is therefore in this point in time we began the internship
within the RSI Unit. During my stay within this company, I accomplished several tasks and
encountered some difficulties that I have grouped them together in the following table.
11
Table 1 TABLE OF ACTIVITIES
PROBLEM
TIME ACTIVITIES RESULT ENCOUNTERED SOLUTION
-Collection of
Week 1 the acceptance
document and
document for the Well done None None
creation of the
access card
-Collection of
the access card
and the program Well done None None
for the internship
-Began visiting
the various The explanation
department of Well done was in French None
the ASECNA
Cameroon
representation
Continuation of Poor transport Provide vehicles

Week 2 the visiting of Well done condition and lack
the other of vehicle’s
department
12
First day at
maintenance IRE
Learning more
about the various Well done Understanding of Some softcopy
system in place some point was handle to us
to ensure the to understand
safety of flight those point
Learning about
the different Well done None
tools used in None
aeronautics
Week 3 Presentation of
the ASECNA’S None
computer None
network and
system
Theme handle by
my supervisor
and immediately Difficulties in More
started making understanding the explanation was
research on it topic given by my
supervisor and
handle of some
document for
more
understanding
Installation of
operating system Language setting
Week 4 and was arise during
configuration of the installation
basic setting process
such as keyboard
language,
Kaspersky
antivirus on new
computers
13
2.2.1: JUSTIFICATION OF THE TOPIC

The implementation of AMHS in Cameroon poses a problem of interconnection both for
terminals and for links with remote sites. But the scope of our work is user terminals, which are
of two (02) types:
- Users in the same LAN network as the AMHS switch;

- Terminals belonging to remote LANs whose accessibilities offer two choices:
o Extension via private telecommunications networks;
o Extension via Internet.
The solution currently being implemented is the extension via ASECNA's private
telecommunications network which is done via satellite links, but this connection offers
insufficient bandwidth to meet the requirements of the systems that implement AMHS between
the Douala aerodrome and the Yaoundé and Garoua aerodromes. This sometimes causes service
interruptions. It is for this reason that an alternative solution aimed at improving the quality and
continuity of service with the use of the system implementing AMHS wants to be used. This
alternative is the use of VPN channels to establish communications between the AMHS system at
Douala airfield and subscribers who are in Yaoundé and Garoua airfield
14
PART TWO: PRACTICAL FRAMEWORK
15
CHAPTER 3. GENERALITIES ON THE

EXTENTION OF AMHS NEYWORK
THROUGH VPN TO THE AERODOMES
SECTION A: DIAGNOSTIC OF THE SYSTEM

3.1 WHAT IS A VPN
VPN stands for "Virtual Private Network" and describes the ability to establish a protected
network connection when using public networks through authentication and encryption.
A VPN allows you to create a virtual link called a tunnel between two points:
- Between two companies

- Between a terminal computer and a corporate network
In this tunnel, data is encrypted and isolated, ensuring its confidentiality. A VPN allows you to
create a virtual extension of a network.
3.1.1 THE PURPOSE OF A VPN

A VPN is used to ensure the confidentiality, authentication, and integrity of data:
- In order to ensure a high degree of privacy, the VPN encrypts data transmitted over the
internet. This means that anyone who tries to intercept this data will only see a confusing mix
of characters that is almost impossible to decipher.
- The VPN initiates an authentication process between two communication devices to ensure
that both devices are truly who they say they are.
-The VPN also digitally signs the data to ensure the integrity of the data, verifying that the data
is not tampered with or intercepted before it reaches its intended recipient
16
3.1.2 ADVANTAGES OF USING A VPN

- Enhanced online privacy: A VPN encrypts your internet traffic, preventing ISPs, hackers,
and other third parties from monitoring your online activities.
- Security: VPNs provides a secure connection, protecting your sensitive data from cyber
threats and ensuring that your online transactions are safe
- Remote Access: VPNs enable users to securely access company networks and work
remotely from anywhere in the world.
- Prevention of Bandwidth throttling: VPNs can help avoid data caps (a limit on how much
you can do online each month) and maintain internet speed.
- Protection of public WI-FI Networks: VPNs are essential for securing your data and
protecting your privacy when using public WI-FI networks at airports, hotels and other
public places.
3.1.3 DISADVANTAGES OF USING A VPN

Slower Internet Speed: using VPN can sometimes lead to slow internet speeds, as the encryption
and rerouting of data can cause delays in connection.
Cost: While there are free VPN services available, premium VPNs with better security and
performance may come at a cost. Additionally, maintaining a VPN service may add to your
monthly expenses.
Limited Server Location: some VPN providers may have limited server locations, which can
restrict your ability to access content from different regions.
Potential for Connection Drops: VPN connections may occasionally drop, exposing your IP
address and compromising your privacy if the VPN fails to reconnects.
3.2 TYPES OF VPNs

There are several types of VPNs:
17
3.2.1 CLIENT TO SITE VPN
It allows an employee to establish a secure connection to the corporate network (to access
applications, file servers, etc.) over the Internet. This method is most commonly used in the
context of teleworking. Here, the company's firewall acts as a VPN gateway. This VPN can be
Split Tunnel or Full-Tunnel. The Split-Tunnel allows the remote user to access only the company
network via the VPN and the rest of the internet traffic (search, videos, etc.) is done outside the
VPN. The Full-Tunnel routes all of the remote user's traffic through the VPN. In this case, to go
over the Internet, the traffic goes through the VPN and then uses the company's Internet
connection. Thus, the company's security policy will always be applied even if the user is outside
(e.g. the limitation of certain sites, etc.)
Figure 2 : Client-to-site VPN
3. 2.1.1 Advantage of client to site VPN
18
 Secure Remote Access: Client- to- Site VPN allows remote user to securely connection to the
organization’s network from any location. This provides employees with the flexibility to
work from home or while traveling while maintaining a secure connection to company
resources.
 Data Encryption: All data transmitted between the client device and the organization’s
network is encrypted, ensuring that sensitive information remains secure and protected from
UN authorized access.
 Secure Communication: Client- to- site VPN provides a secure communication channel for
remote users to communicate with other employees, access email, share files, and collaborate
on projects without compromising data security.
 Access Control: Client – to- Site VPN allows organization to implement access control
policies, ensuring that only authorized users can connect to the network. This helps to prevent
unauthorized access to company resources and sensitive data.
3.2.1.2 DISADVANTAGES OF CLIENTS- TO- SITE VPN

 Network Performance: Clients-to – Site VPN connections can sometime result in slower
network performance due to the encryption and decryption processes involved in transmitting
data. This can impact the user experience, especially for bandwidth – intensive tasks.
 Security Risk: if user’s device is compromised or infected with malware, it could potentially
pose a security risk to the organization’s network when connecting via a Client-to –Site VPN.
 Compatibility Issues: Client –to –Site VPN may encounter compatibility issues with certain
operating systems, devices, or application.
3.2.2 SITE TO SITE VPN

It allows you to interconnect two networks on two different sites. This allows, for example, an
application server on a network of company A to be accessible by both the subscribers of
company A and those of a subsidiary located at site B. This type of VPN also gives the ability to
connect a corporate network to the cloud.
19
Figure 3 :site-to-site VPN
3.2.2.1 ADVANTAGES OF SITE TO SITE VPN
 Enhanced network security: Site –to- site VPN provide a secure and encrypted connection
between two or more networks, ensuring that sensitive data is protected from unauthorized
access.
 Improved data privacy: By encrypting data transmitted over the vpn tunnel, site –to- site vpn
help ensure the privacy of communication between different network locations.
 Increased network reliability: Site –to –site van help improve network uptime by providing a
secure and stable connection between different network locations, ensuring uninterrupted
access to resources.
20
 Secure Cloud connectivity : Site –to – site vpn can used to securely connect on-premises
networks to cloud services, enabling organization to leverage cloud resources while
maintaining data privacy and security
3.2.2.2 DISADVANTAGES OF SITE- TO – SITE VPN
 Potential for network latency: Encrypting data and routing it through a vpn tunnel can
sometime introduce network latency, especially over long distances or when dealing with
large amount of data. This can impact network performance and user experience.
 Potential security risks: Despite providing encryption and security features, site-to-site VPNs
can still be vulnerable to security breaches or attacks .Any weaknesses in the VPN
implementation or configuration can potentially be exploited by cybercriminals.
 Performance impact on high-bandwidth application: some high-bandwidth application or
services may experience degraded performance when transmitted over a vpn tunnel due to the
overhead of encryption and authentication processes.
 Complexity of setup and management: Site-to-sevens can be complex to set up and configure,
especially for organization with limited IT resource or expertise
3.2.3 CONSUMER VPN

This allows a user to browse the internet while protecting their privacy on the one hand and being
as anonymous as possible. This role is provided by the VPN provider on the net (it is therefore
the only one to keep track of the browsing of the connected users who pass through it). This
solution is usually subject to a monthly subscription.
21
Figure 4 : consumer vpn
22
Figure 6: consumer vpn
3.2.3.1ADVANTAGES OF CONSUMER
 Anonymity: VPNs can help mask your IP address and location, making it more difficult for
websites and online services to track your online activities .This can help to protect your
identity and maintain anonymity online.
 Remote access: VPNs allows you to securely access your home or work network from
anywhere in the world. This is especially useful for remote employees who need to access
company files and resources while working outside of the office.
3.2.3.2 DISADVANTAGES OF CONSUMER VPN
 Cost: While many VPN services offer free or low-cost options, premium VPN services can be
quite expensive, especially if you require addition features or advanced security protocols.
 Limited server locations: Some VPN services may have a limited number of servers and
server locations, which could impact your ability to access content from certain regions or
experience slower connection speeds if the servers are overcrowded.
23
3.3 ENCRYPTING DATA IN A VPN

Data encryption is a process that makes information unreadable to those who do not have its
decryption key. Data encryption therefore allows an Internet user to protect their online
exchanges and activities by making them impossible to understand. To encrypt data, you need to
go through an encryption algorithm, as well as a key.
Encryptions Can Be:

- Symmetric, with a single key for encryption and decryption, as for DES or AES algorithms,
suitable for individual uses;
- Asymmetric, with a public key for encryption and a different private key for decryption, as
with the RSA algorithm, suitable for information exchanges between two parties.
Symmetric ciphers with the AES algorithm are the most common. So it's no wonder that VPN
services use this method to encrypt data. However, just because this method is common doesn't
mean it's unreliable. Far from it, since the AES-256 and even AES-128 algorithms are widely
considered infallible.
Here are some encryption algorithms:
- DES (Data Encryption Standard): This is a symmetric encryption algorithm developed by

IBM. It uses a 56-bit key to encrypt 64-bit blocks of data 1.
Encryption is done in several step, including initial swapping, swapping, final swapping, and
expansion 2.DES is considered secure, but it has been replaced by newer algorithms such as ASE
(Advanced Encryption Standard)
- AES (Advance Encryption Standard): It comes in 128-bit, 196-bit, and 256-bit. It is this
last value that determines the suffix of the protocol. The higher the number of bits, the greater
the protection. AES – 256 is therefore quite simply the most secure encryption standard to
date. It encrypts data in blocks of 128 bits each. This means that it takes 128 bits as input and
24
outputs 128 bits of cipher text. AES is based on the substitution-permutation network
principle, which means that it is performed using a series of linked operations that involve the
replacement and shuffling of input data. The number of turns depends on the length of the key
as follows: 128-bit key – 10 turns; 192-bit key – 12 rounds; 256-bit key – 14 rounds.
- RSA (Rivets, Shamir, and Adelman): Key exchange protocol involving the generation and
distribution of keys, this protocol is named after its three creators: Rivets, Shamir, and
Adelman.
- DH (Daffier-Hellman): A key exchange protocol involving the generation and
authentication of keys and often referred to as an exchange of authenticated keys.
3.4 VPN protocols

VPN protocols include, but are not limited to:
- PPTP (Point-to-Point Tunnelling Protocol): This is a historical method of setting up a VPN

tunnel. It contains security flaws and is now obsolete.
- L2TP/IPsec protocols: (Layer 2 Tunnelling Protocol): Designed by Microsoft, it relies on
IPsec (IP Security) to work. L2TP will establish the tunnel and IPsec will secure this tunnel
by providing encryption and a two-level authentication. It is also compatible with all
operating systems, including Apple, Android and, of course, Windows. It offers the
Possibility of multi-threaded tunnelling, and therefore the execution of several secure tasks
simultaneously, which can compensate for the speed losses related to the security itself.
Unfortunately, the L2TP protocol only uses UDP port 500, which means that it cannot be masked
by using another port. This makes it an easier protocol to block and also less effective at
bypassing firewalls. The IPsec encryption algorithm is secure but a bit slow because the traffic
needs to be converted to L2TP and then encrypted with IPsec.
- IKEv2/IPsec (Internet Key Exchange version 2 / IPsec) protocols: Designed by Microsoft

and Cisco, it works much like L2TP on the IPsec protocol but it is newer. It has been present
25
on all Windows devices since Windows 7. It allows mutual authentication between hosts at
both ends of the tunnel (including with a shared key), and a connection established in two
pairs. IKEv2 is particularly effective at re-establishing a VPN connection after the internet
connection has been lost.
- SSTP (Secure Socket Tunnelling Protocol): This is another VPN protocol that belongs to
Microsoft. It is now available on all Windows devices since Vista Service Pack 1. It is,
however, perfectly usable for both Linux and Mac users. This is an extremely popular
protocol due to its very high level of security. SSTP encrypts data in AES – 256 bits. SSTP
additionally uses TCP port 443 to establish a connection to the VPN server. To put it simply,
the advantage of this port is that it can bypass almost any firewall. SSTP is more geared
towards Windows users. Its weakness is that it cannot be evaluated effectively as it is a
proprietary protocol. Because it uses SSLv34, it has the ability to bypass firewalls.
OpenVPN: This is the most widely used today. It is often associated with the notion of SSL. It is
open source and compatible with many devices (Android, Windows, Marcos, Linux, etc.). It
works by default in UDP on port 1194 but it is also compatible with TCP which allows it to pass
some firewalls. OpenVPN can easily bypass firewalls, and supports many types of encryption
such as AES, Blowfish, and 3DES. The speed of this protocol depends largely on
the method chosen for encrypting the data. In the majority of cases, VPNs use AES – 256-bit, the
most secure encryption method available today, and one that has never been breached.
Unfortunately, OpenVPN isn't built into most operating systems out of the box. On Windows or
Android for example, you'll need to install and run a third-party app on your machine to make
your OpenVPN connection work. Because it uses SSL v3, it has the ability to bypass firewalls.
- The Wire Guard protocol: It is recent and is compatible with several devices like
OpenVPN. But it works in Peer to Peer mode unlike other protocols that work in client-
server mode. It only works in UDP and can potentially be blocked by firewalls.
26
3.5 Hash protocols
Hashing is a process that allows a unique digital signature to be obtained from the seed
information and a hash function. Hash functions have a variety of applications, including the
ability to calculate the unique fingerprint of a file or store passwords securely in a database. It can
also be used to check the checksum of a piece of data to verify its integrity.
There are several different algorithms that can be used to obtain a fingerprint: MD5, SHA1, and
SHA-256
News Hash function Signature
The hash print is therefore different depending on the input used and therefore it is unique.
MD5 and SHA1 are no longer considered safe. Collisions (identical fingerprints obtained with
different inputs) have been found with M
D5. The SHA1 function is also discouraged because researchers have found possible attacks
against this algorithm. It has been replaced by SHA2 which gives the hash functions SHA-224,
SHA-256, SHA-384, and SHA-512.
SECTION B: ARCHITECTURE AND CONFIGURATION OF THE PROPOSE SYSTEM

ASECNA uses the Aeronautical Message Handling System play a crucial role in air traffic
control by providing secure, efficient, and reliable messaging services for the exchange of critical
aeronautical information .It enhance communication between air traffic control centres and
aerodromes, contributing to safer and more efficient air traffic management
27
3.1Network Architecture of ASECNA
Figure 5 : ASECNA Architecture
3.2 NEW Network Architecture of ASECNA
During the simulation of the Client-to-Site VPN the new network architecture was required and it was
done using packet Tracer.
28
Figure 6 :New network architecture of ASECNA
Configuration of the Client-to-Site VPN

VPN as the name implies consist of creating a virtual network between two points in order to
secure communication .In order to present this, we above presented an architecture and we will
start with basic configurations and the VPN to establish a connection.
Table 2 : IP ad dressing tables
Subnet
Device Interface IP Address mask
Router 1 g 0/0/1 10.0.1.0/24 255.255.255.0
Router 2 g 0/0/1 10.0.2.0/24 255.255.255.0
Router 3 G 0/0/0 255.255.255.252

102.219.44.2
29
102.219.45.2 255.255.255.252n
G 0/0/1
Switch 1 NLC
Switch 2 NLC 255.255.255.0
Pc1 Fa 0/1 10.0.1.1/24 255.255.255.0
Pc2 Fa 0/2 10.0.1.2/24 255.255.255.0
Pc3 Fa 0/1 10.0.2.3/24 255.255.255.0

Server-pt
Fa 0/2 10.0.2.1/24 255.255.255.0
3.3 CONFIGURATION OF THE DIFFERENT PROTOCOLS

During the simulation of the VPN some protocol had been configured on the router of the 2
aerodrome they included: The policy of the ISAKMP, IPESC-TRANSFORM-SET, ACL,
CRYPTO MAP and then the application of the crypto map.
Following are the steps carried out in order to configure the Yaoundé router.
 Policy ISAKMP: Here configuration is based on the encryption of the Hash md5,
authentication pre-share, group and the lifetime and the same procedure will be repeated
on the other router.
30
Figure 7 : configuring ISAKMP R1
 IPsec-Transform-Set :The crypto IPsec transform-set ,the esp-3des esp-sha-hmac, the

access control list and the crypto IPsec security-association lifetime sec is configure that will be
used to ensure confidentiality, authenticity, integrity and repudiation of the data that will be
transmitted through the VPN on both the 2 routers.
31
Figure 8 : IPSEC R1
 APPLICATION OF THE CRYPTO MAP :Here the access-list is created that will be
used define the set off user whose data should be secure with the vpn, the IPsec transform
set come in to place using the encryption algorithm and the ash algorithm, and chose to
whom will be sent the secured packets
32
Figure 9 : configuring Application of the crypto map
3.6 TESTS AND RESULTS
Connectivity test (ping) involves sending an ICMP request to verify communication is possible
between the devices.
 Connectivity test between Douala LAN and Yaounde LAN
33
Figure 12 :Ping from Douala LAN to Yaounde LAN

 Connectivity from Yaounde LAN and Douala LAN
Figure12 : Ping from Yaounde LAN to Douala LAN

34
CHAPTER 4
DIFFICULTIES ENCOUNTERED AND

RECOMMENDATIONS
SECTION 1: PROBLEM ENCOUNTER DURING THE INTERSHIP

During our internship we were facing positive remarks and difficulties encountered related to
the operation
4.1 Positive remarks

 ASECNA is made up of trained, competent and dynamic working staff.
 ASECNA is organized in their task, there is a good separation of work.
 The employees of the company are welcoming and kind, this permits the interns to
feel at their ease inside the premises.
4.2 Difficulties Encountered

During our two month stay at ASECNA Douala, we observed some insufficiencies among which
are,
 Facing challenges due to language barriers.

35
 Controllers facing difficulties some time to communicate with the pilots
 No access to internet
 Insufficient vehicles to access the different sites where some equipment are found to
carry out maintenance.
 Risk of being harm by wild animals e.g. SNAKES
SECTION 2: RECOMMENDATIONS
 Provide Wi-Fi box who can help us to have access to the internet.
 Provide vehicles for the company to deploy their technician on different worksite.
 Clear communication channel should be establish and new equipment for the tower
 ASECNA should provide language training to their working staff.
36
GENERAL CONCLUSION
The main objective of this internship was to acquire knowledge and experience on how work
function in our day to day life enterprises and to bring up analysis on how things can be improved
or reorganize. Put in practice all our theoretical knowledge acquired during our first year and
familiarize our self with the socio-professional world. The simulation of the extension of the
AMHS network through a VPN is to aid the company in order to have easily remote access and
the encryption of their data. Moreover, beyond the report we wrote, our internship contained a
greater number of very enriching experiences for us, because it allowed us to discover the field of
air traffic, its outlets and its constraints, through the mission in which we had to participate. Also,
we want to believe that our internship at ASECNA DOUALA will make a contribution, as
modest as it can, to the efficiency of certain services and to the improvement of certain
inadequate practices or situation.
37
REFERENCES
 Mbun Godlove, notes on VPN type (network security course), HND-NWS, ISTA/IUG
2023/2024 academic year, unpublished.
 Past reports.
 Documents handle by the professional supervisor during the internship.
 IPSEC –config.pdf
 https://youtu.be/CsAROSbZF-Y?si=uaxt3riux8zpPul
38

Final Ngongwa Nana Grace Report 2024-Edit

Uploaded by

Copyright:

Available Formats

You might also like

Final Ngongwa Nana Grace Report 2024-Edit

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Final Ngongwa Nana Grace Report 2024-Edit

Uploaded by

Copyright:

Available Formats

EXTENTION OF AMHS NETWORK THROUGH VPN TO THE AERODROMES: CASE OF ASECNA

ACADEMIC SUPERVISOR PROFESSIONAL SUPERVISOR

Name ………………….. Name ………………………………

Signature…………………. Signature ……………………………

Date ………………….. Date ……………………………..

 Mr. LOUISE MARIE DJAMBOU founder and president of IUG.

 Computer Engineering, Telecommunication

ASECNA: Agency for safety of Air Navigation in Africa and Madagascar

AMHS: Aeronautical Message Handling System

ESP: Encapsulation Security Protocol

DES: Data Encryption Standard

ISAKMP: Internet Security Association Key Management Protocol

HMAC: Hashed-Based Message Authentication Code

MD5: Message Digest 5

SHA: Secure Hash Algorithm

AES: Advanced Encryption Standard

TCP: Transport Control Protocol

UDP: User Data Gram Protocol

WIFI: Wireless Fidelity

RSA: Rivest Shamir Adleman

SSTP: Secure Socket Tunneling Protocol

L2TP: Layer 2 Tunneling Protocol

IKEv2: Internet Key Exchange Version

ICAO: International Civil Aviation Organization

SSL: Secure Socket layer

Afin de mettre en pratique les connaissances théoriques acquises au cours de l` année

Au sein de la Représentation de l`Agence pour la sécurité de la Navigation Aérienne en Afrique

Figure 3 :Organizational chart of ASECNA Douala........................................................................................8

THE FRAMEWORK (ENVIRONMENT)

GENERAL PRESENTATION OF THE COMPANY

SECTION ONE: HISTORY OF ASECNA, MISSION.

SECTION TWO: THE REPRESENTION OF ASECNA IN CAMEROON AND THE

C: The representation of ASECNA in Cameroon

1: Organization of the representation

D: Activities of the Representation

In the administrative and support field:

- Administration and Finance activity;

- The payroll activity;

In the technical operational fields:

- Aerodrome Operations activity;

E: GEOGRAPHICAL LOCATION OF ASECNADOUALA

Figure 2: Geographical location of ASECNA

F: ORGANIZATIONAL OF ASECNA CAMEROON

Figure 1 :Organizational chart of ASECNA Douala

CHAPTER 2: PROGESS OF THE

SECTION ONE: PRESENTATION OF THE HOST DEPARMENT

SECTION TWO: ACTIVITIES CARRIED OUT DURING THE INTERNSHIP

Table 1 TABLE OF ACTIVITIES

Continuation of Poor transport Provide vehicles

2.2.1: JUSTIFICATION OF THE TOPIC

- Users in the same LAN network as the AMHS switch;

PART TWO: PRACTICAL FRAMEWORK

CHAPTER 3. GENERALITIES ON THE

SECTION A: DIAGNOSTIC OF THE SYSTEM

- Between two companies

3.1.1 THE PURPOSE OF A VPN

3.1.2 ADVANTAGES OF USING A VPN

3.1.3 DISADVANTAGES OF USING A VPN

3.2 TYPES OF VPNs