08-VPN-思科

realhellman
1 ℃
2020-07-02

整理文档很辛苦，赏杯茶钱您下走！

还剩 ... 页未读，继续阅读 >>

免费阅读已结束，点击下载阅读编辑剩下 ... 页

阅读已结束，您可以下载文档离线阅读编辑

资源描述

CCNPCCNPCCNPCCNP培训课程之培训课程之培训课程之培训课程之BCRANBCRANBCRANBCRANCCNPCCNPCCNPCCNP培训课程培训课程培训课程培训课程-BCRAN-BCRAN-BCRAN-BCRANCCNPCCNPCCNPCCNP培训课程之培训课程之培训课程之培训课程之BCRANBCRANBCRANBCRAN第八章第八章第八章第八章VPNVPNVPNVPN虚拟专用网络虚拟专用网络虚拟专用网络虚拟专用网络(VPN)(VPN)(VPN)(VPN)为什么使用为什么使用为什么使用为什么使用VPNVPNVPNVPNVPNVPNVPNVPN构建构建构建构建VPNVPNVPNVPN隧道和加密隧道和加密隧道和加密隧道和加密多种设备上使用多种设备上使用多种设备上使用多种设备上使用VPNVPNVPNVPNCiscoVPNCiscoVPNCiscoVPNCiscoVPN解决解决解决解决系统系统系统系统VPNVPNVPNVPN的类型的类型的类型的类型•Remote-accessRemote-accessRemote-accessRemote-access–Client-initiatedClient-initiatedClient-initiatedClient-initiated–NetworkaccessserverNetworkaccessserverNetworkaccessserverNetworkaccessserver•Site-to-siteSite-to-siteSite-to-siteSite-to-site–IntranetIntranetIntranetIntranet–ExtranetExtranetExtranetExtranetRemote-AccessVPNRemote-AccessVPNRemote-AccessVPNRemote-AccessVPN解决方案解决方案解决方案解决方案Site-to-SiteVPNSite-to-SiteVPNSite-to-SiteVPNSite-to-SiteVPN解决方案解决方案解决方案解决方案多层加密多层加密多层加密多层加密隧道协议隧道协议隧道协议隧道协议VPNVPNVPNVPN协议协议协议协议选择层三的选择层三的选择层三的选择层三的VPNVPNVPNVPN隧道隧道隧道隧道VPNVPNVPNVPN关键术语关键术语关键术语关键术语•TunnelTunnelTunnelTunnel•EncryptionanddecryptionEncryptionanddecryptionEncryptionanddecryptionEncryptionanddecryption•CryptosystemCryptosystemCryptosystemCryptosystem•HashingHashingHashingHashing•AuthenticationAuthenticationAuthenticationAuthentication•AuthorizationAuthorizationAuthorizationAuthorization•KeymanagementKeymanagementKeymanagementKeymanagement•CACACACA————certificationauthoritycertificationauthoritycertificationauthoritycertificationauthorityserviceserviceserviceserviceIPSecVPNIPSecVPNIPSecVPNIPSecVPN关键术语关键术语关键术语关键术语•AH:AuthenticationHeaderAH:AuthenticationHeaderAH:AuthenticationHeaderAH:AuthenticationHeader•ESP:EncapsulatingSecurityPayloadESP:EncapsulatingSecurityPayloadESP:EncapsulatingSecurityPayloadESP:EncapsulatingSecurityPayload•IKE:InternetKeyExchangeIKE:InternetKeyExchangeIKE:InternetKeyExchangeIKE:InternetKeyExchange•ISAKMP:InternetSecurityAssociationandKeyISAKMP:InternetSecurityAssociationandKeyISAKMP:InternetSecurityAssociationandKeyISAKMP:InternetSecurityAssociationandKeyManagementProtocolManagementProtocolManagementProtocolManagementProtocol•SA:SecurityassociationSA:SecurityassociationSA:SecurityassociationSA:Securityassociation•AAA:Authentication,authorization,andaccountingAAA:Authentication,authorization,andaccountingAAA:Authentication,authorization,andaccountingAAA:Authentication,authorization,andaccounting•TACACS+:TerminalAccessControllerAccessTACACS+:TerminalAccessControllerAccessTACACS+:TerminalAccessControllerAccessTACACS+:TerminalAccessControllerAccessControlSystemPlusControlSystemPlusControlSystemPlusControlSystemPlus•RADIUS:RemoteAuthenticationDial-InUserServiceRADIUS:RemoteAuthenticationDial-InUserServiceRADIUS:RemoteAuthenticationDial-InUserServiceRADIUS:RemoteAuthenticationDial-InUserServiceCiscoIOSCiscoIOSCiscoIOSCiscoIOS密码系统密码系统密码系统密码系统©©©©2003,CiscoSystems,Inc.Allrightsreserved.2003,CiscoSystems,Inc.Allrightsreserved.2003,CiscoSystems,Inc.Allrightsreserved.2003,CiscoSystems,Inc.Allrightsreserved.18181818密码系统预览密码系统预览密码系统预览密码系统预览对称加密对称加密对称加密对称加密非对称加密非对称加密非对称加密非对称加密交换密钥交换密钥交换密钥交换密钥————DiffieDiffieDiffieDiffie-Hellman-Hellman-Hellman-HellmanHashingHashingHashingHashing算法算法算法算法IPSecIPSecIPSecIPSec技术技术技术技术©©©©2003,CiscoSystems,Inc.Allrightsreserved.2003,CiscoSystems,Inc.Allrightsreserved.2003,CiscoSystems,Inc.Allrightsreserved.2003,CiscoSystems,Inc.Allrightsreserved.24242424IPSecIPSecIPSecIPSec————互操作的加密和认证互操作的加密和认证互操作的加密和认证互操作的加密和认证隧道模式和传输模式隧道模式和传输模式隧道模式和传输模式隧道模式和传输模式安全结合安全结合安全结合安全结合IPSecIPSecIPSecIPSec的五个步骤的五个步骤的五个步骤的五个步骤IPSecIPSecIPSecIPSec如何使用如何使用如何使用如何使用IKEIKEIKEIKEIKEIKEIKEIKE和和和和IPSecIPSecIPSecIPSec流程图流程图流程图流程图配置配置配置配置IPSecIPSecIPSecIPSec步骤步骤步骤步骤Task1Task1Task1Task1––––PrepareforIKEandIPSECPrepareforIKEandIPSECPrepareforIKEandIPSECPrepareforIKEandIPSECStep1:DetermineIKE(IKEphase1)policyStep1:DetermineIKE(IKEphase1)policyStep1:DetermineIKE(IKEphase1)policyStep1:DetermineIKE(IKEphase1)policyStep2:DetermineStep2:DetermineStep2:DetermineStep2:DetermineIPSecIPSecIPSecIPSec(IKEphase2)policy(IKEphase2)policy(IKEphase2)policy(IKEphase2)policyStep3:CheckthecurrentconfigurationStep3:CheckthecurrentconfigurationStep3:CheckthecurrentconfigurationStep3:CheckthecurrentconfigurationStep4:EnsurethatthenetworkworkswithoutStep4:EnsurethatthenetworkworkswithoutStep4:EnsurethatthenetworkworkswithoutStep4:EnsurethatthenetworkworkswithoutencryptionencryptionencryptionencryptionStep5:EnsurethataccesslistsarecompatibleStep5:EnsurethataccesslistsarecompatibleStep5:EnsurethataccesslistsarecompatibleStep5:EnsurethataccesslistsarecompatiblewithwithwithwithIPSecIPSecIPSecIPSecTask2Task2Task2Task2––––ConfigureIKEConfigureIKEConfigureIKEConfigureIKEStep1:EnableordisableIKEStep1:EnableordisableIKEStep1:EnableordisableIKEStep1:EnableordisableIKEStep2:CreateIKEpoliciesStep2:CreateIKEpoliciesStep2:CreateIKEpoliciesStep2:CreateIKEpoliciesStep3:ConfigureISAKMPidentityStep3:ConfigureISAKMPidentityStep3:ConfigureISAKMPidentityStep3:ConfigureISAKMPidentityStep4:ConfigureStep4:ConfigureStep4:ConfigureStep4