© 2003, Cisco Systems, Inc. All rights reserved. CSVPN 4.017-1 Lesson 17 Configure the Cisco Virtual Private Network 3000 Series Concentrator for LAN-to-LAN.

Презентация:



Advertisements
Похожие презентации
© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Lesson 15 Configure the Cisco Virtual Private Network 3000 Series Concentrator for LAN-to-LAN.
Advertisements

© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Lesson 11 Configure the Cisco Virtual Private Network 3002 Hardware Client for Unit and.
Option_W_3
© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Lesson 7 Configure the Cisco VPN Firewall Feature for IPSec Software Client.
© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Lesson 10 Configure the Cisco VPN 3002 Hardware Client for Remote Access Using Pre-Shared.
© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Lesson 12 Configure the Cisco Virtual Private Network Client Backup Server, and Load Balancing.
© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Lesson 6 Configure the Cisco VPN 3000 Series Concentrator for Remote Access Using Digital.
© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Lesson 13 Configure the Cisco Virtual Private Network 3002 Hardware Client for Software.
© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Lesson 8 Configure the Cisco VPN Client Auto-Initiation Feature.
© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Lesson 14 Configuring the Cisco Virtual Private Network 3000 Series Concentrator for IPSec.
© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Cisco Secure Virtual Private Networks 4.0.
© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Administering Events and Generating Reports Managing Events.
© 2004, Cisco Systems, Inc. All rights reserved. CSPFA Lesson 8 Object Grouping.
© 2003, Cisco Systems, Inc. All rights reserved. CSPFA Chapter 8 Object Grouping.
© 2002, Cisco Systems, Inc. All rights reserved. AWLF 3.0Module 7-1 © 2002, Cisco Systems, Inc. All rights reserved.
© 2004, Cisco Systems, Inc. All rights reserved. CSIDS Lesson 12 Cisco Intrusion Detection System Maintenance.
© 2003, Cisco Systems, Inc. All rights reserved. CSPFA Chapter 3 Cisco PIX Firewall Technology and Features.
© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Using CSA Analysis Generating Application Deployment Reports.
© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring CSA Installing and Configuring CSA MC.
© 2006 Cisco Systems, Inc. All rights reserved.ISCW v IPsec VPNs Implementing the Cisco VPN Client.
Транксрипт:

© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Lesson 17 Configure the Cisco Virtual Private Network 3000 Series Concentrator for LAN-to-LAN Using Digital Certificates

© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Objectives Upon completion of this lesson, you will be able to perform the following tasks: Explain the purpose of SCEP. Explain how root certificates are installed via SCEP. Explain how identity certificates are installed via SCEP. Configure the Concentrator for LAN-to-LAN support with digital certificates.

© 2003, Cisco Systems, Inc. All rights reserved. CSVPN SCEP Support Overview

© 2003, Cisco Systems, Inc. All rights reserved. CSVPN CA Server Fulfilling Requests from IPSec Peers Each IPSec peer individually enrolls with the CA server. CA server

© 2003, Cisco Systems, Inc. All rights reserved. CSVPN SCEP-Based Enrollment SCEP Certificate server

© 2003, Cisco Systems, Inc. All rights reserved. CSVPN SCEP Loading Process Load root certificate via SCEP Load identity certificate via SCEP Certificate server Certificate server

© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Root Certificate Installation

© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Receive CA certificate Verify CA certificate SCEPRoot Certificate Send CA certificate Request CA certificate SCEP Certificate server

© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Certificate Management

© 2003, Cisco Systems, Inc. All rights reserved. CSVPN ConcentratorSCEP Enrollment Procedure Installed root certificate

© 2003, Cisco Systems, Inc. All rights reserved. CSVPN SCEP URL CA server information: What is the URL of the CA server? Is a descriptor required? Certificate server

© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Root Installed

© 2003, Cisco Systems, Inc. All rights reserved. CSVPN View the Root Certificate

© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Identity Certificate Installation

© 2003, Cisco Systems, Inc. All rights reserved. CSVPN SCEPIdentity Certificate Generate keys Generate and send certificate request Store certificate Send polling request Store certificate Process request –If approved, generate identity certificate or –Send request pending –(Approved) Stored SCEP-issued root certificate SCEP Certificate server

© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Identity Certificate Enrollment

© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Identity Certificate Installation 5

© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Identity Enrollment Form

© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Identity Certificate Installed

© 2003, Cisco Systems, Inc. All rights reserved. CSVPN View the Identity Certificate

© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Enrollment Status

© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Certificate Renewal

© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Configuring Certificate Authority CRL retrieval policy CRL caching CRL distribution points

© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Concentrator SCEP Configuration

© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Activate the IKE Proposal

© 2003, Cisco Systems, Inc. All rights reserved. CSVPN IKE Proposal

© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Add RSA SA

© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Configure RSA SA

© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Add IPSec LAN-to-LAN IPSec Internet

© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Boston IPSec LAN-to-LAN Boston Houston

© 2003, Cisco Systems, Inc. All rights reserved. CSVPN IPSec LAN-to-LAN Is Finished IPSec Internet Boston Houston

© 2003, Cisco Systems, Inc. All rights reserved. CSVPN IPSec LAN-to-LAN Connection IPSec Internet Boston Houston

© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Summary

© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Summary SCEP certificate generation is a two-step process: –CA certificate requests are sent to and CA certificates are received from the CA. –Identity certificate requests are sent to and identity certificates are received from the CA. CA and identity certificates are validated before being loaded on a Concentrator. For CA support you configure the Concentrator much the same as you would for pre-shared keys, substituting the digital certificates when necessary. Add, verify, and delete certificates in the Administration-Certificate Management window.

© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Lab Exercise

© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Q P.0 Lab Visual Objective Student PC.5 Student PC P Q P Q.0 RTS.100 RTS.100 Pods 1–5 Pods 6–10.10 Web FTP CA Server RBB Concentrator