Скачать презентацию
Идет загрузка презентации. Пожалуйста, подождите
Презентация была опубликована 10 лет назад пользователемАлександр Бакланов
1 © 2003, Cisco Systems, Inc. All rights reserved. CSVPN Lesson 17 Configure the Cisco Virtual Private Network 3000 Series Concentrator for LAN-to-LAN Using Digital Certificates
2 © 2003, Cisco Systems, Inc. All rights reserved. CSVPN Objectives Upon completion of this lesson, you will be able to perform the following tasks: Explain the purpose of SCEP. Explain how root certificates are installed via SCEP. Explain how identity certificates are installed via SCEP. Configure the Concentrator for LAN-to-LAN support with digital certificates.
3 © 2003, Cisco Systems, Inc. All rights reserved. CSVPN SCEP Support Overview
4 © 2003, Cisco Systems, Inc. All rights reserved. CSVPN CA Server Fulfilling Requests from IPSec Peers Each IPSec peer individually enrolls with the CA server. CA server
5 © 2003, Cisco Systems, Inc. All rights reserved. CSVPN SCEP-Based Enrollment SCEP Certificate server
6 © 2003, Cisco Systems, Inc. All rights reserved. CSVPN SCEP Loading Process Load root certificate via SCEP Load identity certificate via SCEP Certificate server Certificate server
7 © 2003, Cisco Systems, Inc. All rights reserved. CSVPN Root Certificate Installation
8 © 2003, Cisco Systems, Inc. All rights reserved. CSVPN Receive CA certificate Verify CA certificate SCEPRoot Certificate Send CA certificate Request CA certificate SCEP Certificate server
9 © 2003, Cisco Systems, Inc. All rights reserved. CSVPN Certificate Management
10 © 2003, Cisco Systems, Inc. All rights reserved. CSVPN ConcentratorSCEP Enrollment Procedure Installed root certificate
11 © 2003, Cisco Systems, Inc. All rights reserved. CSVPN SCEP URL CA server information: What is the URL of the CA server? Is a descriptor required? Certificate server
12 © 2003, Cisco Systems, Inc. All rights reserved. CSVPN Root Installed
13 © 2003, Cisco Systems, Inc. All rights reserved. CSVPN View the Root Certificate
14 © 2003, Cisco Systems, Inc. All rights reserved. CSVPN Identity Certificate Installation
15 © 2003, Cisco Systems, Inc. All rights reserved. CSVPN SCEPIdentity Certificate Generate keys Generate and send certificate request Store certificate Send polling request Store certificate Process request –If approved, generate identity certificate or –Send request pending –(Approved) Stored SCEP-issued root certificate SCEP Certificate server
16 © 2003, Cisco Systems, Inc. All rights reserved. CSVPN Identity Certificate Enrollment
17 © 2003, Cisco Systems, Inc. All rights reserved. CSVPN Identity Certificate Installation 5
18 © 2003, Cisco Systems, Inc. All rights reserved. CSVPN Identity Enrollment Form
19 © 2003, Cisco Systems, Inc. All rights reserved. CSVPN Identity Certificate Installed
20 © 2003, Cisco Systems, Inc. All rights reserved. CSVPN View the Identity Certificate
21 © 2003, Cisco Systems, Inc. All rights reserved. CSVPN Enrollment Status
22 © 2003, Cisco Systems, Inc. All rights reserved. CSVPN Certificate Renewal
23 © 2003, Cisco Systems, Inc. All rights reserved. CSVPN Configuring Certificate Authority CRL retrieval policy CRL caching CRL distribution points
24 © 2003, Cisco Systems, Inc. All rights reserved. CSVPN Concentrator SCEP Configuration
25 © 2003, Cisco Systems, Inc. All rights reserved. CSVPN Activate the IKE Proposal
26 © 2003, Cisco Systems, Inc. All rights reserved. CSVPN IKE Proposal
27 © 2003, Cisco Systems, Inc. All rights reserved. CSVPN Add RSA SA
28 © 2003, Cisco Systems, Inc. All rights reserved. CSVPN Configure RSA SA
29 © 2003, Cisco Systems, Inc. All rights reserved. CSVPN Add IPSec LAN-to-LAN IPSec Internet
30 © 2003, Cisco Systems, Inc. All rights reserved. CSVPN Boston IPSec LAN-to-LAN Boston Houston
31 © 2003, Cisco Systems, Inc. All rights reserved. CSVPN IPSec LAN-to-LAN Is Finished IPSec Internet Boston Houston
32 © 2003, Cisco Systems, Inc. All rights reserved. CSVPN IPSec LAN-to-LAN Connection IPSec Internet Boston Houston
33 © 2003, Cisco Systems, Inc. All rights reserved. CSVPN Summary
34 © 2003, Cisco Systems, Inc. All rights reserved. CSVPN Summary SCEP certificate generation is a two-step process: –CA certificate requests are sent to and CA certificates are received from the CA. –Identity certificate requests are sent to and identity certificates are received from the CA. CA and identity certificates are validated before being loaded on a Concentrator. For CA support you configure the Concentrator much the same as you would for pre-shared keys, substituting the digital certificates when necessary. Add, verify, and delete certificates in the Administration-Certificate Management window.
35 © 2003, Cisco Systems, Inc. All rights reserved. CSVPN Lab Exercise
36 © 2003, Cisco Systems, Inc. All rights reserved. CSVPN Q P.0 Lab Visual Objective Student PC.5 Student PC P Q P Q.0 RTS.100 RTS.100 Pods 1–5 Pods 6–10.10 Web FTP CA Server RBB Concentrator
Еще похожие презентации в нашем архиве:
© 2024 MyShared Inc.
All rights reserved.