Скачать презентацию
Идет загрузка презентации. Пожалуйста, подождите
1
© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Lesson 5 Configure the Cisco VPN 3000 Series Concentrator for Remote Access Using Pre-Shared Keys
2
© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Objectives Upon completion of this lesson, you will be able to perform the following tasks: Configure the Cisco VPN 3000 Series Concentrator LAN interfaces via the CLI. Configure the Cisco VPN 3000 Series Concentrator Client-to-LAN application using the browser. Configure the IPSec Client. Monitor the IPSec Client-to-LAN tunnel.
3
© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Overview of Remote Access Using Pre-Shared Keys
4
© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Internet service provider Telecommuter Corporate office Web server File server Client-to-LAN Internet Telecommuter
5
© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Application server ISP Concentrator PPP connectivity Dial access IPSec tunnel or session Telecommuter with the Cisco VPN 3000 Series Concentrator Client Internet IPSec Client-to-LAN Components Client software PPP IPSec standards VPN Concentrator
6
© 2003, Cisco Systems, Inc. All rights reserved. CSVPN IPSec Client-to-LAN Tunneling Application server VPN private IP address VPN public IP Adapter (NIC) IP address Client IP address ESP Data ISP Internet Telecommuter with the Cisco VPN 3000 Series Concentrator Client
7
© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Cisco VPN Software Client for Windows Installed on Windows system
8
© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Initial Configuration of the Cisco VPN 3000 Series Concentrator for Remote Access
9
© 2003, Cisco Systems, Inc. All rights reserved. CSVPN IPSec ServerPhysical Connections Console port VPN private IP address 10.0.P.5 VPN public IP address P.5 Power 10.0.P.10 Server Client PC P Internet
10
© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Configuration Options Welcome to Cisco Systems VPN 3000 Concentrator Series Command Line Interface 1) Configuration 2) Administration 3) Monitoring 4) Save changes to Config file 5) Help Information
11
© 2003, Cisco Systems, Inc. All rights reserved. CSVPN GUI Table of contents Toolbar Manager screen
12
© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Quick Configuration
13
© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Browser Configuration of the Cisco VPN 3000 Series Concentrator
14
© 2003, Cisco Systems, Inc. All rights reserved. CSVPN IP Interfaces Ethernet 1 (private IP address) 10.0.P.5 Ethernet 2 (public IP address) P.5
15
© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Public IP Interface Ethernet 1 (private IP address) 10.0.P.5 Ethernet 2 (public IP address)
16
© 2003, Cisco Systems, Inc. All rights reserved. CSVPN System Information
17
© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Protocols IPSec Internet
18
© 2003, Cisco Systems, Inc. All rights reserved. CSVPN DHCP address Address Assignment DHCP server Internet
19
© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Authentication NT domain User authentication Internet Cisco VPN 3000 Series Concentrator Client Computer Name: BOSTON Domain: Domain_BOSTON
20
© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Configuration of Users and Groups
21
© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Base group: Corporate Customer Service /Base/Service MIS /Base/Sales Finance /Base/Finance VP of MIS Groups: Departments Users: Individuals VP of Finance Groups and Users
22
© 2003, Cisco Systems, Inc. All rights reserved. CSVPN User and Group Policies Access rights and privileges
23
© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Group Database Internal server Group: Training Internet Cisco VPN 3000 Series Concentrator Client
24
© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Admin Password
25
© 2003, Cisco Systems, Inc. All rights reserved. CSVPN In-Depth Configuration Information
26
© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Authentication Cisco VPN Client (2.5) IKE Phase 1 complete Xauth Internal server Group : Training Concentrator authentication Network authentication ( Xauth ) Cisco VPN Client (3.0 or higher) IKE Phase 1 Xauth IKE Phase 1 complete Internet
27
© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Activate IKE Proposal 3002, 3. x or 4. x Client 2.5 Client Certicom client
28
© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Check IKE Proposal
29
© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Group ConfigurationIdentity /Base TrainingService
30
© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Group ConfigurationGeneral Access rights and privileges Tunneling protocol DNS and WINS
31
© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Group ConfigurationIPSec IPSec User authentication NT domain server Internet
32
© 2003, Cisco Systems, Inc. All rights reserved. CSVPN IKE KeepalivesDPD Application server Client DPD message (Are you there) DPD message (Are you there ACK) Worry timer expires Receive data Internet
33
© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Remote Access Parameters IPSec User authentication NT domain server Internet
34
© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Client Configuration Parameters Cisco Client parameters Microsoft client parameters Common client parameters
35
© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Cisco Client Parameters Push NT domain server Internet
36
© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Tunneling Options Client Encrypt everything Client Clear text Encrypted Client Encrypted Clear text Clear text Tunnel everything Tunnel everything except local LAN traffic Split tunneling
37
© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Split Tunneling Policy Tunnel Everything Tunnel everything Client Encrypt everything X
38
© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Split Tunneling Policy Local LAN Option Client Encrypted Clear text Everything mode with local LAN option
39
© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Local LAN OptionNetwork List X Client Encrypted X
40
© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Split TunnelingBefore and After Before split tunneling After split tunneling Client Encrypted Clear text Client Encrypted Clear text
41
© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Split Tunneling Policy Split Tunneling Encrypted Client Clear text Clear text
42
© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Split TunnelingNetwork List Encrypted Client Clear text Clear text
43
© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Split DNS Match No match Tunneled DNS Client Clear text DNS DNS server
44
© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Split DNS Configuration Tunneled DNS Client Clear text DNS DNS server
45
© 2003, Cisco Systems, Inc. All rights reserved. CSVPN DDNS DHCP server Client DNS server PC hostname PC hostname
46
© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Mode Configuration Push NT domain server WINS DNS virtual IP address Internet
47
© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Modifying Groups
48
© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Setting Up Group Attributes Global –NT – –60 Engineering –RADIUS 2 – –90 Finance –RADIUS 5 – –80 Engineering group RADIUS 5 RADIUS 2 Finance group HR –NT – Finance –RADIUS 5 – Engineering –RADIUS 2 – Internet
49
© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Types of Authentication Group authentication User authentication
50
© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Testing Authentication Server
51
© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Public Interface IPSec Fragmentation
52
© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Configuration of the Cisco VPN Software Client for Windows
53
© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Cisco VPN Software Client for Windows
54
© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Cisco VPN Software Client for Windows Run Mode
55
© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Main Tabs Connections Certificates Log
56
© 2003, Cisco Systems, Inc. All rights reserved. CSVPN MenusConnection Entries
57
© 2003, Cisco Systems, Inc. All rights reserved. CSVPN MenusStatus
58
© 2003, Cisco Systems, Inc. All rights reserved. CSVPN MenusCertificates
59
© 2003, Cisco Systems, Inc. All rights reserved. CSVPN MenusLog
60
© 2003, Cisco Systems, Inc. All rights reserved. CSVPN MenusOptions
61
© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Creating a New Connection Authentication Concentrator authenticationThe end user never sees this after initial configuration.
62
© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Creating a New Connection Transport
63
© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Creating a New ConnectionBackup Servers
64
© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Creating a New ConnectionDial-Up
65
© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Pre-configure Client for Remote Users oem.ini vpnclient.ini.pcf
66
© 2003, Cisco Systems, Inc. All rights reserved. CSVPN pcf File.pcf fileUser profile
67
© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Silent Mode oem.iniInstalling the Cisco VPN Client without user intervention Name of the destination folder Identifies whether or not to restart the system after the silent installation
68
© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Client Program Menu
69
© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Setting MTU Size
70
© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Virtual Adapter
71
© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Viewing Connected Clients Concentrator Connection Status
72
© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Viewing Connected ClientsStatus Details
73
© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Summary
74
© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Summary The initial configuration of the Cisco VPN 3000 Series Concentrator occurs via the CLI. Subsequent configuration of the Cisco VPN 3000 Series Concentrator can be performed using a browser. Groups and users are used to assign access and usage rights. IPSec policies are assigned to groups.
75
© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Summary (cont.) Mode configuration enables the Cisco VPN 3000 Series Concentrator to push the network information to the Cisco VPN Software Client. The Cisco VPN 3000 Series Concentrator can use several different types of authentication servers. The Cisco VPN 3000 Series Concentrator provides extensive monitoring capabilities.
76
© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Lab Exercise
77
© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Lab Visual Objective P.0 Student PC with Cisco VPN Client P P.0 RTS Cisco VPN 3000 DHCP server RBB
Еще похожие презентации в нашем архиве:
