易久IT学院

作者: admin
查看: 100|回复: 2

more +今日重磅推荐Recommend No.1

最新网络安全思维导图全集(图片+pdf+原版)

more +社区热门Forums

more +随机图赏Gallery

思科WLC IOS大全集(包含虚拟机镜像及最新IOS8.3) 2500 5500 ctvm系列ios下载思科WLC IOS大全集(包含虚拟机镜像及最新IOS8.3) 2500 5500 ctvm系列ios下载
H3CSE课程新版 V2.0 培训视频教程汇总集【COMWARE V7平台】 【共62集】H3CSE课程新版 V2.0 培训视频教程汇总集【COMWARE V7平台】 【共62集】
教学视频:华为模拟器ENSP中防火墙USG6000V如何登陆web网管教学视频:华为模拟器ENSP中防火墙USG6000V如何登陆web网管
《DCN神州数码》DCIE全套视频下载!学习网络基础和打DCN比赛的必备视频《DCN神州数码》DCIE全套视频下载!学习网络基础和打DCN比赛的必备视频
Cisco 防火墙ASA 5540许可 算号器Keygen 所有license都可以算Cisco 防火墙ASA 5540许可 算号器Keygen 所有license都可以算
50G 老男孩 王牌学习视频linux运维实战培训 初级+中级+高级 从零开始 晋升 自学视频50G 老男孩 王牌学习视频linux运维实战培训 初级+中级+高级 从零开始 晋升 自学视频
2016马哥教育全套高清不加密297G全套最新LINUX视频2016马哥教育全套高清不加密297G全套最新LINUX视频
高清~泰克 罗老师 华为全套安全署假脱产班 HCNA HCNP HCIE全套安全视频教程下载地址高清~泰克 罗老师 华为全套安全署假脱产班 HCNA HCNP HCIE全套安全视频教程下载地址
思科CCNA3.0 LAB Plus 实验环境和软件 SP-UNL.ova思科CCNA3.0 LAB Plus 实验环境和软件 SP-UNL.ova
[视频集合] [2016.3.21更新]极客学院 2016最新 所有VIP学习课程 一键打包下载[视频集合] [2016.3.21更新]极客学院 2016最新 所有VIP学习课程 一键打包下载
首发!GNS3 1.4.5完美视频教程五部曲(下载+安装+集成IOU+ASA桥接+802.1x部署+辅助配置首发!GNS3 1.4.5完美视频教程五部曲(下载+安装+集成IOU+ASA桥接+802.1x部署+辅助配置
思科模拟器Packet Tracer和GNS3统一讲解视频 韩立刚主讲 13集思科模拟器Packet Tracer和GNS3统一讲解视频 韩立刚主讲 13集
[华为]2018新版 肖哥 华为HCNA HCNP安全入门课程视频教程[华为]2018新版 肖哥 华为HCNA HCNP安全入门课程视频教程
易语言全套百集视频教程,共44部 几乎包含易语言所有方面的知识,视频合集易语言全套百集视频教程,共44部 几乎包含易语言所有方面的知识,视频合集

H3C安全配置指导-SSL WEB VPN详细命令 和微软AD LDAP集成

[复制链接]
admin 发表于 2017-1-25 06:47:29 | 显示全部楼层 |阅读模式
查看: 100|回复: 2
1 SSL VPN ··········································································································································· 1-1
1.1 SSL VPN简介 ···································································································································· 1-1
1.2 SSL VPN的长处 ································································································································ 1-2
2 命令行方法装备SSL VPN ·················································································································· 2-1
2.1 装备准备 ············································································································································ 2-1
2.2 装备SSL VPN ···································································································································· 2-1
2.3 SSL VPN典型装备举例 ····················································································································· 2-2
3 Web方法装备SSL VPN网关 ··············································································································· 3-1
3.1 装备PKI ············································································································································· 3-2
3.1.1 PKI装备使命简介 ···················································································································· 3-2
3.1.2 新建PKI实体 ··························································································································· 3-5
3.1.3 新建PKI域 ······························································································································· 3-6
3.1.4 生成RSA密钥对 ······················································································································ 3-9
3.1.5 毁掉RSA密钥对 ······················································································································ 3-9
3.1.6 获取和检查证书 ···················································································································· 3-10
3.1.7 申请本地证书 ························································································································ 3-11
3.1.8 获取和检查CRL ···················································································································· 3-12
3.2 装备SSL VPN效劳··························································································································· 3-13
3.3 装备Web代理效劳器资本 ················································································································ 3-14
3.4 装备TCP使用资本 ··························································································································· 3-16
3.4.1 装备长途拜访效劳资本 ········································································································· 3-17
3.4.2 装备桌面同享效劳资本 ········································································································· 3-18
3.4.3 装备电子邮件效劳资本 ········································································································· 3-19
3.4.4 装备Notes邮件效劳资本 ······································································································· 3-21
3.4.5 装备通用TCP效劳资本 ········································································································· 3-22
3.5 装备IP网络资本 ······························································································································· 3-24
3.5.1 装备大局参数 ························································································································ 3-24
3.5.2 装备主机资本 ························································································································ 3-26
3.5.3 装备固定IP ···························································································································· 3-28
3.5.4 装备预置域名 ························································································································ 3-29
3.6 装备资本组 ······································································································································ 3-30
3.7 装备本地用户 ··································································································································· 3-31
3.7.1 手工装备本地用户 ················································································································· 3-31
攻城狮论坛 bbs.vlan5.com #^_^# 版 权 归 原 作 者 所 有 本 资 料 仅.供试读
攻城狮论坛(技能+日子)群 2258097
攻城狮论坛 http://bbs.vlan5.com
ii
3.7.2 批量导入本地用户 ················································································································· 3-34
3.8 装备用户组 ······································································································································ 3-35
3.9 检查用户信息 ··································································································································· 3-37
3.9.1 检查在线用户信息 ················································································································· 3-37
3.9.2 将在线用户强行下线 ············································································································· 3-37
3.9.3 检查历史用户信息 ················································································································· 3-37
3.10 装备域根本战略 ····························································································································· 3-38
3.10.1 装备域战略 ·························································································································· 3-38
3.10.2 装备缓存战略 ······················································································································ 3-39
3.10.3 装备布告 ····························································································································· 3-40
3.11 装备认证战略 ································································································································· 3-41
3.11.1 装备本地认证 ······················································································································ 3-42
3.11.2 装备RADIUS认证················································································································ 3-42
3.11.3 装备LDAP认证 ···················································································································· 3-48
3.11.4 装备AD认证 ························································································································ 3-50
3.11.5 装备组合认证 ······················································································································ 3-51
3.12 装备安全战略 ································································································································· 3-52
3.13 装备用户界面定制 ························································································································· 3-55
3.13.1 装备用户界面有些定制 ······································································································· 3-57
3.13.2 装备用户界面彻底定制 ······································································································· 3-59
4 用户拜访SSL VPN ····························································································································· 4-1
4.1 登录SSL VPN效劳界面 ····················································································································· 4-1
4.2 运用SSL VPN资本····························································································································· 4-3
4.3 检查协助信息 ····································································································································· 4-3
4.4 修正登录暗码 ····································································································································· 4-4
5 SSL VPN典型装备举例 ······················································································································ 5-1
5.1 组网需求 ············································································································································ 5-1
5.2 装备过程 ············································································································································ 5-2
5.2.1 装备SSL VPN效劳 ·················································································································· 5-2
5.2.2 装备SSL VPN拜访资本 ··········································································································· 5-5
5.2.3 装备SSL VPN用户 ················································································································ 5-11
5.2.4 装备SSL VPN域 ···················································································································· 5-14
5.3 装备成果验证 ··································································································································· 5-17
攻城狮论坛 http://bbs.vlan5.com
1-1
1 SSL VPN
本特性仅SR6602 路由器支撑。
1.1 SSL VPN简介
SSL VPN 是以SSL(Secure Sockets Layer,安全套接字层)为根底的VPN(Virtual Private Network,
虚拟专用网络)技能,作业在传输层和使用层之间。SSL VPN 充分运用了SSL 协议供给的根据证
书的身份认证、数据加密和音讯完整性验证机制,可认为使用层之间的通讯树立安全衔接。
SSL VPN 广泛使用于根据Web 的长途安全接入,为用户长途拜访公司内部网络供给了安全确保。
SSL VPN 的典型组网架构如下图所示。管理员在SSL VPN 网关上创立公司网内效劳器对应的资本;
长途接入用户拜访公司网内的效劳器时,首要与SSL VPN 网关树立HTTPS(Hypertext Transfer
Protocol Secure,超文本传输协议的安全版别)衔接,挑选需求拜访的资本,由SSL VPN 网关将
资本拜访恳求转发给公司网内的效劳器。SSL VPN 经过在长途接入用户和SSL VPN 网关之间树立
SSL 衔接、SSL VPN 网关对用户进行身份认证等机制,完成了对公司网内效劳器的维护。
现在,设备能够经过命令行和Web 两种方法装备SSL VPN。
图1-1 SSL VPN 典型组网架构
SSL VPN 的作业机制为:
(1) 管理员登录SSL VPN 网关的Web 界面,在SSL VPN 网关上创立与效劳器对应的资本。
(2) 长途接入用户与SSL VPN 网关树立HTTPS 衔接。经过SSL 供给的根据证书的身份验证功用,
SSL VPN 网关和长途接入用户能够验证互相的身份。
(3) HTTPS 衔接树立成功后,用户登录到SSL VPN 网关的Web 页面,输入用户名、暗码和认证
方法(如RADIUS 认证),SSL VPN 网关验证用户的信息是不是准确。
攻城狮论坛 http://bbs.vlan5.com
1-2
(4) 用户成功登录后,在Web 页面上找到其能够拜访的资本,经过SSL 衔接将拜访恳求发送给
SSL VPN 网关。
(5) SSL VPN 网关解析恳求,与效劳器交互后将应对发送给用户。
1.2 SSL VPN的长处
SSL VPN 运用SSL 协议供给的根据证书的身份认证、数据加密和音讯完整性验证机制,为用户远
程拜访公司内部网络供给了安全确保。SSL VPN 具有如下长处:
(1) 支撑各种使用协议
任何一个使用程序都能够直接享受SSL VPN 供给的安全性而不用理睬详细细节。SSL VPN 将使用
协议供给的效劳资本划分为三类:
Web 接入方法下的拜访资本:是指用户运用浏览器以HTTPS 方法经过SSL VPN 网关对效劳
器供给的Web 代理效劳器资本进行拜访。
TCP 接入方法下的拜访资本:用于完成用户使用程序对效劳器开放端口的安全拜访,包括远
程拜访效劳、桌面同享效劳、电子邮件效劳、Notes 效劳和通用TCP 效劳资本。
IP 接入方法下的拜访资本:用于完成用户终端与效劳器网络层之间的安全通讯,进而完成所
有根据IP 的使用与效劳器的互通。
(2) 布置简单
现在SSL 协议已被集成到大有些的浏览器(如Internet Explorer 浏览器)中,这就意味着几乎恣意
一台装有浏览器的计算机都支撑SSL 衔接。经过这些浏览器拜访Web 接入方法下的资本时不需求
装置额定的客户端软件。假如用户要拜访TCP 接入方法下和IP 接入方法下的资本,则在用户登录
SSL VPN 时,会主动运转SSL VPN 客户端专用软件,也不需求用户进行额定的操作。
(3) 支撑多种用户认证方法
除了能够运用SSL 协议自身供给的证书认证机制,对SSL 客户端进行身份承认外,SSL VPN 还支
持以下四种认证方法,以及根据这些认证方法的组合认证:
本地认证
RADIUS 认证
LDAP 认证
AD 认证
(4) 完成了对网络资本的细粒度的操控拜访
管理员能够装备多个资本和用户,将资本加入到不一样的资本组中,将用户加入到不一样的用户组,然
后为每个用户组指定能够拜访的资本组。用户登录后,SSL VPN 网关根据用户地点的用户组找到其
能够拜访的资本组,进而找到能够拜访的资本列表,然后完成对资本拜访权限的细粒度的操控。

下载链接:

游客,如果您要查看本帖隐藏内容请回复
回复

使用道具 举报

huati 发表于 2017-3-1 12:49:01 | 显示全部楼层
女孩从处女到女人只要一次并成功,男孩从处男变男人需要反复的磨练.
回复 支持 反对

使用道具 举报

nbkcq123 发表于 2018-9-11 22:20:17 | 显示全部楼层
感谢楼主分享!!
回复 支持 反对

使用道具 举报

您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

QQ|Archiver|手机版|小黑屋|易久IT学院 ( 粤ICP备17017336号-3 )  

GMT+8, 2018-11-21 08:49 , Processed in 0.370546 second(s), 31 queries .

Powered by Yi9.Net  © 2012-2017 Comsenz Inc.

Designed by Yi9.NeT