易久IT学院

作者: admin
查看: 155|回复: 2

more +今日重磅推荐Recommend No.1

最新网络安全思维导图全集(图片+pdf+原版)

more +随机图赏Gallery

10秒 帮您找到您真正需要的东西 不断更新 建议收藏10秒 帮您找到您真正需要的东西 不断更新 建议收藏
[2016.6.16]华为最新模拟器eNSP全套安装程序+视频教程(USG6000V) V100R002C00B390[2016.6.16]华为最新模拟器eNSP全套安装程序+视频教程(USG6000V) V100R002C00B390
2016年版 手把手教你如何考后登陆思科网站 申请CCNA/CCNP认证的证书(纸质版)2016年版 手把手教你如何考后登陆思科网站 申请CCNA/CCNP认证的证书(纸质版)
多协议标记交换_纯原理 多协议标记交换(MPLS)技术-冯径-人民邮电出版社 电子书pdf多协议标记交换_纯原理 多协议标记交换(MPLS)技术-冯径-人民邮电出版社 电子书pdf
[华为]2018新版 肖哥 华为HCNA HCNP安全入门课程视频教程[华为]2018新版 肖哥 华为HCNA HCNP安全入门课程视频教程
华为官方存储视频教程HCNA-Storage 3.0 BSSN(骆老师)华为存储教程华为官方存储视频教程HCNA-Storage 3.0 BSSN(骆老师)华为存储教程
山石网科Hillstone视频教程 HCSA防火墙web安全威胁防护(NGFW)5.5R1视频学习教程山石网科Hillstone视频教程 HCSA防火墙web安全威胁防护(NGFW)5.5R1视频学习教程
新盟教育CCNA公开课视频 学习ppt ccnp试听视频 SecureCRT gns3模拟器新盟教育CCNA公开课视频 学习ppt ccnp试听视频 SecureCRT gns3模拟器
H3CSE课程新版 V2.0 培训视频教程汇总集【COMWARE V7平台】 【共62集】H3CSE课程新版 V2.0 培训视频教程汇总集【COMWARE V7平台】 【共62集】
23G EVE2017 高大上!全网首发!红盟过客 红盟过客推荐 网络模拟之神EVE 安装23G EVE2017 高大上!全网首发!红盟过客 红盟过客推荐 网络模拟之神EVE 安装
[视频集合] [2016.3.21更新]极客学院 2016最新 所有VIP学习课程 一键打包下载[视频集合] [2016.3.21更新]极客学院 2016最新 所有VIP学习课程 一键打包下载
必看!网络工程师 最佳入门视频 红茶三杯 CCNA教学视频(15集)必看!网络工程师 最佳入门视频 红茶三杯 CCNA教学视频(15集)
2016年版 手把手教你如何考后登陆思科网站 申请CCNA/CCNP认证的证书(电子版)2016年版 手把手教你如何考后登陆思科网站 申请CCNA/CCNP认证的证书(电子版)
完整解密版 北京华尔思姜杉CCNA 入门教学视频2.0 (63集)网络技术入门视频教完整解密版 北京华尔思姜杉CCNA 入门教学视频2.0 (63集)网络技术入门视频教

H3C安全配置指导-SSL WEB VPN详细命令 和微软AD LDAP集成

[复制链接]
admin 发表于 2017-1-25 06:47:29 | 显示全部楼层 |阅读模式
查看: 155|回复: 2
1 SSL VPN ··········································································································································· 1-1
1.1 SSL VPN简介 ···································································································································· 1-1
1.2 SSL VPN的长处 ································································································································ 1-2
2 命令行方法装备SSL VPN ·················································································································· 2-1
2.1 装备准备 ············································································································································ 2-1
2.2 装备SSL VPN ···································································································································· 2-1
2.3 SSL VPN典型装备举例 ····················································································································· 2-2
3 Web方法装备SSL VPN网关 ··············································································································· 3-1
3.1 装备PKI ············································································································································· 3-2
3.1.1 PKI装备使命简介 ···················································································································· 3-2
3.1.2 新建PKI实体 ··························································································································· 3-5
3.1.3 新建PKI域 ······························································································································· 3-6
3.1.4 生成RSA密钥对 ······················································································································ 3-9
3.1.5 毁掉RSA密钥对 ······················································································································ 3-9
3.1.6 获取和检查证书 ···················································································································· 3-10
3.1.7 申请本地证书 ························································································································ 3-11
3.1.8 获取和检查CRL ···················································································································· 3-12
3.2 装备SSL VPN效劳··························································································································· 3-13
3.3 装备Web代理效劳器资本 ················································································································ 3-14
3.4 装备TCP使用资本 ··························································································································· 3-16
3.4.1 装备长途拜访效劳资本 ········································································································· 3-17
3.4.2 装备桌面同享效劳资本 ········································································································· 3-18
3.4.3 装备电子邮件效劳资本 ········································································································· 3-19
3.4.4 装备Notes邮件效劳资本 ······································································································· 3-21
3.4.5 装备通用TCP效劳资本 ········································································································· 3-22
3.5 装备IP网络资本 ······························································································································· 3-24
3.5.1 装备大局参数 ························································································································ 3-24
3.5.2 装备主机资本 ························································································································ 3-26
3.5.3 装备固定IP ···························································································································· 3-28
3.5.4 装备预置域名 ························································································································ 3-29
3.6 装备资本组 ······································································································································ 3-30
3.7 装备本地用户 ··································································································································· 3-31
3.7.1 手工装备本地用户 ················································································································· 3-31
攻城狮论坛 bbs.vlan5.com #^_^# 版 权 归 原 作 者 所 有 本 资 料 仅.供试读
攻城狮论坛(技能+日子)群 2258097
攻城狮论坛 http://bbs.vlan5.com
ii
3.7.2 批量导入本地用户 ················································································································· 3-34
3.8 装备用户组 ······································································································································ 3-35
3.9 检查用户信息 ··································································································································· 3-37
3.9.1 检查在线用户信息 ················································································································· 3-37
3.9.2 将在线用户强行下线 ············································································································· 3-37
3.9.3 检查历史用户信息 ················································································································· 3-37
3.10 装备域根本战略 ····························································································································· 3-38
3.10.1 装备域战略 ·························································································································· 3-38
3.10.2 装备缓存战略 ······················································································································ 3-39
3.10.3 装备布告 ····························································································································· 3-40
3.11 装备认证战略 ································································································································· 3-41
3.11.1 装备本地认证 ······················································································································ 3-42
3.11.2 装备RADIUS认证················································································································ 3-42
3.11.3 装备LDAP认证 ···················································································································· 3-48
3.11.4 装备AD认证 ························································································································ 3-50
3.11.5 装备组合认证 ······················································································································ 3-51
3.12 装备安全战略 ································································································································· 3-52
3.13 装备用户界面定制 ························································································································· 3-55
3.13.1 装备用户界面有些定制 ······································································································· 3-57
3.13.2 装备用户界面彻底定制 ······································································································· 3-59
4 用户拜访SSL VPN ····························································································································· 4-1
4.1 登录SSL VPN效劳界面 ····················································································································· 4-1
4.2 运用SSL VPN资本····························································································································· 4-3
4.3 检查协助信息 ····································································································································· 4-3
4.4 修正登录暗码 ····································································································································· 4-4
5 SSL VPN典型装备举例 ······················································································································ 5-1
5.1 组网需求 ············································································································································ 5-1
5.2 装备过程 ············································································································································ 5-2
5.2.1 装备SSL VPN效劳 ·················································································································· 5-2
5.2.2 装备SSL VPN拜访资本 ··········································································································· 5-5
5.2.3 装备SSL VPN用户 ················································································································ 5-11
5.2.4 装备SSL VPN域 ···················································································································· 5-14
5.3 装备成果验证 ··································································································································· 5-17
攻城狮论坛 http://bbs.vlan5.com
1-1
1 SSL VPN
本特性仅SR6602 路由器支撑。
1.1 SSL VPN简介
SSL VPN 是以SSL(Secure Sockets Layer,安全套接字层)为根底的VPN(Virtual Private Network,
虚拟专用网络)技能,作业在传输层和使用层之间。SSL VPN 充分运用了SSL 协议供给的根据证
书的身份认证、数据加密和音讯完整性验证机制,可认为使用层之间的通讯树立安全衔接。
SSL VPN 广泛使用于根据Web 的长途安全接入,为用户长途拜访公司内部网络供给了安全确保。
SSL VPN 的典型组网架构如下图所示。管理员在SSL VPN 网关上创立公司网内效劳器对应的资本;
长途接入用户拜访公司网内的效劳器时,首要与SSL VPN 网关树立HTTPS(Hypertext Transfer
Protocol Secure,超文本传输协议的安全版别)衔接,挑选需求拜访的资本,由SSL VPN 网关将
资本拜访恳求转发给公司网内的效劳器。SSL VPN 经过在长途接入用户和SSL VPN 网关之间树立
SSL 衔接、SSL VPN 网关对用户进行身份认证等机制,完成了对公司网内效劳器的维护。
现在,设备能够经过命令行和Web 两种方法装备SSL VPN。
图1-1 SSL VPN 典型组网架构
SSL VPN 的作业机制为:
(1) 管理员登录SSL VPN 网关的Web 界面,在SSL VPN 网关上创立与效劳器对应的资本。
(2) 长途接入用户与SSL VPN 网关树立HTTPS 衔接。经过SSL 供给的根据证书的身份验证功用,
SSL VPN 网关和长途接入用户能够验证互相的身份。
(3) HTTPS 衔接树立成功后,用户登录到SSL VPN 网关的Web 页面,输入用户名、暗码和认证
方法(如RADIUS 认证),SSL VPN 网关验证用户的信息是不是准确。
攻城狮论坛 http://bbs.vlan5.com
1-2
(4) 用户成功登录后,在Web 页面上找到其能够拜访的资本,经过SSL 衔接将拜访恳求发送给
SSL VPN 网关。
(5) SSL VPN 网关解析恳求,与效劳器交互后将应对发送给用户。
1.2 SSL VPN的长处
SSL VPN 运用SSL 协议供给的根据证书的身份认证、数据加密和音讯完整性验证机制,为用户远
程拜访公司内部网络供给了安全确保。SSL VPN 具有如下长处:
(1) 支撑各种使用协议
任何一个使用程序都能够直接享受SSL VPN 供给的安全性而不用理睬详细细节。SSL VPN 将使用
协议供给的效劳资本划分为三类:
Web 接入方法下的拜访资本:是指用户运用浏览器以HTTPS 方法经过SSL VPN 网关对效劳
器供给的Web 代理效劳器资本进行拜访。
TCP 接入方法下的拜访资本:用于完成用户使用程序对效劳器开放端口的安全拜访,包括远
程拜访效劳、桌面同享效劳、电子邮件效劳、Notes 效劳和通用TCP 效劳资本。
IP 接入方法下的拜访资本:用于完成用户终端与效劳器网络层之间的安全通讯,进而完成所
有根据IP 的使用与效劳器的互通。
(2) 布置简单
现在SSL 协议已被集成到大有些的浏览器(如Internet Explorer 浏览器)中,这就意味着几乎恣意
一台装有浏览器的计算机都支撑SSL 衔接。经过这些浏览器拜访Web 接入方法下的资本时不需求
装置额定的客户端软件。假如用户要拜访TCP 接入方法下和IP 接入方法下的资本,则在用户登录
SSL VPN 时,会主动运转SSL VPN 客户端专用软件,也不需求用户进行额定的操作。
(3) 支撑多种用户认证方法
除了能够运用SSL 协议自身供给的证书认证机制,对SSL 客户端进行身份承认外,SSL VPN 还支
持以下四种认证方法,以及根据这些认证方法的组合认证:
本地认证
RADIUS 认证
LDAP 认证
AD 认证
(4) 完成了对网络资本的细粒度的操控拜访
管理员能够装备多个资本和用户,将资本加入到不一样的资本组中,将用户加入到不一样的用户组,然
后为每个用户组指定能够拜访的资本组。用户登录后,SSL VPN 网关根据用户地点的用户组找到其
能够拜访的资本组,进而找到能够拜访的资本列表,然后完成对资本拜访权限的细粒度的操控。

下载链接:

游客,如果您要查看本帖隐藏内容请回复
回复

使用道具 举报

huati 发表于 2017-3-1 12:49:01 | 显示全部楼层
女孩从处女到女人只要一次并成功,男孩从处男变男人需要反复的磨练.
回复 支持 反对

使用道具 举报

nbkcq123 发表于 2018-9-11 22:20:17 | 显示全部楼层
感谢楼主分享!!
回复 支持 反对

使用道具 举报

您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

QQ|Archiver|手机版|小黑屋|易久IT学院 ( 粤ICP备17017336号-3 )  

GMT+8, 2019-1-18 14:52 , Processed in 0.333166 second(s), 34 queries .

Powered by Yi9.Net  © 2012-2017 Comsenz Inc.

Designed by Yi9.NeT