生活随笔
收集整理的這篇文章主要介紹了
Cisco SSL ×××
小編覺得挺不錯(cuò)的,現(xiàn)在分享給大家,幫大家做個(gè)參考.
SSL ×××是解決遠(yuǎn)程用戶訪問敏感公司數(shù)據(jù)最簡(jiǎn)單最安全的解決技術(shù)。與復(fù)雜的IPSec ×××相比,SSL通過簡(jiǎn)單易用的方法實(shí)現(xiàn)信息遠(yuǎn)程連通。任何安裝瀏覽器的機(jī)器都可以使用SSL ×××, 這是因?yàn)镾SL 內(nèi)嵌在瀏覽器中,它不需要象傳統(tǒng)IPSec ×××一樣必須為每一臺(tái)客戶機(jī)安裝客戶端軟件。
試驗(yàn)平臺(tái)軟件如下::
?
路由器IOS使用 c7200-advipservicesk9_li-mz.124-11.t.bin?
?
SSL ××× 客戶端軟件:sslclient-win-1.1.3.173.pkg?(只支持XP,若需要支持XP以上請(qǐng)到思科下載或從最新版的SDM中提取)
客戶端:XP
拓?fù)鋱D如下:
?第一步: 路由器基礎(chǔ)聯(lián)通配置
?
R1#show?ip?int?br ?Interface??????????????????IP-Address??????OK??Method?Status????????????????Protocol ?FastEthernet0/0????????????unassigned??????YES?unset??administratively?down?down ?FastEthernet1/0????????????2.2.2.1?????????YES?manual?up????????????????????up ?FastEthernet1/1????????????unassigned??????YES?unset??administratively?down?down ?Loopback0??????????????????1.1.1.1?????????YES?manual?up????????????????????up ?Loopback1??????????????????9.9.9.9?????????YES?manual?up????????????????????up? 第二步:安裝客戶端
R1#format?disk0:? ??Format?operation?may?take?a?while.?Continue??[confirm]? ?Format?operation?will?destroy?all?data?in?"disk0:".?Continue??[confirm]? ?Format:?Drive?communication?&?1st?Sector?Write?OK...? ?Writing?Monlib?sectors.? ?.....................................................................................................................................................? ?Monlib?write?complete? ?Format:?All?system?sectors?written.?OK...? ?Format:?Total?sectors?in?formatted?partition:?130883? ?Format:?Total?bytes?in?formatted?partition:?67012096? ?Format:?Operation?completed?successfully.? ?Format?of?disk0?complete? ?SSL#copy?tftp?disk0:? ?Address?or?name?of?remote?host?[]??2.2.2.3 ?Source?filename?[]??sslclient-win-1.1.3.173.pkg? ?Destination?filename?[sslclient-win-1.1.3.173.pkg]?? ?Accessing?tftp://2.2.2.3/sslclient-win-1.1.3.173.pkg...? ?Loading?sslclient-win-1.1.3.173.pkg?from?2.2.2.3?(via?FastEthernet0/0):?!!? ?[OK?-?416354?bytes]? ?416354?bytes?copied?in?16.064?secs?(25918?bytes/sec)? ?SSL#dir?disk0:? ?Directory?of?disk0:/? ?1-rw-?416354?Mar?24?2010?18:45:20?+08:00?sslclient-win-1.1.3.173.pkg? ?66846720?bytes?total?(66428928?bytes?free)? ?R1(config)#web***?install?svc?disk0:/sslclient-win-1.1.3.173.pkg??//?安裝客戶端 ?SSL×××?Package?SSL-×××-Client?:?installed?successfully?? 第三步:登錄基礎(chǔ)配置
interface?Loopback0?//設(shè)置為SSL×××網(wǎng)關(guān) ??ip?address?1.1.1.1?255.255.255.0 ?! ??aaa?new-model ?! ?aaa?authentication?login?ssl***?local?//驗(yàn)證方式 ?! ?ip?local?pool?ssl***-pool?1.1.1.2?1.1.1.7?//分配地址池 ?username?ssl***?password?0?ssl***??//登陸用戶密碼? 第四步:SSL×××主要配置
web***?gateway?ssl***gateway?//配置SSL×××網(wǎng)關(guān) ??ip?interface?FastEthernet1/0?port?443?//監(jiān)聽接口和端口 ??ssl?trustpoint?TP-self-signed-4294967295 ??inservice?//使能網(wǎng)關(guān) ??! ?web***?install?svc?disk0:/web***/svc.pkg ??! ?web***?context?ssl***text?//配置關(guān)聯(lián) ??ssl?authenticate?verify?all ??! ??! ??policy?group?ssl***-policy??//創(chuàng)建策略 ????functions?svc-enabled??//使能SSL ????svc?address-pool?"ssl***-pool"?//關(guān)聯(lián)地址池 ??default-group-policy?ssl***-policy?//默認(rèn)使用策略 ??aaa?authentication?list?ssl***?//關(guān)聯(lián)驗(yàn)證方式 ??gateway?ssl***gateway?//關(guān)聯(lián)網(wǎng)關(guān) ??inservice?//使能關(guān)聯(lián) ? ?
第五步:驗(yàn)證
客戶機(jī)登錄到https://2.2.2.1
點(diǎn)查看證書-安裝證書-確定
輸入用戶名和密碼
成功后跳轉(zhuǎn)到以下界面并下載安裝客戶端
?
安裝成功后,在桌面右下方出現(xiàn)一把鑰匙的圖標(biāo) 查看如下:成功分配到地址:
?
嘗試ping路由器,SSL×××連接成功
?
查看路由器SSL×××信息:
?R1#show?ip?local?pool ???Pool?????????????????????Begin???????????End?????????????Free??In?use ??ssl***-pool??????????????1.1.1.2?????????1.1.1.7????????????5???????1 ??R1#show?web***?session?user?ssl***?context?all ?Web×××?user?name?=?ssl***?;?IP?address?=?2.2.2.3?;?context?=?ssl***text?????No?of?connections:?1 ?????Created?00:24:26,?Last-used?00:10:38 ?????STC?IP?address?1.1.1.4?netmask?255.255.255.0 ?????CSTP?Started?00:23:22,?Last-recieved?00:00:37 ?????CSTP?DPD-Request?sent?0 ?????Client?Port:?59191 ?????User?Policy?Parameters ???????Group?name?=?ssl***-policy ?????Group?Policy?Parameters ???????idle?timeout?=?2100?sec ???????session?timeout?=?43200?sec ???????functions?= ?????????????????svc-enabled ????????citrix?disabled ???????address?pool?name?=?"ssl***-pool"???????dpd?client?timeout?=?300?sec ???????dpd?gateway?timeout?=?300?sec ???????keep?ssl***?client?installed?=?disabled???????rekey?interval?=?3600?sec ???????rekey?method?= ???????lease?duration?=?43200?sec ? ?
轉(zhuǎn)載于:https://blog.51cto.com/leadlxx/737414
總結(jié)
以上是生活随笔為你收集整理的Cisco SSL ×××的全部?jī)?nèi)容,希望文章能夠幫你解決所遇到的問題。
如果覺得生活随笔網(wǎng)站內(nèi)容還不錯(cuò),歡迎將生活随笔推薦給好友。
