Using Pre-Shared Keys
- Главная
- Разное
- Дизайн
- Бизнес и предпринимательство
- Аналитика
- Образование
- Развлечения
- Красота и здоровье
- Финансы
- Государство
- Путешествия
- Спорт
- Недвижимость
- Армия
- Графика
- Культурология
- Еда и кулинария
- Лингвистика
- Английский язык
- Астрономия
- Алгебра
- Биология
- География
- Детские презентации
- Информатика
- История
- Литература
- Маркетинг
- Математика
- Медицина
- Менеджмент
- Музыка
- МХК
- Немецкий язык
- ОБЖ
- Обществознание
- Окружающий мир
- Педагогика
- Русский язык
- Технология
- Физика
- Философия
- Химия
- Шаблоны, картинки для презентаций
- Экология
- Экономика
- Юриспруденция
Lesson 5 презентация
Содержание
- 1. Lesson 5
- 2. Objectives Upon completion of this lesson, you
- 3. Overview of Remote Access Using Pre-Shared Keys
- 4. Internet service
- 5. Application server ISP ISP
- 6. IPSec Client-to-LAN Tunneling Application server 10.0.1.10
- 7. Cisco VPN Software Client for Windows
- 8. Initial Configuration of the Cisco VPN 3000 Series Concentrator for Remote Access
- 9. IPSec Server—Physical Connections
- 10. Configuration Options
- 11. GUI Table of contents Toolbar Toolbar Manager screen
- 12. Quick Configuration
- 13. Browser Configuration of the Cisco VPN 3000 Series Concentrator
- 14. IP Interfaces Ethernet 1 (private IP address) 10.0.P.5 Ethernet 2 (public IP address) 192.168.P.5
- 15. Public IP Interface Ethernet 1 (private IP
- 16. System Information
- 17. Protocols IPSec Internet
- 18. DHCP address Address Assignment DHCP server
- 19. Authentication NT domain 10.0.1.10 User authentication
- 20. Configuration of Users and Groups
- 21. Base group: Corporate Customer Service /Base/Service MIS
- 22. User and Group Policies
- 23. Group Database Internal server Group:
- 24. Admin Password
- 25. In-Depth Configuration Information
- 26. Authentication Cisco VPN Client (2.5) IKE Phase
- 27. Activate IKE Proposal 3002, 3.x or 4.x Client 2.5 Client Certicom client
- 28. Check IKE Proposal
- 29. Group Configuration—Identity /Base Training Service
- 30. Group Configuration—General Access
- 31. Group Configuration—IPSec IPSec User authentication NT domain server Internet
- 32. IKE Keepalives—DPD Application server Client DPD message
- 33. Remote Access Parameters
- 34. Client Configuration Parameters Cisco Client parameters Microsoft client parameters Common client parameters
- 35. Cisco Client Parameters Push NT domain
- 36. Tunneling Options Client Encrypt everything Client
- 37. Split Tunneling Policy— Tunnel Everything Tunnel everything
- 38. Split Tunneling Policy— Local LAN Option
- 39. Local LAN Option—Network List 10.0.1.X Client Encrypted 192.168.1.X
- 40. Split Tunneling—Before and After Before split
- 41. Split Tunneling Policy— Split Tunneling www.news.com
- 42. Split Tunneling—Network List 10.0.1.0 www.news.com Encrypted Client Clear text Clear text
- 43. Split DNS Match No match 10.0.1.0 Tunneled
- 44. Split DNS Configuration 10.0.1.0 www.news.com Tunneled DNS
- 45. DDNS DHCP server Client DNS server PC hostname PC hostname
- 46. Mode Configuration
- 47. Modifying Groups
- 48. Setting Up Group Attributes Global NT 10.0.1.10–60
- 49. Types of Authentication Group authentication User authentication
- 50. Testing Authentication Server
- 51. Public Interface— IPSec Fragmentation
- 52. Configuration of the Cisco VPN Software Client for Windows
- 53. Cisco VPN Software Client for Windows
- 54. Cisco VPN Software Client for Windows Run Mode
- 55. Main Tabs Connections Certificates Log
- 56. Menus—Connection Entries
- 57. Menus—Status
- 58. Menus—Certificates
- 59. Menus—Log
- 60. Menus—Options
- 61. Creating a New Connection—Authentication Concentrator authentication—The end user never sees this after initial configuration.
- 62. Creating a New Connection—Transport
- 63. Creating a New Connection—Backup Servers
- 64. Creating a New Connection—Dial-Up
- 65. Pre-configure Client for Remote Users oem.ini vpnclient.ini .pcf
- 66. .pcf File .pcf file—User profile
- 67. Silent Mode oem.ini—Installing the Cisco VPN Client
- 68. Client Program Menu
- 69. Setting MTU Size
- 70. Virtual Adapter
- 71. Viewing Connected Clients—Concentrator Connection Status
- 72. Viewing Connected Clients—Status Details
- 73. Summary
- 74. Summary The initial configuration of the Cisco
- 75. Summary (cont.) Mode configuration enables the Cisco
- 76. Lab Exercise
- 77. Lab Visual Objective 192.168.P.0 Student PC with
Objectives Upon completion of this lesson, you will be able to perform the following tasks: Configure the Cisco VPN 3000 Series Concentrator LAN interfaces via the CLI. Configure the Cisco VPN
Слайд 2Objectives
Upon completion of this lesson, you will be able to perform
the following tasks:
Configure the Cisco VPN 3000 Series Concentrator LAN interfaces via the CLI.
Configure the Cisco VPN 3000 Series Concentrator Client-to-LAN application using the browser.
Configure the IPSec Client.
Monitor the IPSec Client-to-LAN tunnel.
Configure the Cisco VPN 3000 Series Concentrator LAN interfaces via the CLI.
Configure the Cisco VPN 3000 Series Concentrator Client-to-LAN application using the browser.
Configure the IPSec Client.
Monitor the IPSec Client-to-LAN tunnel.
Слайд 4
Internet service
provider
Telecommuter
Corporate office
Web server
File server
Client-to-LAN
Internet
Telecommuter
Telecommuter
Telecommuter
Слайд 5
Application
server
ISP
ISP
Concentrator
PPP connectivity
Dial access
IPSec tunnel or session
Telecommuter with the Cisco VPN 3000
Series Concentrator Client
Internet
IPSec Client-to-LAN Components
Client software
PPP
IPSec standards
VPN Concentrator
Слайд 6
IPSec Client-to-LAN Tunneling
Application
server
10.0.1.10
VPN private IP address
10.0.1.5
VPN public IP
192.168.1.5
Adapter (NIC) IP address
172.26.26.1
Client
IP address
10.0.1.20
10.0.1.20
192.168.1.5
172.26.26.1
ESP
10.0.1.10
10.0.1.20
Data
ISP
Internet
Telecommuter with the Cisco VPN 3000 Series Concentrator Client
Слайд 7Cisco VPN Software Client
for Windows
Cisco VPN Software Client for Windows
Installed
on
Windows system
Слайд 9IPSec Server—Physical Connections
Console port
VPN private IP address
10.0.P.5
VPN public IP address
192.168.P.5
Power
10.0.P.10
Server
Client PC
172.26.26.P
Internet
Слайд 14IP Interfaces
Ethernet 1 (private IP address)
10.0.P.5
Ethernet 2 (public IP address)
192.168.P.5
Слайд 15Public IP Interface
Ethernet 1 (private IP address)
10.0.P.5
Ethernet 2 (public IP address)
192.168.1.5
Слайд 19
Authentication
NT
domain
10.0.1.10
User
authentication
Internet
Cisco VPN 3000 Series Concentrator Client
Computer Name: BOSTON
Domain: Domain_BOSTON
Слайд 21Base group:
Corporate
Customer Service
/Base/Service
MIS
/Base/Sales
Finance
/Base/Finance
VP of
MIS
Groups:
Departments
Users:
Individuals
VP of
Finance
Groups and Users
Слайд 26Authentication
Cisco VPN Client (2.5)
IKE Phase 1 complete
Xauth
Internal
server
Group:
Training
Concentrator
authentication
Network
authentication
(Xauth)
Cisco VPN Client
(3.0 or higher)
IKE Phase 1
Xauth
IKE Phase 1 complete
IKE Phase 1
Xauth
IKE Phase 1 complete
Internet
Слайд 32IKE Keepalives—DPD
Application
server
Client
DPD message (Are you there)
DPD message (Are you there ACK)
Worry
timer
expires
Receive
data
Internet
Слайд 34Client Configuration Parameters
Cisco Client
parameters
Microsoft client
parameters
Common client
parameters
Слайд 36Tunneling Options
Client
Encrypt
everything
Client
Clear text
Encrypted
www.news.com
Client
Encrypted
Clear
text
Clear text
Tunnel
everything
Tunnel
everything except
local LAN traffic
Split
tunneling
Слайд 38Split Tunneling Policy—
Local LAN Option
Client
Encrypted
Clear text
Everything mode
with
local LAN option
Слайд 40Split Tunneling—Before and After
Before split
tunneling
After split
tunneling
www.news.com
Client
Encrypted
Clear
text
www.news.com
Client
Encrypted
Clear
text
Слайд 43Split DNS
Match
No match
10.0.1.0
Tunneled
DNS
Client
Clear text
DNS
www.cisco.com
DNS
server
www.news.com
Слайд 44Split DNS Configuration
10.0.1.0
www.news.com
Tunneled
DNS
Client
Clear text
DNS
www.cisco.com
DNS
server
Слайд 48Setting Up Group Attributes
Global
NT
10.0.1.10–60
Engineering
RADIUS 2
10.0.20.60–90
Finance
RADIUS 5
10.0.30.50–80
Engineering group
RADIUS 5
RADIUS 2
Finance group
HR
NT
10.0.1.21
Finance
RADIUS 5
10.0.30.51
Engineering
RADIUS
2
10.0.20.71
10.0.20.71
Internet
Слайд 61Creating a New Connection—Authentication
Concentrator authentication—The end user never sees this after
initial configuration.
Слайд 67Silent Mode
oem.ini—Installing the Cisco VPN Client without user intervention
Name of the
destination folder
Identifies whether or not to restart the system after the silent installation
Слайд 74Summary
The initial configuration of the Cisco VPN 3000 Series Concentrator occurs
via the CLI.
Subsequent configuration of the Cisco VPN 3000 Series Concentrator can be performed using a browser.
Groups and users are used to assign access and usage rights.
IPSec policies are assigned to groups.
Subsequent configuration of the Cisco VPN 3000 Series Concentrator can be performed using a browser.
Groups and users are used to assign access and usage rights.
IPSec policies are assigned to groups.
Слайд 75Summary (cont.)
Mode configuration enables the Cisco VPN 3000 Series Concentrator to
push the network information to the Cisco VPN Software Client.
The Cisco VPN 3000 Series Concentrator can use several different types of authentication servers.
The Cisco VPN 3000 Series Concentrator provides extensive monitoring capabilities.
The Cisco VPN 3000 Series Concentrator can use several different types of authentication servers.
The Cisco VPN 3000 Series Concentrator provides extensive monitoring capabilities.
Слайд 77Lab Visual Objective
192.168.P.0
Student PC with
Cisco VPN Client
172.26.26.P
.1
10.0.P.0
RTS
.5
.5
.150
Cisco
VPN 3000
DHCP
server
.10
.100
RBB
172.26.26.0
