04.Ipsec With CA
-
Upload
nguyenthanhan -
Category
Documents
-
view
13 -
download
0
Transcript of 04.Ipsec With CA
Lab thc hnh IP Sec with CA
Lab thc hnh IP Sec with CA
IP Sec With CAI. M hnh
II. Chun b
Thc hin bi Lab ny cn c 2 my Windows Server 2003 My Server 1 l my CA
IP Address: 192.168.2.1
Subnet mask: 255.255.255.0
My Server 2
IP Address: 192.168.2.2 Subnet mask: 255.255.255.0
III. Thc hin
Bc 1. Ci t Stand alone CABc 1.1. Vo Start ( Setting ( Control Panel ( Add/Remove Programs ( Chn Add/Remove Windows Components ( Ko thanh trc chn mc Application Server ( Nhn Details..
Bc 1.2. nh du chn ASP.NET ( OK. Qu trnh ci t din ra ( FinishLu . Hon thnh xong vic ci t ASP.NET mi sang bc tip theo.
Bc 1.3. Quay tr li Windows Components ( Chn Certificate Services
Bc 1.4. Chn Stand-alone root CA ( Next
Bc 1.5. Common name for this CA: ChungThuc_DC1 ( Next
Bc 1.6. Gi nguyn ng dn mc nh ( Next
Bc 1.7. Hp thoi Active Server Pages ( Chn Yes
Bc 1.8. Qu trnh ci t hin hp thoi Microsoft Certificate Services ( Chn Yes
Bc 1.9. Ci t thnh cng ( Finish
Bc 2. Thm Certificates v IP Security Policy Management vo mmcBc 2.1. Vo Start ( Run ( g mmc ( OK
Bc 2.2. Chn menu File ( Add/Remove Snap-in( Certificates ( Add ( Hin hp thoi Certificates Snap-in ( Chn vo Computer account ( Next ( Finish
Bc 2.3. Trong hp thoi Add Standalone Snap-in ( Chn IP Security Policy Management ( Add ( Close ( OKChn menu File ( Save As ( Desktop. t tn file l DC1
Bc 2.4. Thc hin cc bc tng t cho my DC2
Bc 3. Computer xin Certificate
Bc 3.1. M IE truy cp http://192.168.2.1/certsrv ( Chn Request a certicate
Bc 3.2. Chn advanced certificate request
Bc 3.3. Chn Create and submit a request to this CA.
Bc 3.4. in thng tin ca DC1 vo mc Identifying Information ( Ti mc Key Options ( Chn vo Store certificate in the local computer certificate store ( Nhn Submit
Bc 3.5. Chn Yes
Bc 3.6. Thc hin tng t cc bc trn vi my DC2
Bc 4. Chng thc Certificate cho cc myBc 4.1. Logon vo Administrator ( Vo Start ( Programs ( Administrative Tool ( Certificate Authority
Bc 4.2. M phn Pending Request ( Khung bn phi 2 CA ca DC1 v DC2 ang ch Issue ( Chut phi chn All Task ( Issue
Bc 4.3. Vo mc Issued Certificates coi chng thc CA
Bc 5. My tnh install Cretificate
Bc 5.1. M IE truy cp http://192.168.2.1/certsrv ( Chn View the status of a pending certificate request
Bc 5.2. Chn Client Authentication Certificate
Bc 5.3. Chn Install this certificate
Bc 5.4. Chn Yes
Bc 5.5. Ci t Certificate thnh cng
Bc 5.6. Thc hin tng t cc bc trn vi my DC2
Bc 6. Share key chng thc cho my DC2Bc 6.1. Qua my DC2. Trong DC2 ( S du (+) Certificates ( Vo mc Personal ( Certificates ( Thy DC2 ( Nhp phi vo DC2 ( Chn Open ( Thy c du gch cho ( OK
Bc 6.2. Qua my DC1. Vo Start ( Run ( G gprdit.msc
Bc 6.3. Vo Windows Settings ( Chn Security Settings ( Chn Local Policies ( Chn Security Options ( Chn Account: Limit local account use of black passwords to console logon only ( Chn Disabled ( OK
Vo Run ( g gpupdate /force
Bc 6.4. Qua my DC2. Trong DC2 ( S du (+) Certificates ( Vo mc Trusted Root Certification Authorities ( Nhp phi vo ( Chn All Tasks ( Import
Bc 6.5. Hin hp thoi Welcome ( Next ( Ti phn File to Import ( Chn Browse
Bc 6.6. G a ch \\192.168.2.1 (a ch IP ca DC1) ( Nhn Open
Bc 6.7. Chn CertConfig ( Chn DC1_ChungThuc_DC1.crt ( Open
Bc 6.8. Tr v phn File to Import ( Next
Bc 6.9. Qua phn Certificate Store ( Chn vo Place all certificates in the following store ( Next ( Finish
Bc 6.10. Vo mc Personal ( Certificates ( Thy DC2 ( Nhp phi vo DC2 ( Chn Open ( Khng thy c du gch cho ( OK
Bc 7. Cu hnh IPSec Bc 7.1. Ti DC1 ( Click phi IP Security Policies ( Create IP Security Policy..
Bc 7.2. Next ( Ti IP Security Policy Name ( Nhp vo: IPSec_DC1
Bc 7.4. B check Active the default
Bc 7.5. Hin hp thoi b du chn Use Add Wizard ( Add
Bc 7.6. Hin chn tag IP Filter List ( Chn All IP Traffic
Bc 7.7. Qua tag Filter Actions ( Require Security
Bc 7.8. Qua tag Authentication Methods ( Chn Remove b key Kerberos
Bc 7.9. Chn Add ( Xut hin hp thoi New Authentication Method Properties ( Chn Use a certificate from this certification authority (CA) ( Nhn Browse
Bc 7.10. Xut hin hp thoi Select Certificate ( Chn ChungThuc_DC1 ( OK ( OK ( OK ( OK
Bc 7.11. Click phi Kiem tra IPec_DC1 ( Assign
Bc 7.12. Restart IPSEC Sevices (vo Run ( nhp vo: services.msc ( Chn IPSEC Sevices ( Nhp phi chn Restart)
Bc 7.13. Thc hin tng t cc bc trn vi my DC2
Bc 8. Kim tra kt qu
My DC1 ping my DC2
Tng t my DC2 ping my DC1
Trang 14Trang 1