使用用户密码为客户配置VPN
This section describes how to configure a remote accessVPNVirtual Private Network. VPN enables secure access to a corporate network when located remotely. It enables a computer to send and receive data across shared or public networks as if it were directly connected to the private network, while benefiting from the functionality, security, and management policies of the private network. This is done by establishing a virtual point-to-point connection through the use of dedicated connections, encryption, or a combination of the two.on themanaged deviceforL2TPLayer-2 Tunneling Protocol. L2TP is a networking protocol used by the ISPs to enable VPN operations./ipsec互联网协议安全。IPSEC是用于安全IP通信的协议套件,可在通信会话中对每个IP数据包进行身份验证和加密。clients with user passwords.L2TPLayer-2 Tunneling Protocol. L2TP is a networking protocol used by the ISPs to enable VPN operations./ipsec互联网协议安全。IPSEC是用于安全IP通信的协议套件,可在通信会话中对每个IP数据包进行身份验证和加密。requires two levels of authentication,IKEInternet Key Exchange. IKE is a key management protocol used with IPsec protocol to establish a secure communication channel. IKE provides additional feature, flexibility, and ease of configuration for IPsec standard.SA安全协会。SA是两个网络实体之间建立共享的安全属性,以支持安全通信。authentication and user-level authentication with thePAP密码Authentication Protocol. PAP validates users by password. PAP does not encrypt passwords for transmission and is thus considered insecure.authentication protocol.IKEInternet Key Exchange. IKE is a key management protocol used with IPsec protocol to establish a secure communication channel. IKE provides additional feature, flexibility, and ease of configuration for IPsec standard.SA安全协会。SA是两个网络实体之间建立共享的安全属性,以支持安全通信。用预示键进行身份验证,您必须将其配置为IKEInternet Key Exchange. IKE is a key management protocol used with IPsec protocol to establish a secure communication channel. IKE provides additional feature, flexibility, and ease of configuration for IPsec standard.shared secret. User-level authentication is performed by the internal database of themanaged device.
Configure the following:
AAAAuthentication, Authorization, and Accounting. AAA is a security framework to authenticate users, authorize the type of access based on user credentials, and record authentication events and information about the network access and network resource consumption.database entries for username and passwords
VPNVirtual Private Network. VPN enables secure access to a corporate network when located remotely. It enables a computer to send and receive data across shared or public networks as if it were directly connected to the private network, while benefiting from the functionality, security, and management policies of the private network. This is done by establishing a virtual point-to-point connection through the use of dedicated connections, encryption, or a combination of the two.authentication profile, which defines the internal server group and the default role assigned to authenticated clients
L2TPLayer-2 Tunneling Protocol. L2TP is a networking protocol used by the ISPs to enable VPN operations./ipsec互联网协议安全。IPSEC是用于安全IP通信的协议套件,可在通信会话中对每个IP数据包进行身份验证和加密。VPNVirtual Private Network. VPN enables secure access to a corporate network when located remotely. It enables a computer to send and receive data across shared or public networks as if it were directly connected to the private network, while benefiting from the functionality, security, and management policies of the private network. This is done by establishing a virtual point-to-point connection through the use of dedicated connections, encryption, or a combination of the two.和PAP密码Authentication Protocol. PAP validates users by password. PAP does not encrypt passwords for transmission and is thus considered insecure.as thePPP点对点协议。PPP是用于在两个节点之间建立直接连接的数据链接(第2层)协议。它可以提供连接身份验证,传输加密和压缩。authentication (IKEv1Internet Key Exchange version 1. IKEv1 establishes a secure authenticated communication channel by using either the pre-shared key (shared secret), digital signatures, or public key encryption. IKEv1 operates in Main and Aggressive modes. See RFC 2409.only).
(ForIKEv1Internet Key Exchange version 1. IKEv1 establishes a secure authenticated communication channel by using either the pre-shared key (shared secret), digital signatures, or public key encryption. IKEv1 operates in Main and Aggressive modes. See RFC 2409.clients) AnIKEInternet Key Exchange. IKE is a key management protocol used with IPsec protocol to establish a secure communication channel. IKE provides additional feature, flexibility, and ease of configuration for IPsec standard.policy for preshared key authentication of theSA安全协会。SA是两个网络实体之间建立共享的安全属性,以支持安全通信。.
(ForIKEv2Internet Key Exchange version 2. IKEv2 uses the secure channel established in Phase 1 to negotiate Security Associations on behalf of services such as IPsec. IKEv2 uses pre-shared key and Digital Signature for authentication. See RFC 4306.clients) A server certificate to authenticate themanaged device客户端和一个CACertificate Authority or Certification Authority. Entity in a public key infrastructure system that issues certificates to clients. A certificate signing request received by the CA is converted into a certificate when the CA adds a signature generated with a private key. See digital certificate.certificate to authenticateVPNVirtual Private Network. VPN enables secure access to a corporate network when located remotely. It enables a computer to send and receive data across shared or public networks as if it were directly connected to the private network, while benefiting from the functionality, security, and management policies of the private network. This is done by establishing a virtual point-to-point connection through the use of dedicated connections, encryption, or a combination of the two.客户。
The following procedure describes how to configureL2TPLayer-2 Tunneling Protocol. L2TP is a networking protocol used by the ISPs to enable VPN operations./ipsec互联网协议安全。IPSEC是用于安全IP通信的协议套件,可在通信会话中对每个IP数据包进行身份验证和加密。VPNVirtual Private Network. VPN enables secure access to a corporate network when located remotely. It enables a computer to send and receive data across shared or public networks as if it were directly connected to the private network, while benefiting from the functionality, security, and management policies of the private network. This is done by establishing a virtual point-to-point connection through the use of dedicated connections, encryption, or a combination of the two.for username and password clients:
1.In thenode hierarchy, navigate to thetab.
一个。Selectfrom thetable, and then selectfrom thetable to display entries for the internal database.
b.Undertab, clickto add a new user to the internal server group.
c.Enter the和information for the client.
d.Select thecheck box to activate this entry on creation.
e.Click.
f.Click.
g.In thewindow, select the check box and click.
2.In thenode hierarchy, navigate to the配置>身份验证> L3身份验证tab.
一个。From the L3 Authentication List, select.
b.Select theserver group from the drop-down list.
c.Click.
d.Click.
e.In thewindow, select the check box and click.
3.Navigate to thetab.
一个。Expand.
b.Select thecheck box to enableL2TPLayer-2 Tunneling Protocol. L2TP is a networking protocol used by the ISPs to enable VPN operations..
c.Select thecheck box for.
d.Click.
e.Click.
f.In thewindow, select the check box and click.
4.Configure otherVPNVirtual Private Network. VPN enables secure access to a corporate network when located remotely. It enables a computer to send and receive data across shared or public networks as if it were directly connected to the private network, while benefiting from the functionality, security, and management policies of the private network. This is done by establishing a virtual point-to-point connection through the use of dedicated connections, encryption, or a combination of the two.settings as described inConfiguring a VPN for L2TP/IPsec with IKEv2, while ensuring that the following settings are selected:
In the页面,选择check box.
In the页面,选择check box as the authentication protocol.
The followingCLICommand-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions.commands configure aL2TPLayer-2 Tunneling Protocol. L2TP is a networking protocol used by the ISPs to enable VPN operations./ipsec互联网协议安全。IPSEC是用于安全IP通信的协议套件,可在通信会话中对每个IP数据包进行身份验证和加密。VPNVirtual Private Network. VPN enables secure access to a corporate network when located remotely. It enables a computer to send and receive data across shared or public networks as if it were directly connected to the private network, while benefiting from the functionality, security, and management policies of the private network. This is done by establishing a virtual point-to-point connection through the use of dedicated connections, encryption, or a combination of the two.for username and password clients usingIKEv1Internet Key Exchange version 1. IKEv1 establishes a secure authenticated communication channel by using either the pre-shared key (shared secret), digital signatures, or public key encryption. IKEv1 operates in Main and Aggressive modes. See RFC 2409.:
(主机)[mynode] (config) #vpdn group l2tp
enable
ppp authentication pap
client dns 101.1.1.245
(主机)[myNode](config)#ip本地池PW-CLIENTS 10.1.1.1 10.1.1.250
(主机)[mynode] (config) #crypto isakmp key
(主机)[mynode] (config) #crypto isakmp policy 1
验证预共享
Next, issue the following command to configure client entries in the internal database:
(主机)[mynode] #local-userdb add username
