Xin chào ! Nếu đây là lần đầu tiên bạn đến với diễn đàn, xin vui lòng danh ra một phút bấm vào đây để đăng kí và tham gia thảo luận cùng VnPro.

Announcement

Collapse
No announcement yet.

Lab cấu hình Windows server 2003 làm CA Server Phần 1

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
  • #1

    Lab cấu hình Windows server 2003 làm CA Server Phần 1

    Lab cấu hình Windows server 2003 làm CA Server


    Mô hình như sau:





    Các thiết bị bao gồm: 2 Router 2800, 1 Switch 3550, 1 Windows server 2003

    Client 1:
    Code:
    Router#config terminal
Router(config)#hostname client1
Client1(config)# interface f0/1
Client1(config-if)# ip address 172.30.2.2 255.255.255.0
Client1(config-if)# no shut
Client1(config-if)# exit
Client1(config)# interface f0/1
Client1(config-if)# ip address 192.168.1.2 255.255.255.0
Client1(config-if)# no shut
Client1(config-if)# exit
# cấu hình domain name cho Router
Client1(config)# ip domain-name cisco.com
Client1(config)# ip host caserver 172.30.1.2
# cấu hình trustpoint
Client1(config)# crypto ca trustpoint CA
Client1(ca-trustpoint)# enrollment url [URL]http://172.30.1.2/certsrv/mscep/mscep.dll[/URL]
Client1(ca-trustpoint)# subject-name cn=client1@vnpro.org
Client1(ca-trustpoint)# exit
Client1(config)# crypto ca authenticate CA
#cấu hình VPN
Client1(config)# crypto isakmp policy 10
Client1(config-isakmp)# hash md5
Client1(config-isakmp)# exit
Client1(config)# crypto ipsec transform-set myset esp-des esp-md5-hmac
Client1(config-crypto-trans)# exit
Client1(config)# crypto map mymap 10 ipsec-isakmp
Client1(config-crypto-map)# set peer 172.30.3.2
Client1(config-crypto-map)# set transform-set myset
Client1(config-crypto-map)# match address 101
Client1(config-crypto-map)# exit
Client1(config)# access-list 101 permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
# áp crypto map vào cổng
Client1(config)# interface f0/1
Client1(config-if)# crypto map mymap
Client1(config-if)# exit
Client1(config)#
    Client 2:
    Code:
    Router#config terminal
Router(config)#hostname client1
Client2(config)# interface f0/1
Client2(config-if)# ip address 172.30.3.2 255.255.255.0
Client2(config-if)# no shut
Client2(config-if)# exit
Client2(config)# interface f0/1
Client2(config-if)# ip address 192.168.2.2 255.255.255.0
Client2(config-if)# no shut
Client2(config-if)# exit
# cấu hình domain name cho Router
Client2(config)# ip domain-name cisco.com
Client2(config)# ip host caserver 172.30.1.2
# cấu hình trustpoint
Client2(config)# crypto ca trustpoint CA
Client2(ca-trustpoint)# enrollment url [URL]http://172.30.1.2/certsrv/mscep/mscep.dll[/URL]
Client2(ca-trustpoint)# subject-name cn=client1@vnpro.org
Client2(ca-trustpoint)# exit
Client2(config)# crypto ca authenticate CA
#cấu hình VPN
Client2(config)# crypto isakmp policy 10
Client2(config-isakmp)# hash md5
Client2(config-isakmp)# exit
Client2(config)# crypto ipsec transform-set myset esp-des esp-md5-hmac
Client2(config-crypto-trans)# exit
Client2(config)# crypto map mymap 10 ipsec-isakmp
Client2(config-crypto-map)# set peer 172.30.2.2
Client2(config-crypto-map)# set transform-set myset
Client2(config-crypto-map)# match address 101
Client2(config-crypto-map)# exit
Client2(config)# access-list 101 permit ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255
# áp crypto map vào cổng
Client2(config)# interface f0/1
Client2(config-if)# crypto map mymap
Client2(config-if)# exit
Client2(config)#

    Tác giả: Vi Thị Mưu
    Tags: ca server, ccnp, cisco, vnpro
Previous template Next
Working...
X