Скачать презентацию EAGLE Getting Started and Configuration PSe_4 Konf 503 Скачать презентацию EAGLE Getting Started and Configuration PSe_4 Konf 503

0de6fb82fd57be85830a69a3794f8419.ppt

  • Количество слайдов: 60

EAGLE Getting Started and Configuration PSe_4 Konf. 503 4 -1 EAGLE Getting Started and Configuration PSe_4 Konf. 503 4 -1

Eagle Access q Preparation: m There are 2 methods for entering the Eagle for Eagle Access q Preparation: m There are 2 methods for entering the Eagle for the first time. Static ARP entry Hi. Discovery (self explanatory) m Static ARP entry is achieved by opening a command prompt on the configuration PC while attached to the secure port of the Eagle. EX. Arp –s 1. 1 00 -11 -22 -33 -44 -55 m The arp entry is transmitted in the direction of the Eagle and intercepted by the Eagle allowing WEB access @: HTTPS: //1. 1

Eagle Access q Preparation: m There are 2 methods for entering the Eagle for Eagle Access q Preparation: m There are 2 methods for entering the Eagle for the first time. Static ARP entry

Eagle Access q Login via Web Interface: Ex. HTTPS: //10. 24. 228. 222 v Eagle Access q Login via Web Interface: Ex. HTTPS: //10. 24. 228. 222 v Note the use of HTTPS in other words "encrypted" web access

Eagle Access q Login via Web Interface: Makes Sure to accept the certificate Eagle Access q Login via Web Interface: Makes Sure to accept the certificate

Eagle Access q Login via Web Interface: User Name and Login same as switches Eagle Access q Login via Web Interface: User Name and Login same as switches Admin / Private (private)

Eagle m Because it is necessary to build/establish an L 2 TP/IPSec VPN from Eagle m Because it is necessary to build/establish an L 2 TP/IPSec VPN from the "unsecured" port of the Eagle, it is necessary to establish some rules for access to the unit before we begin. Incoming Firewall rules HTTPS access from "outside" SNMPv 3 Access for encrypted login

Eagle Configuration q Firewall: Select Eagle Configuration q Firewall: Select "Firewall"

Eagle Configuration q Firewall: Select Eagle Configuration q Firewall: Select "Incoming" or "Untrusted"

Eagle q Select Eagle q Select "New"

Eagle q Select either an IP range or individual address Both incoming and outgoing Eagle q Select either an IP range or individual address Both incoming and outgoing q Select which protocols to be allowed in q Then select OK

Eagle m Because it is necessary to build/establish an L 2 TP/IPSec VPN from Eagle m Because it is necessary to build/establish an L 2 TP/IPSec VPN from the "unsecured" port of the Eagle, it is necessary to establish some rules for access to the unit before we begin. Incoming Firewall rules HTTPS access from "outside" SNMPv 3 Access for encrypted login

Eagle Configuration q External HTTPS: Select Eagle Configuration q External HTTPS: Select "Access"

Eagle Configuration q External HTTPS: Select Eagle Configuration q External HTTPS: Select "HTTPS"

Eagle q Select Eagle q Select "Yes"

Eagle q Select Eagle q Select "New" then "OK"

Eagle m Because it is necessary to build/establish an L 2 TP/IPSec VPN from Eagle m Because it is necessary to build/establish an L 2 TP/IPSec VPN from the "unsecured" port of the Eagle, it is necessary to establish some rules for access to the unit before we begin. Incoming Firewall rules HTTPS access from "outside" SNMPv 3 Access for encrypted login

Eagle Configuration q External SNMP: Select Eagle Configuration q External SNMP: Select "Access"

Eagle Configuration q External SNMP: Select Eagle Configuration q External SNMP: Select "SNMP"

Eagle q Select Eagle q Select "Yes" in both places

Eagle q Select Eagle q Select "New" then "OK"

Eagle m Because it is necessary to build/establish an L 2 TP/IPSec VPN from Eagle m Because it is necessary to build/establish an L 2 TP/IPSec VPN from the "unsecured" port of the Eagle, it is necessary to establish some rules for access to the unit before we begin. Incoming Firewall rules HTTPS access from "outside" SNMPv 3 Access for encrypted login

Eagle L 2 TP/IPSec VPN q Goal: m To establish an encrypted communication between Eagle L 2 TP/IPSec VPN q Goal: m To establish an encrypted communication between VPN client software and the Eagle TX/TX with VPN q Suggestions: m IP address scheme m Access list (IP or User) in other words how many devices(users) will have access to how many other devices(users).

Eagle L 2 TP/IPSec VPN q The diagram illustrates the machines, connections and addresses Eagle L 2 TP/IPSec VPN q The diagram illustrates the machines, connections and addresses involved in the configuration Trusted Port 192. 168. 1. 1 10. 24. 228. xxx 192. 168. 1. 3 VPN Tunnel Untrusted Port 10. 24. 228. 222 HIRSCHMANN

Eagle L 2 TP/IPSec VPN (Certificates) q There a total of 4 (x. 509) Eagle L 2 TP/IPSec VPN (Certificates) q There a total of 4 (x. 509) certificates necessary to build the intended VPN tunnel. m There are 2 "Machine" certificates with (. p 12) file extensions Windows-Certificate e. g. Win. Ma. Cert. p 12 Eagle-Certificate e. g Eagle. Ma. Cert. p 12 m There are 2 "Trusted" or "connection" certificates with (. cer or. crt) extensions CA-Certificate (trusted) e. g Trusted. CA. crt Windows-Connection e. g Win. Co. Cert. crt v It is extremely important that these 4 certificates be allocated to the proper locations. Any discrepancy in the location of these certificates will result in a security negotiation failure.

Eagle L 2 TP/IPSec VPN (Certificates) q Configuration of the Windows Management Console for Eagle L 2 TP/IPSec VPN (Certificates) q Configuration of the Windows Management Console for importing of certificates. . . Start -> Run, enter mmc and click OK. Select Console -> Add/Remove Snap-in and click Add. Select Certificates from the list and click Add. Select Computer Account and click Next. Select Local Computer and select Finish. Close the "Add Stand alone Snap-In" window. The entry Certificates (local computer) should appear in the list, Click OK. Select Console -> Save. Select Desktop from the Save In field. (Name it something Familiar to YOU!!!) and click save. Ø Close MMC by selecting Console -> Exit from the menu. Ø Ø Ø Ø Ø v You should now have an icon on your desktop for direct access into the MMC

Eagle L 2 TP/IPSec VPN (Certificates) q Import of the Trusted. CA certificates. . Eagle L 2 TP/IPSec VPN (Certificates) q Import of the Trusted. CA certificates. . . Ø Double-Click the MMC icon on your desktop Ø Right click Personal and select All Tasks -> Import Ø Select Next Ø Select Browse. Ø Select the option X. 509 Certificate (*. cer, *. crt) from Type of Files and select Trusted. CA. Ø Select Open and click Next. Ø Select the option Place all certificates in the following store and click Next. Ø Select Finish.

Eagle L 2 TP/IPSec VPN (Certificates) q Import of the Machine certificates. . . Eagle L 2 TP/IPSec VPN (Certificates) q Import of the Machine certificates. . . Ø Double-Click the MMC icon on your desktop Ø Right click Trusted Root Certificate Authority and select All Tasks -> Import Ø Select Next Ø Select Browse. Ø Select the option Personal Information Exchange (*. pfx, *. p 12) from Type of Files and select windows machine certificate. Ø Select Open and click Next. Ø Enter the password, which protects the certificate against unauthorized usage and click next. Ø Select the option Place all certificates in the following store and click Next. Ø Select Finish.

Eagle L 2 TP/IPSec VPN q Configuration of Eagle VPN settings. q From the Eagle L 2 TP/IPSec VPN q Configuration of Eagle VPN settings. q From the secure side under Router, assign an IP address to the "External Port". . . q This is the address that we will be connecting to from our VPN client. . .

Eagle L 2 TP/IPSec VPN q Configuration of Eagle VPN settings. q From the Eagle L 2 TP/IPSec VPN q Configuration of Eagle VPN settings. q From the secure side, we must change the Eagle "Network Mode" to Router. . . q This will cause a reboot on the Eagle. . .

Eagle L 2 TP/IPSec VPN q Configuration of Eagle VPN settings. v It is Eagle L 2 TP/IPSec VPN q Configuration of Eagle VPN settings. v It is important to remember now to set the PC you are connecting from to the same IP scheme and subnet as the unsecure port on the Eagle. . . q Log back into the Eagle from the UN-secure port of the Eagle and select VPN from the menu structure then "L 2 TP". . . q Select "Yes" in the "Start L 2 TP Server for IPSec/L 2 TP" line then click ok. . .

Eagle L 2 TP/IPSec VPN q Configuration of Eagle VPN settings. q Select Eagle L 2 TP/IPSec VPN q Configuration of Eagle VPN settings. q Select "Connections" then click New and name the connection. q Select OK then click Edit. . .

Eagle L 2 TP/IPSec VPN q Configuration of Eagle VPN settings. v This is Eagle L 2 TP/IPSec VPN q Configuration of Eagle VPN settings. v This is the most important section on the EDIT page as it will determine where the VPN will originate, from where we will allow the connection as well as what type of connection will be used q Make sure the connection is enabled. . . q Enter the IP address from where the connection will be allowed (%any) means from any address, q Select "Transport (L 2 TP SSH Sentinel) if you have Win. XP or the XP client. . q Then select "Wait for connection from. . . "

Eagle L 2 TP/IPSec VPN q Configuration of Eagle VPN settings. v For L Eagle L 2 TP/IPSec VPN q Configuration of Eagle VPN settings. v For L 2 TP/IPSec VPN connection from a software client, the authentication method may only be X. 509. This setting along with all the others are the defaults and can be left alone with the exception of PFS must be set to "NO"!!! q All of the other criteria on this page can be left as default!!! q Select OK. . .

Eagle L 2 TP/IPSec VPN q Configuration of Eagle VPN settings. q Click the Eagle L 2 TP/IPSec VPN q Configuration of Eagle VPN settings. q Click the configure button!

Eagle L 2 TP/IPSec VPN q Configuration of Eagle VPN settings. q Select Browse. Eagle L 2 TP/IPSec VPN q Configuration of Eagle VPN settings. q Select Browse. . .

Eagle L 2 TP/IPSec VPN q Configuration of Eagle VPN settings. q Select the Eagle L 2 TP/IPSec VPN q Configuration of Eagle VPN settings. q Select the proper certificate and click Open. . .

Eagle L 2 TP/IPSec VPN q Configuration of Eagle VPN settings. q The file Eagle L 2 TP/IPSec VPN q Configuration of Eagle VPN settings. q The file location should populate the field. q Select Import

Eagle L 2 TP/IPSec VPN q Configuration of Eagle VPN settings. q The current Eagle L 2 TP/IPSec VPN q Configuration of Eagle VPN settings. q The current certificate is shown q ***You must select the Back button here before going any further. . . !!!

Eagle L 2 TP/IPSec VPN q Configuration of Eagle VPN settings. q Then Select Eagle L 2 TP/IPSec VPN q Configuration of Eagle VPN settings. q Then Select OK to save to the Eagle.

Eagle L 2 TP/IPSec VPN q Configuration of Eagle VPN settings. q Next select Eagle L 2 TP/IPSec VPN q Configuration of Eagle VPN settings. q Next select machine certificate from the menu q Select browse

Eagle L 2 TP/IPSec VPN q Configuration of Eagle VPN settings. q Select the Eagle L 2 TP/IPSec VPN q Configuration of Eagle VPN settings. q Select the Eagle Machine Certificate q Click Open

Eagle L 2 TP/IPSec VPN q Configuration of Eagle VPN settings. q The file Eagle L 2 TP/IPSec VPN q Configuration of Eagle VPN settings. q The file location should populate the field. q Enter the pre-assigned password q Select Import q Then select OK!!!

Eagle L 2 TP/IPSec VPN q Connection from the Windows VPN Client q Under Eagle L 2 TP/IPSec VPN q Connection from the Windows VPN Client q Under "Network Connection" from your PC, select "Create New Connection"

Eagle L 2 TP/IPSec VPN q Connection from the Windows VPN Client q Under Eagle L 2 TP/IPSec VPN q Connection from the Windows VPN Client q Under "Network Connection" from your PC, select "Create New Connection"

Eagle L 2 TP/IPSec VPN q Connection from the Windows VPN Client Eagle L 2 TP/IPSec VPN q Connection from the Windows VPN Client

Eagle L 2 TP/IPSec VPN q Connection from the Windows VPN Client Eagle L 2 TP/IPSec VPN q Connection from the Windows VPN Client

Eagle L 2 TP/IPSec VPN q Connection from the Windows VPN Client Eagle L 2 TP/IPSec VPN q Connection from the Windows VPN Client

Eagle L 2 TP/IPSec VPN q Connection from the Windows VPN Client Eagle L 2 TP/IPSec VPN q Connection from the Windows VPN Client

Eagle L 2 TP/IPSec VPN q Connection from the Windows VPN Client Eagle L 2 TP/IPSec VPN q Connection from the Windows VPN Client

Eagle L 2 TP/IPSec VPN q Connection from the Windows VPN Client Eagle L 2 TP/IPSec VPN q Connection from the Windows VPN Client

Eagle L 2 TP/IPSec VPN q Connection from the Windows VPN Client Eagle L 2 TP/IPSec VPN q Connection from the Windows VPN Client

Eagle L 2 TP/IPSec VPN q Connection from the Windows VPN Client Eagle L 2 TP/IPSec VPN q Connection from the Windows VPN Client

Eagle L 2 TP/IPSec VPN q Connection from the Windows VPN Client Eagle L 2 TP/IPSec VPN q Connection from the Windows VPN Client

Eagle L 2 TP/IPSec VPN q Connection from the Windows VPN Client Eagle L 2 TP/IPSec VPN q Connection from the Windows VPN Client

Eagle L 2 TP/IPSec VPN q Connection from the Windows VPN Client Eagle L 2 TP/IPSec VPN q Connection from the Windows VPN Client

Eagle L 2 TP/IPSec VPN q Connection from the Windows VPN Client Eagle L 2 TP/IPSec VPN q Connection from the Windows VPN Client

Eagle L 2 TP/IPSec VPN q Connection from the Windows VPN Client Eagle L 2 TP/IPSec VPN q Connection from the Windows VPN Client

Eagle L 2 TP/IPSec VPN q Functioning Tunnel q If you rememeber earlier when Eagle L 2 TP/IPSec VPN q Functioning Tunnel q If you rememeber earlier when we turned the "L 2 TP Service" On, there was a connection range of IP addresses. q These addresses are assigned to the remote PC that authenticates or tunnels to the Eagle. . .