IPSec - PowerPoint PPT Presentation

1 / 35
About This Presentation
Title:

IPSec

Description:

IPSec – PowerPoint PPT presentation

Number of Views:183
Avg rating:3.0/5.0
Slides: 36
Provided by: Walla153
Category:
Tags: fqdn | ipsec

less

Transcript and Presenter's Notes

Title: IPSec


1
??? ????
  • ???????????
  • IPSec

2
(No Transcript)
3
(No Transcript)
4
(No Transcript)
5
AH Header Format
Security Parameter Index (???????) 32
bit?????,????????????????????????????????? ???
(SPI) ? ????? ???? (???AH??) ??????????????
(Security Association)?
Authentication Data (??????) ???????? ( IPv4 ?
32bit ????,IPv6 ?64bit ????) ???,???? Integrity
Check Value,??????????????????
Sequence Number (??) ??? 32 bit???????,?????????
???????? ( Duplicated ) ???
6
(No Transcript)
7
ESP Header Format
Security Parameter Index (???????) 32
bit?????,?????????????????????????????????
???(SPI) ? ????? ???? (???ESP??) ??????????????
(Security Association)?
Sequence Number (??) ??? 32 bit???????,?????????
???????? ( Duplicated ) ???
Authentication Data (??????) ????????????????,?
AH ???AH ???IP ???????????
Rayload Data ( ???? )???IP Packet????IP Packet
????????
8
(No Transcript)
9
(No Transcript)
10
  • ESP?????

11
  • IP ESP????????????????
  • ?????????Security Gateway??????????
  • ???????????,?????IP??,????????

12
  • ????
  • SPI?Sequence Number ?AH???
  • Payload Data ESP?????????,?????
  • (1)???IP???????
  • (2)IP????????????
  • ????????(Tunnel Mode),????????(Transport Mode)
  • ??????SPI??????????????????

13
(No Transcript)
14
(No Transcript)
15
(No Transcript)
16
(No Transcript)
17
(No Transcript)
18
(No Transcript)
19
IPSec ?????
  • ?????IPSec Driver???IPSec Policy???????????
  • IPSec Driver??IKE????,????SA
  • IPSec Driver??SA??????????

IKE ( Internet Key Exchange ) Key ?
IPSec???????????????IPSec?????????????????????????
?????IETF???????????? Ineternet Key Exchange (
IKE )
SA ( Security Association ) ???????????????????
( SPI ) ?????? ???? ( AH?ESP ) ?????
Secure IP Packet
20
IPSec ?????(cont'd)
21
(No Transcript)
22
(No Transcript)
23
(No Transcript)
24
(No Transcript)
25
(No Transcript)
26
(No Transcript)
27
(No Transcript)
28
(No Transcript)
29
(No Transcript)
30
IPSec ??
????RedHat 7.3 ?????? ftp//ftp.xs4all.nl/pub/cr
ypto/freeswan/binaries/RedHat-RPMs/2.4.18-10/ -
RedHat 7.3 ftp//ftp.xs4all.nl/pub/crypto/freeswan
/binaries/RedHat-RPMs/2.4.18-14/ - Redhat
8.0 1.freeswan-module-1.99_2.4.18_10-0.i386.rpm 2.
freeswan-1.99_2.4.18_10-0.i386.rpm ?? rpm Uvh
?? ?? ipsec service service ipsec start
31
IPSec ??
  • FreeS/WAN relies on two configuration files
  • /etc/ipsec.conf
  • Setup
  • Default parameter
  • Configuration of the tunnel
  • /etc/ipsec.secrets
  • private RSA keys
  • shared secrets

32
IPSec ??
42.42.42.1/24
42.42.42.0/24
hostnameleft (???)IP192.168.0.254
hostnameright (???)IP192.168.0.253
  • ? left ? right ? install ?? rpm
  • ? left (192.168.0.254) ??1. print your IPsec
    public key ipsec showhostkey left
    RSA 2192 bits left leftrsasigkey0sAQOn
    wiBPt...

2. get rightrsasigkey ssh right ipsec
showhostkey right RSA 2192 bits right
rightrsasigkey0sAQOqH55O
33
IPSec ??
3. Edit /etc/ipsec.conf conn left-to-right
??????????
left192.168.0.254 ????? ip
( ??? server ? ip ) leftsubnet42.42.42.0/
24 ???????? subnet ( ?????? )
leftid_at_left.example.com ????? FQDN
(??? server ? ip ) leftrsasigkey0s1LgR7/o
UM... ????? public key
leftnexthopX.X.X.X ?????
gateway right192.168.0.253
????? ip ( ??? server ? ip )
rightsubnet42.42.42.1/24 ??????
rightid_at_right.example.com ????? FQDN (
??? server ? ip ) rightrsasigkey0sAQOqH55
O... ????? public key rightnexthop
X.X.X.X ????? gateway
autostart
?????? ipsec tunnel 4.???? /etc/ipsec.conf copy
?????(????server ) scp /etc/ipsec.conf
root_at_right.exampel.com/etc/ipsec.conf
34
RHS346
  • ( Developing Red Hat VPN Solutions )
  • ?? CIPE??VPN
  • ?? PPTP??VPN
  • ???? Windows 95/98/NT/2000/XP?? PPTP Server
  • ??IPSec??VPN

35
Reference Site
  • Linux FreeS/WAN team http//www.freeswan.org/
  • Secure VPN Gateway in Redhat 7.3
    http//www.hkes.com/themes/hkes/resources/secure_v
    pn_gateway_in_redhat.htm
  • Virtual Private Network Consortium- www.vpnc.org
  • The Automotive Network Exchange - www.anxo.com
  • National Institute of Standards and Technology -
    www-08.nist.gov
  • RADIUS - www.funk.com/RADIUS
  • TACACS - www.easynet.de/tacacs-faq
  • Commercial Encryption Export Controls -
    www.bxa.doc.gov/Encryption
  • Encryption Privacy and Security Resource Page -
    www.crypto.com
  • VPN info on the WEB - kubarb.phsx.ukans.edu/tbird
    /vpn.html
  • http//www.spenneberg.org/
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "IPSec" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!