欢迎来到天天文库
浏览记录
ID:10275139
大小:1.15 MB
页数:20页
时间:2018-06-14
《installing and configuring a windows server 2003 stand-alone ...》由会员上传分享,免费在线阅读,更多相关内容在行业资料-天天文库。
1、INSTALLINGANDCONFIGURINGAWINDOWSSERVER2003ENTERPRISECERTIFICATIONAUTHORITYCertificationAuthorities(CAs)issuecertificatesforanumberofdifferentpurposes.InthecontextofyourISAServerfirewall/VPNserver,aCAcanprovideacertificatethatallows:·L2TP/IPSecVPNconnectionsfromVPNclientsVPNclientscanestab
2、lishL2TP/IPSecconnectionstotheISAServerfirewall/VPNserver.AmachinecertificateisrequiredtocreatetheIPSecencryptedtunnel.·L2TP/IPSecVPNconnectionsfromVPNgateways(VPNrouters)RemoteVPNgatewayscancalltheISAServerfirewall/VPNserverandestablishagatewaytogatewaylink.VPNgatewaysactasVPNroutersanda
3、llowpacketstoberoutedbetweennetworksthroughatheVPNtunnelestablishedbetweentheVPNgateways.·L2TP/IPSecVPNconnectionstoVPNserversTheISAServerfirewall/VPNservermayneedtoestablishaVPNclientconnectiontoaVPNserver.Forexample,someInternetServiceProvidersrequiremachinestoestablishaVPNconnectionwit
4、htheirownVPNservertoobtainapublicaddressfortheISAServerfirewall/VPNserver’sexternalinterface.Inthiscase.theISAServerfirewall/VPNserverisaVPNclienttotheISP’sVPNserver.·Certificate-baseduserauthenticationusingacertificatestoredontheusermachineUserscanobtaincertificatesandusethosecertificate
5、stoauthenticatewiththeVPNserver.Theusercertificateisstoredontheuser’scomputerandaVPNconnectoid(dial-upconnection)canbeconfiguredtopresentthiscertificateduringthePPP(inthiscase,EAP-TLS)userauthenticationprocess.·Certificate-baseduserauthenticationusingacertificatestoredonaSmartCardAusercer
6、tificatecanbestoredonaSmartCard.TheusercertificateisstoredonaSmartCardandtheVPNconnectoidisconfiguredtopresenttheSmartCardcertificateduringthePPP(inthiscase,EAP-TLS)userauthenticationprocess.AMicrosoftCertificateServercantakeononeoffourroles:·EnterpriseRootCA·EnterpriseSubordinateCA·Stand
7、-aloneRootCA·Stand-aloneSubordinateCAAMicrosoftEnterpriseCAhasthefollowingcharacteristics:·TheenterpriseCAmustbeamemberofaWindows2000orWindowsServer2003ActiveDirectorydomain·TheenterpriseRootCAcertificateisautomaticallyaddedtotheTrustedRootCertificationAuthoritiesno
此文档下载收益归作者所有