installing and configuring a windows server 2003 stand-alone ...

《installing and configuring a windows server 2003 stand-alone ...》由会员上传分享，免费在线阅读，更多相关内容在行业资料-天天文库。

1、INSTALLINGANDCONFIGURINGAWINDOWSSERVER2003ENTERPRISECERTIFICATIONAUTHORITYCertificationAuthorities(CAs)issuecertificatesforanumberofdifferentpurposes.InthecontextofyourISAServerfirewall/VPNserver,aCAcanprovideacertificatethatallows:·L2TP/IPSecVPNconnectionsfromVPNclientsVPNclientscanestab

2、lishL2TP/IPSecconnectionstotheISAServerfirewall/VPNserver.AmachinecertificateisrequiredtocreatetheIPSecencryptedtunnel.·L2TP/IPSecVPNconnectionsfromVPNgateways(VPNrouters)RemoteVPNgatewayscancalltheISAServerfirewall/VPNserverandestablishagatewaytogatewaylink.VPNgatewaysactasVPNroutersanda

3、llowpacketstoberoutedbetweennetworksthroughatheVPNtunnelestablishedbetweentheVPNgateways.·L2TP/IPSecVPNconnectionstoVPNserversTheISAServerfirewall/VPNservermayneedtoestablishaVPNclientconnectiontoaVPNserver.Forexample,someInternetServiceProvidersrequiremachinestoestablishaVPNconnectionwit

4、htheirownVPNservertoobtainapublicaddressfortheISAServerfirewall/VPNserver’sexternalinterface.Inthiscase.theISAServerfirewall/VPNserverisaVPNclienttotheISP’sVPNserver.·Certificate-baseduserauthenticationusingacertificatestoredontheusermachineUserscanobtaincertificatesandusethosecertificate

5、stoauthenticatewiththeVPNserver.Theusercertificateisstoredontheuser’scomputerandaVPNconnectoid(dial-upconnection)canbeconfiguredtopresentthiscertificateduringthePPP(inthiscase,EAP-TLS)userauthenticationprocess.·Certificate-baseduserauthenticationusingacertificatestoredonaSmartCardAusercer

6、tificatecanbestoredonaSmartCard.TheusercertificateisstoredonaSmartCardandtheVPNconnectoidisconfiguredtopresenttheSmartCardcertificateduringthePPP(inthiscase,EAP-TLS)userauthenticationprocess.AMicrosoftCertificateServercantakeononeoffourroles:·EnterpriseRootCA·EnterpriseSubordinateCA·Stand

7、-aloneRootCA·Stand-aloneSubordinateCAAMicrosoftEnterpriseCAhasthefollowingcharacteristics:·TheenterpriseCAmustbeamemberofaWindows2000orWindowsServer2003ActiveDirectorydomain·TheenterpriseRootCAcertificateisautomaticallyaddedtotheTrustedRootCertificationAuthoritiesno