CENT-SRV #cd /etc/ssl #openssl req -new -out client.req -newkey rsa:2048 -nodes -keyout client.key #openssl ca -in client.req -out client.crt ※CN=client #openssl pkcs12 -export -in client.crt -inkey client.key -certfile cacert.pem -out client.pfx 이 client.pfx와 cacert.pem을 각각 WORK-PC의 client.pfx는 개인용으로 cacert.pem은 신뢰할 수 있는 인증기관으로 복사한다. WORK-SW2 conf t aaa new-model radius server RADIUS address ip..

CENT-SRV vim /etc/ssl/openssl.cnf #vim /usr/lib/ssl/misc/CA.pl #/usr/lib/ssl/misc/CA.pl –newca ※CN=CA ※Password = korea2021## #cp /etc/ssl/CA/cacert.pem /usr/local/share/ca-certificates/ca.crt #update-ca-certificates #cd /etc/ssl #openssl req -new -out srv.req -newkey rsa:2048 -keyout srv.key ※개인키 값은 korea2021##, CN=srv #openssl ca -in srv.req -out srv.crt #chmod 777 srv.* #cp /etc/ssl/CA/cacert..

CENT-FW conf t access-list OUT-TO-IN extended permit tcp 110.240.50.0 255.255.255.0 host 172.16.0.1 eq 80 access-list OUT-TO-IN extended permit tcp 110.240.50.0 255.255.255.0 host 172.16.0.1 eq 443 access-group OUT-TO-IN in interface OUTSIDE CENT-SRV #cd /etc/ssl/ #openssl req –new –out www.req –newkey rsa:2048 –nodes –keyout www.key ※CN=www.skills2021.kr WORK-R end crypto pki server SKILLS-CA r..

WORK-R conf t ip dhcp pool DHCP network 192.168.0.0 255.255.255.0 default-router 192.168.0.254 option 150 ip 192.168.0.254 ipv6 dhcp pool DHCPv6 address prefix 2001:10:101:2::/64 dns-server 2001:10:202:2::1 exit int gig0/0/0.10 ipv6 dhcp server DHCPv6 ipv6 nd managed-config-flag ipv6 nd prefix default 14400 14400 no-autoconfig CENT-FW conf t dhcpd address 172.16.0.150-172.16.0.180 INSIDE dhcpd o..

WORK-R conf t crypto pki trustpoint VPN enrollment url http://203.230.10.1 ip-address 203.230.10.1 subject-name CN=203.230.10.1 revocation-check none exit crypto pki authenticate VPN [yes/no]:yes crypto pki enroll VPN ※암호: korea2021## [yes/no]:yes [yes/no]:yes CENT-R conf t crypto pki trustpoint VPN enrollment url http://203.230.10.1 ip-address 107.58.56.1 subject-name CN=107.58.56.1 revocation-..

CENT-SRV #apt –y install apache2 tftpd-hpa #vim /etc/default-tftpd-hpa #systemctl restart tftpd-hpa #chown tftp:tftp /var/www/html EX-R conf t clock calendar-valid ip domain-name skills2021.kr crypto pki server ROOTCA database url flash: grant auto database level complete issuer-name CN=ROOTCA hash sha256 no shutdown ※암호: korea2021## exit ip http server WORK-R conf t clock calendar-valid ip doma..

1) DNS CENT-R conf t ip nat inside source static udp 172.16.0.1 53 107.58.65.1 53 ip nat inside source static tcp 172.16.0.1 53 107.58.65.1 53 CENT-FW conf t access-list OUT-TO-IN extended permit udp 110.240.50.0 255.255.255.0 host 172.16.0.1 eq domain access-list OUT-TO-IN extended permit tcp 110.240.50.0 255.255.255.0 host 172.16.0.1 eq domain access-group OUT-TO-IN in interface OUTSIDE EX-FW ..

1) IPv4 Routing WORK-R conf t router ospf 7 network 203.230.10.0 0.0.0.3 a 0 network 1.1.1.0 0.0.0.255 a 0 area 0 authentication message-digest default-information originate always exit int gig0/0/1 ip ospf message-digest-key 1 md5 korea2021## EX-R conf t router ospf 7 network 203.230.10.0 0.0.0.3 a 0 network 107.58.65.0 0.0.0.3 a 0 network 140.30.2.0 0.0.0.3 a 0 area 0 authentication message-di..

본 솔루션은 아래 장비들을 기준으로 만들어졌습니다. § Cisco ASA 5506X § Cisco 2901 ISR § Cisco Catalyst 4321 아래를 참고하여 EX-FW의 인터페이스 맵핑을 구성 하도록 합니다. Network Adapter ID ASAv Interface ID Network Adapter 1 Management 0/0 Network Adapter 2 GigabitEthernet 0/0 Network Adapter 3 GigabitEthernet 0/1 Network Adapter 4 GigabitEthernet 0/2 Network Adapter 5 GigabitEthernet 0/3 Network Adapter 6 GigabitEthernet 0/4 Network Adapte..

LEFT-R2 ※rrasmgmt.msc 실행 ROAD-DC ※dsa.msc 실행 ROAD-DC2 ※cmd 실행 repadmin /syncall /Aed VISITOR ※네트워크 공유센터 ※vpn 설정 ※powershell 실행 Add-VpnConnectionTriggerApplication -ApplicationID "C:\Program Files\Internet Explorer\iexplore.exe" -ConnectionName VPN -Force