CENT-SRV ※배포파일인 anyconnect.xml파일을 /var/www/html안에 acvpn.xml라는 파일로 복사 CENT-R conf t crypto key generate rsa general-keys label VPN-KEY mod 2048 crypto pki trustpoint VPN-TP enrollment url http://203.230.10.1 usage ike usage ssl-server fqdn vpn.skills2021.kr subject-name CN=vpn.skills2021.kr rsakeypair VPN-KEY revocation-check none auto-enroll eku request server-auth client-auth ipsec-end-system i..
EX-R, WORK-R, CENT-R conf t snmp-server community SNMP ro snmp-server location DaeJeon snmp-server contact admin@skills2021.kr ISP #apt –y install apache2 php7.0 libapache2-mod-php7.3 snmp #mkdir /var/www/monit #vim /var/www/monit/index.php #cd /etc/apache2/sites-available #cp 000-default.conf monit.conf #vim monit.conf
CENT-SRV #cd /etc/ssl #openssl req -new -out client.req -newkey rsa:2048 -nodes -keyout client.key #openssl ca -in client.req -out client.crt ※CN=client #openssl pkcs12 -export -in client.crt -inkey client.key -certfile cacert.pem -out client.pfx 이 client.pfx와 cacert.pem을 각각 WORK-PC의 client.pfx는 개인용으로 cacert.pem은 신뢰할 수 있는 인증기관으로 복사한다. WORK-SW2 conf t aaa new-model radius server RADIUS address ip..
CENT-SRV vim /etc/ssl/openssl.cnf #vim /usr/lib/ssl/misc/CA.pl #/usr/lib/ssl/misc/CA.pl –newca ※CN=CA ※Password = korea2021## #cp /etc/ssl/CA/cacert.pem /usr/local/share/ca-certificates/ca.crt #update-ca-certificates #cd /etc/ssl #openssl req -new -out srv.req -newkey rsa:2048 -keyout srv.key ※개인키 값은 korea2021##, CN=srv #openssl ca -in srv.req -out srv.crt #chmod 777 srv.* #cp /etc/ssl/CA/cacert..
CENT-FW conf t access-list OUT-TO-IN extended permit tcp 110.240.50.0 255.255.255.0 host 172.16.0.1 eq 80 access-list OUT-TO-IN extended permit tcp 110.240.50.0 255.255.255.0 host 172.16.0.1 eq 443 access-group OUT-TO-IN in interface OUTSIDE CENT-SRV #cd /etc/ssl/ #openssl req –new –out www.req –newkey rsa:2048 –nodes –keyout www.key ※CN=www.skills2021.kr WORK-R end crypto pki server SKILLS-CA r..
WORK-R conf t ip dhcp pool DHCP network 192.168.0.0 255.255.255.0 default-router 192.168.0.254 option 150 ip 192.168.0.254 ipv6 dhcp pool DHCPv6 address prefix 2001:10:101:2::/64 dns-server 2001:10:202:2::1 exit int gig0/0/0.10 ipv6 dhcp server DHCPv6 ipv6 nd managed-config-flag ipv6 nd prefix default 14400 14400 no-autoconfig CENT-FW conf t dhcpd address 172.16.0.150-172.16.0.180 INSIDE dhcpd o..
WORK-R conf t crypto pki trustpoint VPN enrollment url http://203.230.10.1 ip-address 203.230.10.1 subject-name CN=203.230.10.1 revocation-check none exit crypto pki authenticate VPN [yes/no]:yes crypto pki enroll VPN ※암호: korea2021## [yes/no]:yes [yes/no]:yes CENT-R conf t crypto pki trustpoint VPN enrollment url http://203.230.10.1 ip-address 107.58.56.1 subject-name CN=107.58.56.1 revocation-..
CENT-SRV #apt –y install apache2 tftpd-hpa #vim /etc/default-tftpd-hpa #systemctl restart tftpd-hpa #chown tftp:tftp /var/www/html EX-R conf t clock calendar-valid ip domain-name skills2021.kr crypto pki server ROOTCA database url flash: grant auto database level complete issuer-name CN=ROOTCA hash sha256 no shutdown ※암호: korea2021## exit ip http server WORK-R conf t clock calendar-valid ip doma..
1) DNS CENT-R conf t ip nat inside source static udp 172.16.0.1 53 107.58.65.1 53 ip nat inside source static tcp 172.16.0.1 53 107.58.65.1 53 CENT-FW conf t access-list OUT-TO-IN extended permit udp 110.240.50.0 255.255.255.0 host 172.16.0.1 eq domain access-list OUT-TO-IN extended permit tcp 110.240.50.0 255.255.255.0 host 172.16.0.1 eq domain access-group OUT-TO-IN in interface OUTSIDE EX-FW ..
1) IPv4 Routing WORK-R conf t router ospf 7 network 203.230.10.0 0.0.0.3 a 0 network 1.1.1.0 0.0.0.255 a 0 area 0 authentication message-digest default-information originate always exit int gig0/0/1 ip ospf message-digest-key 1 md5 korea2021## EX-R conf t router ospf 7 network 203.230.10.0 0.0.0.3 a 0 network 107.58.65.0 0.0.0.3 a 0 network 140.30.2.0 0.0.0.3 a 0 area 0 authentication message-di..