NetAttest EPS 設定例

1 NetAttest EPS Cisco ASA 5510 Case AnyConnect Version - 2 - 2013/08/27 NetAttest Copyright 2013, Soliton Systems , All rights reserved. - 3 - 2013/08/27 NetAttest EPS Cisco Systems Cisco ASA 5510 IP ABCD abcd1234 (normal) ABCD abcd1234 (bold) ABCD abcd1234 (italic) [ ] [ 1]+[ 2] [ 1] [ 2] - 4 - 2013/08/27 ( )

2 %, $, > # [filename] [ ] filename ( ) NetAttest EPS ASA 5510 - 5 - 2013/08/27 1 .. 7 1-1 .. 7 1-2 .. 8 2 NetAttest EPS .. 9 2-1 .. 10 2-2 .. 11 2-3 .. 12 2-4 .. 13 3 ASA 5510.

3 14 3-1 .. 15 3-2 .. 17 4 ASA 5510 PKI .. 18 4-1 CSR (ASA 5510) .. 19 4-2 ( NetAttest EPS) .. 22 4-3 ( NetAttest EPS) .. 23 4-4 ( NetAttest EPS) .. 24 4-5 CA ( NetAttest EPS) .. 25 4-6 CA (ASA 5510).. 26 4-7 (ASA 5510) .. 28 5 ASA 5510 .. 29 5-1 IP .. 30 5-2 AAA (RADIUS ) .. 31 5-3 AnyConnect VPN Connection Setup Wizard .. 33 6 Windows AnyConnect .. 38 6-1 PC .. 39 6-2 Windows AnyConnect .. 41 7 iOS AnyConnect.

4 42 7-1 iPad .. 43 7-2 iOS AnyConnect .. 44 - 6 - 2013/08/27 8 .. 45 8-1 PC AnyConnect SSL-VPN .. 45 8-2 iPad AnyConnect SSL-VPN .. 46 - 7 - 2013/08/27 1 1-1 - 8 - 2013/08/27 1-2 1-2-1 SW Authentication Server Soliton Systems NetAttest EPS-ST03 Ve r. 4 . RADIUS (SSL VPN ) Cisco Systems ASA 5510 Ve (1) Client PC Lenovo ThinkPad X200 Windows XP SP3 Client Tablet Apple iPad iOS 5 AP BUFFALO WAPM-APG300N - 1-2-2 +ID Password 1-2-3 EPS-ST03 ASA 5510 Client PC Client Ta b l e t AP IP DHCP ( AP ) DHCP ( AP ) RADIUS port (Authentication) TCP 1812 RADIUS port (Accounting) TCP 1813 RADIUS Secret (Key) secret - 9 - 2013/08/27 2 NetAttest EPS NetAttest EPS 1.

5 2. 3. 4. - 10 - 2013/08/27 2-1 IP - 11 - 2013/08/27 2-2 CA LDAP RADIUS RADIUS NAS/RADIUS CA CA 2048 CA naca00 NAS/RADIUS CiscoASA IP (Authenticator)

6 Secret - 12 - 2013/08/27 2-3 NetAttest EPS user01 ID user01 password - 13 - 2013/08/27 2-4 NetAttest EPS ( ) 365 password PKCS#12 - 14 - 2013/08/27 3 ASA 5510 ASDM ASA 5510 1. 2. - 15 - 2013/08/27 3-1 ASA 5510 ASDM(Adaptive Security Device manager ) ASDM (1)

7 ASA 5510 Ethernet0/0 inside LAN interface Ethernet0/1 outside AnyConnect interface ASA 5510 ASA 5500 - 16 - 2013/08/27 [Enable traffic between two or more interfaces which are configured with same security levels] - 17 - 2013/08/27 3-2 NetAttest EPS Configuration - Device Setup - System Time - Clock Time Zone To k y o - 18 - 2013/08/27 4 ASA 5510 PKI 1.

8 CSR (ASA 5510) 2. ( NetAttest EPS) 3. ( NetAttest EPS) 4. ( NetAttest EPS) 5. CA ( NetAttest EPS) 6. CA (ASA 5510) 7. (ASA 5510) - 19 - 2013/08/27 4-1 CSR (ASA 5510) ASA 5510 CSR(Certificate Signing Request) Configuration - Device Management - Certificate Management - Ident ity Certificates Add - 20 - 2013/08/27 [Add Identity Certificate] Add a new identity certificate [Key Pair] New Key Pair [Certificate Subject DN] Advanced FQDN Ciscoasa Key Pair Certificate Subject DN CN:Ciscoasa O.

9 Cisco Systems C:US NetAttest EPS CN - 21 - 2013/08/27 Add Certificate CSR - 22 - 2013/08/27 4-2 ( NetAttest EPS) ASA 5510 CSR NetAttest EPS ASA 5510 NetAttest EPS ( ) CSR - 23 - 2013/08/27 4-3 ( NetAttest EPS) CA ( :2181/caadmin/) ( ) - 24 - 2013/08/27 4-4 ( NetAttest EPS) ( ) - 25 - 2013/08/27 4-5 CA ( NetAttest EPS) NetAttest EPS CA CA PEM ( ) - 26 - 2013/08/27 4-6 CA (ASA 5510) NetAttest EPS CA ( )

10 ASA 5510 Configuration - Device Management - Certificate Management - CA Certificates Install From a file - 27 - 2013/08/27 CA CRL - 28 - 2013/08/27 4-7 (ASA 5510) NetAttest EPS Configuration - Device Management - Certificate Management - Ident ity Certificates - 29 - 2013/08/27 5 ASA 5510 ASA 5510 1. IP 2. AAA (RADIUS ) 3. AnyConnect VPN Connection Setup Wizard - 30 - 2013/08/27 5-1 IP AnyConnect SSL-VPN VPN IP Configuration - Remote Access VPN - Network (Client) Access - Addr ess Assignment Address Pools Add [Add IP Pool] IP Name pool-sample Starting IP Address Ending IP Address Subnet Mask - 31 - 2013/08/27 5-2 AAA (RADIUS )