5.permissiondenied

permissiondenied  时间:2021-03-17  阅读:()
CopyrightIBMCorporation2010TrademarksHeterogeneousIPSecsolutionbetweenAIXandWindowsPage1of14HeterogeneousIPSecsolutionbetweenAIXandWindowsAntoA.
JohnAkshayKaushikAugust24,2010Internetsecurityisamajorconcern.
InternetProtocolSecurity(IPSec)isaframeworkforasetofprotocolsthathelpsyouimplementsecurityattheIPpacketlevel.
IPSecworksacrossheterogeneousenvironmentstocreatesecuretunnelsforsafertransactions.
ThisarticletalksaboutwhatyoucangainfromconfiguringIPSectoaheterogeneousenvironmentbetweenAIXandWindows.
IntroductionIPSec(InternetProtocolSecurity)isaprotocolforsecuringIPcommunication.
ItauthenticatesandencryptseachIPpacketflowingthroughthenetwork.
Thisisparticularlyimportantwhenyoutrytointeroperatebetweendisparatesystemswithouttheworryofsecurityrisksbetweenthem.
Avirtualprivatenetwork(VPN)isanextensionofanenterprise'sprivateintranetacrossapublicnetworksuchastheInternet,creatingasecureprivateconnectionessentiallythroughaprivatetunnel.
VPNssecurelyconveyinformationacrosstheInternetconnectingremoteusers,branchoffices,andBusinessPartnersintoanextendedcorporatenetwork.
InaVPN,therearesecurityexposureseverywherealonganend-to-endpath:onthedial-uplink,inanISP'saccessbox,intheInternet,inthefirewallorrouter,andeveninthecorporateintranet.
Hence,therearisesaneedforthisVPNtobeprotected.
TheInternetEngineeringTaskForcehasrecommendedthatthetunneltrafficshouldbeprotectedwiththeIPSecprotocols.
HeterogeneityonendpointsinaVPNisextremelyhigh,anditdemandsthattheIPSecsolutionshouldworkwellwithheterogeneoussystemsandenvironments.
Hence,thisarticledealswiththeAIXIPSecsolutionandtheirconfigurationwithWindowsasanotherendpointtoshowcasetheheterogeneouscapabilityofthissolution.
ConfiguringWindows2000forIPSecTheconfigurationofIPSecforWindows2000requiresthecreationofthetunnelparametersandthekindofencryptionusingtheIPSecsnap-ins.
developerWorksibm.
com/developerWorks/HeterogeneousIPSecsolutionbetweenAIXandWindowsPage2of14CreateacustomMMCconsoleTheWindows2000machinecanbeconfiguredandmonitoredusingtheMMC(MicrosoftManagementConsole).
IPSecsnap-insneedtobeaddedtothisconsole.
1.
FromtheWindowsdesktop,clickStart,clickRun,andintheOpentextboxtypemmc.
ClickOK.
2.
OntheFilemenu,clickAdd/RemoveSnap-in.
3.
IntheAdd/RemoveSnap-indialogbox,clickAdd.
4.
IntheAddStandaloneSnap-indialogbox,clickIPSecurityPolicyManagement,andthenclickAdd.
5.
VerifythatLocalComputerisselected,andclickFinish.
6.
IntheAddStandaloneSnap-indialogbox,clickIPSecurityMonitor,andthenclickAdd.
7.
ToclosetheAddStandaloneSnap-indialogbox,clickClose.
8.
ToclosetheAdd/RemoveSnap-indialogbox,clickOK.
9.
SavethisasIPSec.
mscforfutureuse.
IPSecSnap-inCreatingIPSecpoliciesInthisstep,wecreateanddefinetheIPSecpoliciesusingtheWindowsmachinethatnegotiateswiththeothermachines.
1.
IntheMMCConsole,right-clickIPSecurityPoliciesonLocalMachine,andthenclickCreateIPSecurityPolicy.
TheIPSecurityPolicyWizardappears.
ibm.
com/developerWorks/developerWorksHeterogeneousIPSecsolutionbetweenAIXandWindowsPage3of14IPSecurityPolicyWizard2.
ClickNext.
3.
TypePolicy1asthenameofyourpolicy,andclickNext.
4.
CleartheActivatethedefaultresponserulecheckbox,ifyouwouldliketosetyourownrules,andthenclickNext.
5.
MakesuretheEditPropertiescheckboxisselected(itisbydefault),andthenclickFinish.
developerWorksibm.
com/developerWorks/HeterogeneousIPSecsolutionbetweenAIXandWindowsPage4of14IPSecPolicy1created6.
InthePropertiesdialogboxforthepolicyyouhavejustcreated,ensurethatUseAddWizardcheckboxinthelower-rightcornerisselected,andthenclickAddtostarttheSecurityRuleWizard.
7.
ClickNexttoproceedthroughtheSecurityRuleWizard,whichyoustartedattheendoftheprevioussection.
8.
SelectThisruledoesnotspecifyatunnel,(selectedbydefault)andthenclickNext.
9.
SelecttheradiobuttonforAllnetworkconnections,(selectedbydefault)andclickNext.
Creatingfilterrules1.
IntheIPFilterListdialogbox,clickAdd.
AnemptylistofIPfiltersisdisplayed.
NameyourfilterPolicy1FilterList.
ibm.
com/developerWorks/developerWorksHeterogeneousIPSecsolutionbetweenAIXandWindowsPage5of14IPFilterListPolicy1FilterList2.
MakesureUseAddWizardisselectedinthecenter-rightareaofthescreenandthenclickAdd.
ThisstartstheIPFilterWizard.
3.
ClickNexttocontinue.
4.
AcceptMyIPAddressasthedefaultsourceaddressbyclickingNext.
developerWorksibm.
com/developerWorks/HeterogeneousIPSecsolutionbetweenAIXandWindowsPage6of145.
ChooseASpecificIPaddressfromthedrop-downlistbox;enteryourPartnersIPAddress.
Here,youcanmakeIPSeccommunicatewithmultiplehosts,aswellbydefiningasubnet,andthenclickNext.
6.
ClickNexttoaccepttheprotocoltypeofAny.
7.
MakesuretheEditPropertiescheckboxiscleared(thisisthedefaultsetting),andclickFinish.
8.
ClickClosetoleavetheIPFilterListdialogboxandreturntotheNewRuleWizard.
9.
IntheFilterListdialogbox,selecttheradiobuttonnexttoPolicy1FilterList.
Policy1FilterListcreated10.
ClickNextforconfiguringfilteraction.
ConfiguringfilteractionInthissection,wedefinethedifferentactionswhichthefiltersperform.
1.
IntheFilterdialogshowninFilterActionfigure,clicktoselecttheUseAddWizardcheckbox,andthenclickAdd.
ibm.
com/developerWorks/developerWorksHeterogeneousIPSecsolutionbetweenAIXandWindowsPage7of14FilterAction2.
ClickNexttoproceedthroughtheFilterActionWizard.
3.
NamethisfilteractionPolicy1FilterActionandclickNext.
4.
IntheFilterActionGeneralOptionsdialogbox,selectNegotiateSecurity,andthenclickNext.
5.
ClickDonotcommunicatewithcomputersthatdonotsupportIPSecfromthenextwizardpage,andthenclickNexttosecureyourmachinefromintruders.
6.
SelectCustomfromthelistofsecuritymethods,andthenclicksettings.
ThissectiongivesyouopportunitytoselectwhetheryouwouldliketohaveasecuritymethodwithAH(AuthenticationHeader)orwithESP(EncapsulatingSecurityPayload).
7.
SelectEncryptionalgorithmandhashingalgorithmyouwanttouseinyourIPSectunnelstoencryptthedata.
ClickOKtocomeoutofCustomSettings.
8.
ClickNext.
developerWorksibm.
com/developerWorks/HeterogeneousIPSecsolutionbetweenAIXandWindowsPage8of14Selectingsecuritymethods9.
MakesuretheEditPropertiescheckboxiscleared(thisisthedefaultsetting),andthenclickFinishtoclosethiswizard.
10.
IntheFilterActiondialog,clicktheradiobuttonnexttoPolicy1FilterAction,andthenclickNext.
11.
IntheAuthenticationmethod,selecttheradiobuttonnexttoUsethisstringtoprotectthekeyexchange(presharedkey).
Youcanalsospecifythecertificatesifyoudon'twishtousethesymmetricpresharedkeys.
12.
GivethepresharedkeyyouwanttouseforauthenticationinIPSectunnel(forexample12345)andclickNext.
13.
MakesuretheEditpropertiescheckboxiscleared(thisisthedefaultsetting)andthenclickFinish.
Youhavejustconfiguredthefilteractionthatwillbeusedduringnegotiationswithyourpartner.
Notethatyoucanre-usethisfilteractioninotherpolicies.
14.
InthePropertiespagethatisnowdisplayed,clickClose.
YouhavesuccessfullyconfiguredanIPSecPolicy.
ibm.
com/developerWorks/developerWorksHeterogeneousIPSecsolutionbetweenAIXandWindowsPage9of14IPSecPolicy1createdAssigningpolicyRightclickonthepolicyyouhavejustcreatedandclickAssign.
Policy1assignedasIPSecSecurityPolicyConfiguringAIXforIPSecFortheIPSecnegotiationtogothrough,weneedtoopenupafewportsandprotocolsonthefirewall.
Theyare:developerWorksibm.
com/developerWorks/HeterogeneousIPSecsolutionbetweenAIXandWindowsPage10of14PortsandprotocolsforIPSec-UDPport500(forISAKMPtraffic)Protocol-IPProtocol50(forESPtraffic)-IPProtocol51(forAHtraffic)-Andanyotherportaccordingtoyourenvironment.
AIXIPSecprerequisitesInstallAIXIPSecsoftwareandputonlatestIPSecpatches:IPSecfilesetsbos.
msg.
en_US.
net.
ipsecbos.
net.
ipsec.
keymgtbos.
net.
ipsec.
rtebos.
net.
ipsec.
websmbos.
crypto-privgskak.
rteTostarttheIPsecurityonAIX,runthefollowingcommand:Smittyipsec4------->start/stopIPSecurity-startIPSecurityStartIPsecurityTypeorselectvaluesinentryfields.
PressEnterAFTERmakingalldesiredchanges.
[EntryFields]StartIPSecurity[NowandAfterReboot]DenyAllNon_SecureIPPackets[no]PressEntertostarttheIPsecurity.
RunthefollowingcommandtocheckthestateoftheIPSecdevices.
#lsdev-CcipsecBoththedevicesshouldbeintheavailablestate(ipsec_v4andipsec_v6).
#lsdev-Ccipsecipsec_v4AvailableIPVersion4SecurityExtensionipsec_v6AvailableIPVersion6SecurityExtensionToconfiguretheIPSeconAIX,wefirstneedtocreatetheIPSecconfigurationfile.
ThisfileshouldbeinXMLfileformat.
SampleXMLfile(SavethefilewiththenameIPSECpolicy1)UpdatenewIPSecconfigurationintheIKEdatabase1.
WefirstneedtoremovethepreviousIPSecconfigurationintheIKEdatabase,andthenputthenewconfigurationfileintheikedb.
2.
Toremovethepreviousconfiguration,runthefollowingcommand:#ikedb-xP1_ITDdatabasecreatedsuccessfullyP2_ITDdatabasecreatedsuccessfullyP1_PREKEYdatabasecreatedsuccessfullyPROPOSAL_LISTdatabasecreatedsuccessfullyPROPOSALdatabasecreatedsuccessfullyPOLICYdatabasecreatedsuccessfullyGROUPdatabasecreatedsuccessfullyNDBM:/etc/ipsec/inet/DB/privkey3.
Toputthenewconfigurationfileinthedatabase,runthefollowingcommand:#ikedb-pIPSECpolicy1Checkifallthethreedaemons(tmd,isakmpdandcpsd)arerunning.
Thetmddaemontakescareofthetunnelmanagement,andtheisakmpddaemontakescareoftheIKEnegotiation.
Ifwearenotusingcertificatesforauthentication,thereisnoneedforthecpsddaemontorun.
Tostartthedaemons,runthefollowingcommand:#startsrc-gike0513-059ThecpsdSubsystemhasbeenstarted.
SubsystemPIDis434304.
0513-059ThetmdSubsystemhasbeenstarted.
SubsystemPIDis315554.
0513-059TheisakmpdSubsystemhasbeenstarted.
SubsystemPIDis401504.
Runthefollowingcommandtocheckifthedaemonsarestartedornot.
Ifthedaemonisstarted,thestatusofthatdaemonshouldbeactive.
#lssrc-gikeSubsystemGroupPIDStatuscpsdike241894activetmdike315550activeisakmpdike319648activeRunthefollowingcommandtocheckifanyIPSectunnelisactive:#ikecmd=listNotunnelsmatchyourrequest.
Ifyoudonotfindthetunnelsbetweenthemachinesyouactuallyintendtohavethetunnel,thenrunthefollowingcommandtoactivatethetunnels:#ikecmd=activatePhase2tunnel1activaterequestinitiated.
ibm.
com/developerWorks/developerWorksHeterogeneousIPSecsolutionbetweenAIXandWindowsPage13of14Nowtheikecmdcommandshouldlistthestateofthetunnelsforyou.
#ikecmd=listPhaseTunIdStatusLocalIdRemoteId11Dormant9.
124.
101.
1389.
124.
101.
17521Dormant9.
124.
101.
1389.
124.
101.
175Weneedtopingtheremotehosttoactivatethetunnels.
Oneortwopingrequestmaybedenieduntilthetunnelsbecomeactive.
Therequestswillbesuccessfulfromthenon.
#ping9.
124.
101.
175PING9.
124.
101.
175(9.
124.
101.
175):56databytesping:sendto:Permissiondeniedping:wrote9.
124.
101.
17564chars,ret=-164bytesfrom9.
124.
101.
175:icmp_seq=1ttl=255time=0ms64bytesfrom9.
124.
101.
175:icmp_seq=2ttl=255time=0ms64bytesfrom9.
124.
101.
175:icmp_seq=3ttl=255time=0msNowyouhavecreatedasuccessfulAIXtoWindowsIPSectunnelthatcanbefurtherusedforsecurecommunicationoverthenetwork.
ConclusionThisarticleshowcasestheabilityofAIXIPSectoworkacrossheterogeneousenvironments.
SimilartotheWindowsIPSecconfigurationreviewedinthisarticle,youcantryusingotheroperatingsystemstocommunicatesecurelywithAIXusingIPSec.
Doingsocanprovidegreatersecurityinaninsecurepublicnetworkwithheterogeneoussystems.
developerWorksibm.
com/developerWorks/HeterogeneousIPSecsolutionbetweenAIXandWindowsPage14of14RelatedtopicsAnIllustratedGuidetoIPSecpSeriesandAIXInformationCenterInternetInformationServices(IIS)7.
0Administrator'sPocketConsultantbyWilliamR.
StanekStep-by-stepguidetoInternetProtocolSecurity(IPSec)Windows2000ServerCopyrightIBMCorporation2010(www.
ibm.
com/legal/copytrade.
shtml)Trademarks(www.
ibm.
com/developerworks/ibm/trademarks/)

NameCheap优惠活动 新注册域名38元

今天上午有网友在群里聊到是不是有新注册域名的海外域名商家的优惠活动。如果我们并非一定要在国外注册域名的话,最近年中促销期间,国内的服务商优惠力度还是比较大的,以前我们可能较多选择海外域名商家注册域名在于海外商家便宜,如今这几年国内的商家价格也不贵的。比如在前一段时间有分享到几个商家的年中活动:1、DNSPOD域名欢购活动 - 提供域名抢购活动、DNS解析折扣、SSL证书活动2、难得再次关注新网商家...

美国云服务器 1核 1G 100M 10G防御 39元/月 物语云计算

物语云计算(MonogatariCloud)是一家成立于2016年的老牌国人商家,主营国内游戏高防独服业务,拥有多家机房资源,产品质量过硬,颇有一定口碑。本次带来的是美国圣何塞 Equinix 机房的高性能I9-10980XE大带宽VPS,去程CN2GIA回程AS9929,美国原生IP,支持解锁奈飞等应用,支持免费安装Windows系统。值得注意的是,物语云采用的虚拟化技术为Hyper-V,资源全...

Spinservers:美国独立服务器(圣何塞),$111/月

spinservers是Majestic Hosting Solutions,LLC旗下站点,主营美国独立服务器租用和Hybrid Dedicated等,spinservers这次提供的大硬盘、大内存服务器很多人很喜欢。TheServerStore自1994年以来,它是一家成熟的企业 IT 设备供应商,专门从事二手服务器和工作站业务,在德克萨斯州拥有40,000 平方英尺的仓库,库存中始终有数千台...

permissiondenied为你推荐
百度爱好者学农业有前途吗?有经验人士谈一下. 动物科学专业怎样?vc组合天然维生素c和合成维生素c有区别吗7788k.com以前有个网站是7788MP3.com后来改成KK130现在又改网站域名了。有知道现在是什么域名么?巫正刚阿迪三叶草彩虹板鞋的鞋带怎么穿?详细点,最后有图解。高分求haole018.com为什么www.haole008.com在我这里打不开啊,是不是haole008换新的地址了?javbibinobibi的中文意思是?www.se222se.com请问http://www.dibao222.com这个网是做什么kb123.net连网方式:wap和net到底有什么不一样的www.zhiboba.com登录哪个网站可以看nba当天的直播 是直播www.15job.com南方人才市场有官方网站是什么?
网通服务器租用 linuxvps 息壤备案 老左博客 permitrootlogin sockscap 监控宝 万网优惠券 国外免费空间 ibox官网 全站静态化 网站cdn加速 hostloc 河南移动m值兑换 hktv 免费dns解析 新睿云 跟踪路由命令 便宜空间 监控服务器 更多