5.permissiondenied

permissiondenied  时间:2021-03-17  阅读:()
CopyrightIBMCorporation2010TrademarksHeterogeneousIPSecsolutionbetweenAIXandWindowsPage1of14HeterogeneousIPSecsolutionbetweenAIXandWindowsAntoA.
JohnAkshayKaushikAugust24,2010Internetsecurityisamajorconcern.
InternetProtocolSecurity(IPSec)isaframeworkforasetofprotocolsthathelpsyouimplementsecurityattheIPpacketlevel.
IPSecworksacrossheterogeneousenvironmentstocreatesecuretunnelsforsafertransactions.
ThisarticletalksaboutwhatyoucangainfromconfiguringIPSectoaheterogeneousenvironmentbetweenAIXandWindows.
IntroductionIPSec(InternetProtocolSecurity)isaprotocolforsecuringIPcommunication.
ItauthenticatesandencryptseachIPpacketflowingthroughthenetwork.
Thisisparticularlyimportantwhenyoutrytointeroperatebetweendisparatesystemswithouttheworryofsecurityrisksbetweenthem.
Avirtualprivatenetwork(VPN)isanextensionofanenterprise'sprivateintranetacrossapublicnetworksuchastheInternet,creatingasecureprivateconnectionessentiallythroughaprivatetunnel.
VPNssecurelyconveyinformationacrosstheInternetconnectingremoteusers,branchoffices,andBusinessPartnersintoanextendedcorporatenetwork.
InaVPN,therearesecurityexposureseverywherealonganend-to-endpath:onthedial-uplink,inanISP'saccessbox,intheInternet,inthefirewallorrouter,andeveninthecorporateintranet.
Hence,therearisesaneedforthisVPNtobeprotected.
TheInternetEngineeringTaskForcehasrecommendedthatthetunneltrafficshouldbeprotectedwiththeIPSecprotocols.
HeterogeneityonendpointsinaVPNisextremelyhigh,anditdemandsthattheIPSecsolutionshouldworkwellwithheterogeneoussystemsandenvironments.
Hence,thisarticledealswiththeAIXIPSecsolutionandtheirconfigurationwithWindowsasanotherendpointtoshowcasetheheterogeneouscapabilityofthissolution.
ConfiguringWindows2000forIPSecTheconfigurationofIPSecforWindows2000requiresthecreationofthetunnelparametersandthekindofencryptionusingtheIPSecsnap-ins.
developerWorksibm.
com/developerWorks/HeterogeneousIPSecsolutionbetweenAIXandWindowsPage2of14CreateacustomMMCconsoleTheWindows2000machinecanbeconfiguredandmonitoredusingtheMMC(MicrosoftManagementConsole).
IPSecsnap-insneedtobeaddedtothisconsole.
1.
FromtheWindowsdesktop,clickStart,clickRun,andintheOpentextboxtypemmc.
ClickOK.
2.
OntheFilemenu,clickAdd/RemoveSnap-in.
3.
IntheAdd/RemoveSnap-indialogbox,clickAdd.
4.
IntheAddStandaloneSnap-indialogbox,clickIPSecurityPolicyManagement,andthenclickAdd.
5.
VerifythatLocalComputerisselected,andclickFinish.
6.
IntheAddStandaloneSnap-indialogbox,clickIPSecurityMonitor,andthenclickAdd.
7.
ToclosetheAddStandaloneSnap-indialogbox,clickClose.
8.
ToclosetheAdd/RemoveSnap-indialogbox,clickOK.
9.
SavethisasIPSec.
mscforfutureuse.
IPSecSnap-inCreatingIPSecpoliciesInthisstep,wecreateanddefinetheIPSecpoliciesusingtheWindowsmachinethatnegotiateswiththeothermachines.
1.
IntheMMCConsole,right-clickIPSecurityPoliciesonLocalMachine,andthenclickCreateIPSecurityPolicy.
TheIPSecurityPolicyWizardappears.
ibm.
com/developerWorks/developerWorksHeterogeneousIPSecsolutionbetweenAIXandWindowsPage3of14IPSecurityPolicyWizard2.
ClickNext.
3.
TypePolicy1asthenameofyourpolicy,andclickNext.
4.
CleartheActivatethedefaultresponserulecheckbox,ifyouwouldliketosetyourownrules,andthenclickNext.
5.
MakesuretheEditPropertiescheckboxisselected(itisbydefault),andthenclickFinish.
developerWorksibm.
com/developerWorks/HeterogeneousIPSecsolutionbetweenAIXandWindowsPage4of14IPSecPolicy1created6.
InthePropertiesdialogboxforthepolicyyouhavejustcreated,ensurethatUseAddWizardcheckboxinthelower-rightcornerisselected,andthenclickAddtostarttheSecurityRuleWizard.
7.
ClickNexttoproceedthroughtheSecurityRuleWizard,whichyoustartedattheendoftheprevioussection.
8.
SelectThisruledoesnotspecifyatunnel,(selectedbydefault)andthenclickNext.
9.
SelecttheradiobuttonforAllnetworkconnections,(selectedbydefault)andclickNext.
Creatingfilterrules1.
IntheIPFilterListdialogbox,clickAdd.
AnemptylistofIPfiltersisdisplayed.
NameyourfilterPolicy1FilterList.
ibm.
com/developerWorks/developerWorksHeterogeneousIPSecsolutionbetweenAIXandWindowsPage5of14IPFilterListPolicy1FilterList2.
MakesureUseAddWizardisselectedinthecenter-rightareaofthescreenandthenclickAdd.
ThisstartstheIPFilterWizard.
3.
ClickNexttocontinue.
4.
AcceptMyIPAddressasthedefaultsourceaddressbyclickingNext.
developerWorksibm.
com/developerWorks/HeterogeneousIPSecsolutionbetweenAIXandWindowsPage6of145.
ChooseASpecificIPaddressfromthedrop-downlistbox;enteryourPartnersIPAddress.
Here,youcanmakeIPSeccommunicatewithmultiplehosts,aswellbydefiningasubnet,andthenclickNext.
6.
ClickNexttoaccepttheprotocoltypeofAny.
7.
MakesuretheEditPropertiescheckboxiscleared(thisisthedefaultsetting),andclickFinish.
8.
ClickClosetoleavetheIPFilterListdialogboxandreturntotheNewRuleWizard.
9.
IntheFilterListdialogbox,selecttheradiobuttonnexttoPolicy1FilterList.
Policy1FilterListcreated10.
ClickNextforconfiguringfilteraction.
ConfiguringfilteractionInthissection,wedefinethedifferentactionswhichthefiltersperform.
1.
IntheFilterdialogshowninFilterActionfigure,clicktoselecttheUseAddWizardcheckbox,andthenclickAdd.
ibm.
com/developerWorks/developerWorksHeterogeneousIPSecsolutionbetweenAIXandWindowsPage7of14FilterAction2.
ClickNexttoproceedthroughtheFilterActionWizard.
3.
NamethisfilteractionPolicy1FilterActionandclickNext.
4.
IntheFilterActionGeneralOptionsdialogbox,selectNegotiateSecurity,andthenclickNext.
5.
ClickDonotcommunicatewithcomputersthatdonotsupportIPSecfromthenextwizardpage,andthenclickNexttosecureyourmachinefromintruders.
6.
SelectCustomfromthelistofsecuritymethods,andthenclicksettings.
ThissectiongivesyouopportunitytoselectwhetheryouwouldliketohaveasecuritymethodwithAH(AuthenticationHeader)orwithESP(EncapsulatingSecurityPayload).
7.
SelectEncryptionalgorithmandhashingalgorithmyouwanttouseinyourIPSectunnelstoencryptthedata.
ClickOKtocomeoutofCustomSettings.
8.
ClickNext.
developerWorksibm.
com/developerWorks/HeterogeneousIPSecsolutionbetweenAIXandWindowsPage8of14Selectingsecuritymethods9.
MakesuretheEditPropertiescheckboxiscleared(thisisthedefaultsetting),andthenclickFinishtoclosethiswizard.
10.
IntheFilterActiondialog,clicktheradiobuttonnexttoPolicy1FilterAction,andthenclickNext.
11.
IntheAuthenticationmethod,selecttheradiobuttonnexttoUsethisstringtoprotectthekeyexchange(presharedkey).
Youcanalsospecifythecertificatesifyoudon'twishtousethesymmetricpresharedkeys.
12.
GivethepresharedkeyyouwanttouseforauthenticationinIPSectunnel(forexample12345)andclickNext.
13.
MakesuretheEditpropertiescheckboxiscleared(thisisthedefaultsetting)andthenclickFinish.
Youhavejustconfiguredthefilteractionthatwillbeusedduringnegotiationswithyourpartner.
Notethatyoucanre-usethisfilteractioninotherpolicies.
14.
InthePropertiespagethatisnowdisplayed,clickClose.
YouhavesuccessfullyconfiguredanIPSecPolicy.
ibm.
com/developerWorks/developerWorksHeterogeneousIPSecsolutionbetweenAIXandWindowsPage9of14IPSecPolicy1createdAssigningpolicyRightclickonthepolicyyouhavejustcreatedandclickAssign.
Policy1assignedasIPSecSecurityPolicyConfiguringAIXforIPSecFortheIPSecnegotiationtogothrough,weneedtoopenupafewportsandprotocolsonthefirewall.
Theyare:developerWorksibm.
com/developerWorks/HeterogeneousIPSecsolutionbetweenAIXandWindowsPage10of14PortsandprotocolsforIPSec-UDPport500(forISAKMPtraffic)Protocol-IPProtocol50(forESPtraffic)-IPProtocol51(forAHtraffic)-Andanyotherportaccordingtoyourenvironment.
AIXIPSecprerequisitesInstallAIXIPSecsoftwareandputonlatestIPSecpatches:IPSecfilesetsbos.
msg.
en_US.
net.
ipsecbos.
net.
ipsec.
keymgtbos.
net.
ipsec.
rtebos.
net.
ipsec.
websmbos.
crypto-privgskak.
rteTostarttheIPsecurityonAIX,runthefollowingcommand:Smittyipsec4------->start/stopIPSecurity-startIPSecurityStartIPsecurityTypeorselectvaluesinentryfields.
PressEnterAFTERmakingalldesiredchanges.
[EntryFields]StartIPSecurity[NowandAfterReboot]DenyAllNon_SecureIPPackets[no]PressEntertostarttheIPsecurity.
RunthefollowingcommandtocheckthestateoftheIPSecdevices.
#lsdev-CcipsecBoththedevicesshouldbeintheavailablestate(ipsec_v4andipsec_v6).
#lsdev-Ccipsecipsec_v4AvailableIPVersion4SecurityExtensionipsec_v6AvailableIPVersion6SecurityExtensionToconfiguretheIPSeconAIX,wefirstneedtocreatetheIPSecconfigurationfile.
ThisfileshouldbeinXMLfileformat.
SampleXMLfile(SavethefilewiththenameIPSECpolicy1)UpdatenewIPSecconfigurationintheIKEdatabase1.
WefirstneedtoremovethepreviousIPSecconfigurationintheIKEdatabase,andthenputthenewconfigurationfileintheikedb.
2.
Toremovethepreviousconfiguration,runthefollowingcommand:#ikedb-xP1_ITDdatabasecreatedsuccessfullyP2_ITDdatabasecreatedsuccessfullyP1_PREKEYdatabasecreatedsuccessfullyPROPOSAL_LISTdatabasecreatedsuccessfullyPROPOSALdatabasecreatedsuccessfullyPOLICYdatabasecreatedsuccessfullyGROUPdatabasecreatedsuccessfullyNDBM:/etc/ipsec/inet/DB/privkey3.
Toputthenewconfigurationfileinthedatabase,runthefollowingcommand:#ikedb-pIPSECpolicy1Checkifallthethreedaemons(tmd,isakmpdandcpsd)arerunning.
Thetmddaemontakescareofthetunnelmanagement,andtheisakmpddaemontakescareoftheIKEnegotiation.
Ifwearenotusingcertificatesforauthentication,thereisnoneedforthecpsddaemontorun.
Tostartthedaemons,runthefollowingcommand:#startsrc-gike0513-059ThecpsdSubsystemhasbeenstarted.
SubsystemPIDis434304.
0513-059ThetmdSubsystemhasbeenstarted.
SubsystemPIDis315554.
0513-059TheisakmpdSubsystemhasbeenstarted.
SubsystemPIDis401504.
Runthefollowingcommandtocheckifthedaemonsarestartedornot.
Ifthedaemonisstarted,thestatusofthatdaemonshouldbeactive.
#lssrc-gikeSubsystemGroupPIDStatuscpsdike241894activetmdike315550activeisakmpdike319648activeRunthefollowingcommandtocheckifanyIPSectunnelisactive:#ikecmd=listNotunnelsmatchyourrequest.
Ifyoudonotfindthetunnelsbetweenthemachinesyouactuallyintendtohavethetunnel,thenrunthefollowingcommandtoactivatethetunnels:#ikecmd=activatePhase2tunnel1activaterequestinitiated.
ibm.
com/developerWorks/developerWorksHeterogeneousIPSecsolutionbetweenAIXandWindowsPage13of14Nowtheikecmdcommandshouldlistthestateofthetunnelsforyou.
#ikecmd=listPhaseTunIdStatusLocalIdRemoteId11Dormant9.
124.
101.
1389.
124.
101.
17521Dormant9.
124.
101.
1389.
124.
101.
175Weneedtopingtheremotehosttoactivatethetunnels.
Oneortwopingrequestmaybedenieduntilthetunnelsbecomeactive.
Therequestswillbesuccessfulfromthenon.
#ping9.
124.
101.
175PING9.
124.
101.
175(9.
124.
101.
175):56databytesping:sendto:Permissiondeniedping:wrote9.
124.
101.
17564chars,ret=-164bytesfrom9.
124.
101.
175:icmp_seq=1ttl=255time=0ms64bytesfrom9.
124.
101.
175:icmp_seq=2ttl=255time=0ms64bytesfrom9.
124.
101.
175:icmp_seq=3ttl=255time=0msNowyouhavecreatedasuccessfulAIXtoWindowsIPSectunnelthatcanbefurtherusedforsecurecommunicationoverthenetwork.
ConclusionThisarticleshowcasestheabilityofAIXIPSectoworkacrossheterogeneousenvironments.
SimilartotheWindowsIPSecconfigurationreviewedinthisarticle,youcantryusingotheroperatingsystemstocommunicatesecurelywithAIXusingIPSec.
Doingsocanprovidegreatersecurityinaninsecurepublicnetworkwithheterogeneoussystems.
developerWorksibm.
com/developerWorks/HeterogeneousIPSecsolutionbetweenAIXandWindowsPage14of14RelatedtopicsAnIllustratedGuidetoIPSecpSeriesandAIXInformationCenterInternetInformationServices(IIS)7.
0Administrator'sPocketConsultantbyWilliamR.
StanekStep-by-stepguidetoInternetProtocolSecurity(IPSec)Windows2000ServerCopyrightIBMCorporation2010(www.
ibm.
com/legal/copytrade.
shtml)Trademarks(www.
ibm.
com/developerworks/ibm/trademarks/)

月费$389,RackNerd美国大硬盘独立服务器

这次RackNerd商家提供的美国大硬盘独立服务器,数据中心位于洛杉矶multacom,可选Windows、Linux镜像系统,默认内存是64GB,也可升级至128GB内存,而且硬盘采用的是256G SSD系统盘+10个16TSAS数据盘,端口提供的是1Gbps带宽,每月提供200TB,且包含5个IPv4,如果有需要更多IP,也可以升级增加。CPU核心内存硬盘流量带宽价格选择2XE5-2640V2...

Friendhosting全场VDS主机45折,虚拟主机4折,老用户续费9折

Friendhosting发布了今年黑色星期五促销活动,针对全场VDS主机提供45折优惠码,虚拟主机4折,老用户续费可获9折加送1个月使用时长,优惠后VDS最低仅€14.53/年起,商家支持PayPal、信用卡、支付宝等付款方式。这是一家成立于2009年的老牌保加利亚主机商,提供的产品包括虚拟主机、VPS/VDS和独立服务器租用等,数据中心可选美国、保加利亚、乌克兰、荷兰、拉脱维亚、捷克、瑞士和波...

萤光云(20元/月),香港CN2国庆特惠

可以看到这次国庆萤光云搞了一个不错的折扣,香港CN2产品6.5折促销,还送50的国庆红包。萤光云是2002年创立的商家,本次国庆活动主推的是香港CN2优化的机器,其另外还有国内BGP和高防服务器。本次活动力度较大,CN2优化套餐低至20/月(需买三个月,用上折扣+代金券组合),有需求的可以看看。官方网站:https://www.lightnode.cn/地区CPU内存SSDIP带宽/流量价格备注购...

permissiondenied为你推荐
在线教育平台中小学在线教育平台ip购买IP内地长途费是什么意思??硬盘工作原理硬盘跟光盘的工作原理?75ff.com开机出现www.ami.com是什么?怎么解决啊嘀动网动网和爱动网各自的优势是什么?51sese.com谁有免费电影网站www.baitu.com我看电影网www.5ken.com为什么百度就不上关键字呢haole012.com012.com网站真的可以挂Q升级吗?机器蜘蛛求一个美国的科幻电影名!里面有大型的机械蜘蛛。pp43.com登录www.bdnpxzl.com怎么进入网站后台啊
香港虚拟空间 域名批量查询 免费动态域名 香港托管 68.168.16.150 外国域名 gitcafe 12u机柜尺寸 京东云擎 789电视网 免费防火墙 免费测手机号 免费网页申请 流媒体加速 重庆电信服务器托管 中国域名 免费网络空间 国外免费云空间 香港博客 windowsserverr2 更多