VPN user accesses the VPN server in the domain through ISA (CA certificate)

Source: Internet
Author: User

In general, VPN users are connected to the VPN server is to enter the password, if so, in some public places when the password is likely to cause leakage of passwords, resulting in unnecessary losses. Password Authentication protocol Although the hardware requirements are not as high as the Challenge Handshake protocol, however, in terms of security, it is still a distance from the challenge handshake agreement. The specific authentication protocol to be used, the user should be judged according to their security level. The experiment I did today is that when a VPN user connects to a VPN server outside the network to access resources within the domain, it does not need to enter a password, but authenticates the VPN user through the CA server.

Experimental environment: Beijing intranet domain controller, DNS server, CA server, RADIUS server, IP 10.1.1.1.shanghai for ISA Server, VPN server intranet network card IP for 10.1.1.254, External network card 192.168.0.199,tianjin for the external network of clients, IP for 192.168.0.123. Note: Shanghai in workgroup environment

Since CA authentication is so sure to be supported by a certificate to implement a CA encryption connection, first install the certificate and the certificate is installed on the domain controller. How do I install the certificate?

First, install CA Certificate Server

First start--settings--Control Panel--Add removal program--Add or remove Windows Components--Certificate Services. The following dialog box appears next.

We issue an enterprise root certificate

Name of the company that wrote the certificate. We're defined as "itet."

After clicking "Next", the wizard prompts to install this book must suspend Interbet service, we choose "Yes"

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.