毕业论文论文范文课程设计实践报告法律论文英语论文教学论文医学论文农学论文艺术论文行政论文管理论文计算机安全
您现在的位置: 毕业论文 >> 英语论文 >> 正文

IPv6在校园网中的应用-IP安全分析 第11页

更新时间:2009-6-5:  来源:毕业论文
IPv6在校园网中的应用-IP安全分析 第11页
Type a semicolon at the end of the entry configuring this security policy. Policy entries must be placed in decreasing numerical order.
3. On Host 1, edit the .sad file, adding SA entries to secure all traffic between Host 1 and Host 2. Two security associations must be created, one for traffic to Host 2 and one for traffic from Host 2
The following table shows the first SA entry that is added to zzq.sad (for traffic to Host 2):
.sad file field name  Example value
SAEntry 2
SPI 3001
ADestIPAddr 1::2e0:4cff:fe95:792f
DestIPAddr POLICY
SrcIPAddr POLICY
Protocol POLICY
DestPort POLICY
SrcPort POLICY
AuthAlg HMAC-MD5
KeyFile Test
Direction OUTBOUND
SecPolicyIndex 1
Type a semicolon at the end of the entry configuring this SA.
The following table shows the second SA entry that is added to zzq.sad (for traffic from Host 2):
.sad file field name Example value
SAEntry 1
SPI 3000
SADestIPAddr 1::20d:87ff:fe2d:e6e5
DestIPAddr POLICY
SrcIPAddr POLICY
Protocol POLICY
DestPort POLICY
SrcPort POLICY
AuthAlg HMAC-MD5
KeyFile Test
Direction INBOUND
SecPolicyIndex 1
Type a semicolon at the end of the entry configuring this SA. SA entries must be placed in decreasing numerical order.
4. On Host 1, create a file that contains data used to create and validate the Message Digest 5 (MD5) keyed hash on each IPSec-protected packet that is exchanged with Host 2. In this example, a text file is used. Test is created with the contents This is a test. There are no extra characters, spaces, or lines.
The IPv6 protocol supports only manually configured keys for quick mode SAs (also known as IPSec or Phase II SAs), because main mode negotiation through Internet Key Exchange (IKE) is not performed. Manual keys are configured by creating files that contain either the text or binary data of the manual key. In this example, the same key for the SAs is used in both directions. You can use different keys for inbound and outbound SAs by creating different key files and referencing them with the KeyFile field in the .sad file.
5. On Host 2, use the ipsec6 s command to create blank security association (.sad) and security policy (.spd) files. In this example, the Ipsec6.exe command is ipsec6 s test. This creates two files with blank entries for manually configuring security associations (zhqz.sad) and security policies (zhqz.spd).
 
图表 5 4
6. On Host 2, edit the .spd file, adding a security policy that secures all traffic between Host 2 and Host 1.
The following table shows the security policy entry that is added to zhqz.spd before the first entry (the first entry in zhqz.spd is not modified):
.spd file field name Example value
Policy 2
Remote IPAddr 1::20d:87ff:fe2d:e6e5
LocalIPAddr - *
Protocol - *
RemotePort - *
LocalPort - *
IPSecProtocol AH
IPSecMode TRANSPORT
RemoteGWIPAddr *
SABundleImdex NONE
Direction BIDIRECT
Action APPLY
InterfaceIndex 0
Type a semicolon at the end of the entry configuring this security policy. Policy entries must be placed in decreasing numerical order
7. On Host 2, edit the .sad file, adding SA entries to secure all traffic between Host 2 and Host 1. Two security associations must be created: one for traffic to Host 1 and one for traffic from Host 1.
The following table shows the first SA entry that is added to zhqz.sad (for traffic to Host 1):
.sad file field name Example value
SAEntry 2
SPI 3001
SADestIPAddr 1::20d:87ff:fe2d:e6e5
DestIPAddr POLICY
SrcIPAddr POLICY
协议 POLICY
DestPort POLICY
SrcPort POLICY
AuthAlg HMAC-MD5
KeyFile Test
Direction OUTBOUND
SecPolicyIndex 2
Type a semicolon at the end of the entry configuring this SA.
The following table shows the second SA entry that is added to zhqz.sad (for traffic from Host 1):
.sad file field name Example value
SAEntry 1
SPI 3000
SADestIPAddr 1::2e0:4cff:fe95:792f
DestIPAddr POLICY
SrcIPAddr POLICY
Protocol POLICY
DestPort POLICY
SrcPort POLICY
AuthAlg HMAC-MD5
KeyFile Test
Direction INBOUND
SecPolicyIndex 2
Type a semicolon at the end of the entry configuring this SA. SA entries must be placed in decreasing numerical order.
8. On Host 2, create a text file that contains a text string that is used to authenticate the SAs created with Host 1. In this example, Test is created with the contents This is a test. There are no extra characters, spaces, or lines.
9. On Host 1, use the ipsec6 l command to add the configured security policies and SAs from the .spd and .sad files. In this example, the ipsec6 l zzq command is run on Host 1
10. On Host 2, use the ipsec6 l command to add the configured security policies and SAs from the .spd and .sad files. In this example, the ipsec6 l zhqz command is run on Host 2
11. On Host 2, use the ping command to ping Host 1's link-local address.
12. If you use Network Monitor to capture the traffic, you should see the exchange of ICMPv6 Echo Request and Echo Reply messages, with an Authentication Header (AH) listed between the IPv6 header and the ICMPv6 header.

 << 上一页  [11] [12] 下一页

IPv6在校园网中的应用-IP安全分析 第11页下载如图片无法显示或论文不完整,请联系qq752018766
设为首页 | 联系站长 | 友情链接 | 网站地图 |

copyright©youerw.com 优文论文网 严禁转载
如果本毕业论文网损害了您的利益或者侵犯了您的权利,请及时联系,我们一定会及时改正。