CISCO AnyConnect 5.0 Tataiso e Sireletsehileng ea Basebelisi
CISCO AnyConnect 5.0 Client e sireletsehileng

Selelekela sa Tokomane

E entsoe ke:
Litlhaloso tsa likarolo tsa Cisco Systems, Inc.
170 Tasman Bophirima Dr.
San Jose, CA 95134

Tokomane ena e fana ka Tataiso ho basebeletsi ba IT bakeng sa TOE, Cisco Secure Client - AnyConnect 5.0 bakeng sa iOS 16. Tokomane ena ea Tataiso e kenyelletsa litaelo tsa ho kenya TOE ka katleho Tikolohong ea Ts'ebetso, litaelo tsa ho laola ts'ireletso ea TSF, le litaelo tsa ho fana ka tshireletso ya bokgoni ba tsamaiso.

Nalane ea Phetoho

Phetolelo Letsatsi Fetola
0.1 La 1 Motšeanong 2023 Phetolelo ea Pele
0.2 La 27 Phupu 2023 Lintlafatso

Cisco le logo ea Cisco ke matšoao a khoebo kapa matšoao a ngolisitsoeng a Cisco le/kapa mafapha a eona a US le linaheng tse ling. Ho view lethathamo la matšoao a khoebo a Cisco, e ea ho sena URL: Www.cisco.com/go/trademarks. Matshwao a kgwebo a motho wa boraro a boletsweng ke thepa ya beng ba ona. Tšebeliso ea lentsoe molekane ha e bolele kamano ea tšebelisano pakeng tsa Cisco le k'hamphani efe kapa efe. (1110R)

© 2023 Cisco Systems, Inc. Litokelo tsohle li sirelelitsoe.

Litaba pata
1 Selelekela
2 Mekhoa le Tataiso ea Ts'ebetso bakeng sa Tikoloho ea IT
3 Mekhoa ea Boitokisetso le Tataiso ea Ts'ebetso bakeng sa TOE
4 Qala Cisco Secure Client-AnyConnect
5 Tataiso ea Ts'ebetso bakeng sa TOE
6 Ho Fumana Litokomane le ho Romela Kopo ea Tšebeletso
7 Ikopanye le Cisco
8 Litokomane / Lisebelisoa
8.1 Litšupiso
9 Related Posts

Selelekela

Tataiso ena ea Ts'ebetso ea Ts'ebetso e nang le Mekhoa ea Boitokisetso e fana ka litokomane tsa tsamaiso ea Cisco Secure ClientAnyConnect v5.0 bakeng sa Apple iOS 16 TOE, joalo ka ha e netefalitsoe tlasa Melao e Tloaelehileng. Cisco Secure Client-AnyConnect v5.0 bakeng sa Apple iOS 16 e kanna ea hlalosoa ka tlase ke mantsoe a khutsufalitsoeng, mohlala, VPN Client kapa TOE feela.

Bamameli
Tokomane ena e ngoletsoe batsamaisi ba kenyang le ho hlophisa TOE. Tokomane ena e nka hore u tloaelane le mehopolo ea mantlha le mantsoe a sebelisoang ts'ebetsong ea marang-rang, 'me u utloisisa topology ea marang-rang le liprothokholo tseo lisebelisoa tsa marang-rang tsa hau li ka li sebelisang, hore u motho ea tšepahalang, le hore u koetliselitsoe ho sebelisa ts'ebetso. litsamaiso tseo u tsamaisang marang-rang a hau ho tsona.

Morero
Tokomane ena ke Tataiso ea Ts'ebetso ea Basebelisi e nang le Mekhoa ea Boitokisetso bakeng sa tlhahlobo ea Mekhoa e Tloaelehileng. E ngotsoe ho totobatsa ts'ebetso e khethehileng ea TOE le mesebetsi ea tsamaiso le li-interfaces tse hlokahalang ho lokisa le ho boloka TOE ho tlhophiso e hlahlobiloeng. Tokomane ena ha e reretsoe ho qaqisa liketso tse itseng tse entsoeng ke molaoli empa ke 'mapa oa litsela bakeng sa ho khetholla libaka tse loketseng ka har'a litokomane tsa Cisco ho fumana lintlha tse tobileng tsa ho lokisa le ho boloka ts'ebetso ea AnyConnect Secure Mobility Client. Litaelo tsohle tse amanang le ts'ireletso ea ho laola lintlha tsa TSF li fanoe ka har'a litokomane tsena ka har'a karolo ka 'ngoe ea ts'ebetso.

Litšupiso tsa Litokomane
Karolo ena e thathamisa litokomane tsa Cisco Systems tseo hape e leng karolo ea Lethathamo la Common Criteria Configuration Item (CI). Litokomane tse sebelisitsoeng li bontšitsoe ka tlase ho Lethathamo la 1. Ho pholletsa le tokomane ena, litataiso li tla boleloa ke "#", joalo ka [1].

Lethathamo la 1 Litokomane tsa Cisco

# Sehlooho Sehokelo
1 Cisco Secure Client (ho kenyeletsoa AnyConnect) Tataiso ea Tsamaiso, Release 5 https://www.cisco.com/c/en/us/td/docs/security/vpn_cli ent/anyconnect/Cisco-Secure-Client-5/admin/guide/b- cisco-secure-client-admin-guide-5-0.html
2 Tataiso ea Tsamaiso ea Cisco AnyConnect Mobile Platform, e lokollotsoe 4.1 https://www.cisco.com/c/en/us/td/docs/security/vpn_cli ent/anyconnect/anyconnect41/administration/guide/Cisc o_AnyConnect_Mobile_Administrator_Guide_4-1.html
3 Apple iOS User Guide bakeng sa Cisco AnyConnect Secure Mobility Client, Release 4.6.x https://www.cisco.com/c/en/us/td/docs/security/vpn_cli kenya/anyconnect/anyconnect46/user/guide/Apple_iOS_Any Connect_User_Guide_4-6-x.html
4 Lintlha tsa Phatlalatso bakeng sa Cisco AnyConnect Secure Mobility Client, Release 4.9 https://www.cisco.com/c/en/us/td/docs/security/vpn_cli kenya/anyconnect/anyconnect49/release/notes/tool- lintlha-anyconnect-4-9.html
5 Lintlha tsa Phatlalatso bakeng sa Cisco Secure Client (ho kenyeletsoa AnyConnect), Release 5 bakeng sa Apple iOS https://www.cisco.com/c/en/us/td/docs/security/vpn_cli ent/anyconnect/Cisco-Secure-Client- 5/release/notes/release-notes-apple-ios-cisco-secure- client-release-5-0.html

TOE Overview
TOE ke Cisco AnyConnect Secure Mobility Client (eo ka mor'a ho bitsoa VPN moreki, kapa TOE). Cisco AnyConnect Secure Mobility Client e fa basebelisi ba hole likhokahano tse sireletsehileng tsa IPsec (IKEv2) VPN ho Cisco 5500 Series Adaptive Security Appliance (ASA) VPN Gateway e lumellang lits'ebetso tse kentsoeng ho buisana joalokaha eka li hokahane ka kotloloho le marang-rang a khoebo.

Tikoloho ya Tshebetso
TOE e hloka tse latelang Likarolo tsa Tikoloho tsa IT ha TOE e hlophisoa ka tlhophiso ea eona e hlahlobiloeng:

Lethathamo la 2. Likaroloana tsa Tikoloho ea Ts'ebetso

Karolo Tšebeliso / Tlhaloso ea Morero
Matla a Setifikeiti Bolaodi ba Setifikeiti bo sebediswa ho fana ka disetifikeiti tse sebetsang tsa dijithale.
Mobile Platform TOE e its'etleha ho efe kapa efe ea li-platform tse latelang tse netefalitsoeng tsa Apple:
  • Apple iPhone 11/XR e sebelisang iOS 16
ASA 5500-X letoto la VPN Gateway Cisco ASA 5500-X e nang le software version 9.2.2 kapa hamorao e sebetsa e le makhalo a mantlha a VPN Gateway.
Sethala sa Tsamaiso ea ASDM ASDM 7.7 e sebetsa ho tsoa ho efe kapa efe ea mekhoa e latelang ea ts'ebetso:
  • Windows 7, 8, 10
  • Windows Server 2008, 2012, 2012 R2, 2016 le Server 2019
  • Apple OS X 10.4 kapa hamoraoHlokomela hore software eo ea ASDM e kentsoe sesebelisoa sa ASA 'me sethala sa tsamaiso se sebelisetsoa ho hokahanya le ASA le ho tsamaisa ASDM. Software e le 'ngoe feela e kentsoeng sethaleng sa tsamaiso ke Cisco ASDM Launcher.

Sethala sa motheo sa Mobile se fana ka tse ling tsa ts'ireletso e hlokahalang ho MOD_VPNC_V2.4] 'me se hlalosoa ho sebelisoa poleloana "TOE Platform" tokomaneng ena.

Cisco AnyConnect TOE e sebelisa lisebelisoa tsa marang-rang sethaleng sa OS ho romella le ho amohela lipakete tse patiloeng. TOE ha e fihlelle polokelong ea litaba tse hlokolosi.

Litšupiso tokomaneng ena ho "ASA" li bua ka VPN Gateway

Ts'ebetso e kenyelelitsoeng

Ts'ebetso e thathamisitsoeng ka tlase ha e kenyelelitsoe ho tlhophiso e hlahlobiloeng.

Lethathamo la 3. Ts'ebetso e sa Kenyellelitsoeng le Mabaka

Mosebetsi ha o Kenyelelitsoe Mabaka
Mokhoa oa ts'ebetso oa Non-FIPS 140-2 TOE e kenyelletsa mokhoa oa ts'ebetso oa FIPS. Mekhoa ea FIPS e lumella TOE ho sebelisa mongolo o amohetsoeng feela. Mokhoa oa ts'ebetso oa FIPS o tlameha ho lumelloa hore TOE e sebetse maemong a eona a hlahlobiloeng.
Tunnel ea SSL e nang le likhetho tsa DLTS [MOD_VPNC_V2.4] e lumella feela kotopo ea IPsec VPN.

Litšebeletso tsena li tla tingoa ka litlhophiso. Ho qheleloa ka thoko ho ts'ebetso ena ha ho ame ho latela melao e boletsoeng ea Protection Profiles.

Mekhoa le Tataiso ea Ts'ebetso bakeng sa Tikoloho ea IT

Ho sebetsa maemong a eona a hlahlobiloeng, TOE e hloka bonyane (1) Bolaoli ba Setifikeiti (CA), e le 'ngoe (1) VPN Gateway, le sesebelisoa se le seng (1) sa Apple iPhone.

Ho tšoana le tikoloho ea bareki ba PKI, tharollo ea CA ea mekhahlelo e 'meli e sebelisang Offline Root CA le Enterprise Subordinate CA e sebelisang Microsoft 2012 R2 Certificate Authority (CA) e tla bontšoa karolong ena. Lihlahisoa tse ling tsa CA sebakeng sa Microsoft li ka sebelisoa.

Root CA e hlophisitsoe joalo ka seva e ikemetseng (Sehlopha sa Mosebetsi) ha Subordinate CA e hlophisoa joalo ka karolo ea domain ea Microsoft e nang le lits'ebeletso tsa Active Directory tse lumelletsoeng. Setšoantšo se latelang se fana ka setšoantšo se bonahalang sa TOE le IT

Tikoloho. TOE ke sesebelisoa sa software se sebetsang ho iOS 13. Moeli oa TOE o bontšoa ke mohala o mofubelu oa hash. Sheba setšoantšo sa 1 ka tlase.

Setšoantšo sa 1. TOE le Tikoloho
TOE le Tikoloho

The Subordinate CA e fana ka litifikeiti tsa dijithale tsa X.509 mme e fana ka Lethathamo la Phekolo ea Setifikeiti (CRL) ho TOE Platform le VPN Gateway.
Ntle le moo, motso o le mong (1) oa Enterprise CA o ka sebelisoa.

  • Kenya le ho Hlophisa Bolaoli ba Setifikeiti

Haeba u sebelisa tharollo ea CA ea likarolo tse peli tsa Microsoft, kenya le ho lokisa Root (GRAYCA) le Enterprise Subordinate Certificate Authority (GRAYSUBCA1) ho latela tataiso e tsoang ho morekisi. E latelang ke tataiso ea mohato ka mohato bakeng sa tlhophiso ea Litšebeletso tsa Setifikeiti sa Microsoft Active Directory:

http://technet.microsoft.com/en-us/library/cc772393%28v=ws.10%29.aspx
Ho nahanoa ka bobeli setifikeiti sa Offline Root CA (GRAYCA) le litifikeiti tsa Enterprise Subordinate CA (GRAYSUBCA1) tse bontšitsoeng setšoantšong sa 1 li kentsoe ebile lia tšeptjoa ho netefatsa hore ho theoa setifikeiti se tšepahalang. Haeba u sebelisa CA ho tsoa ho morekisi e mong ntle le Microsoft, latela tataiso ea ho kenya CA ea morekisi eo.

Ho sa tsotelehe sehlahisoa sa CA se sebelisitsoeng, setifikeiti sa RSA ho ASA TŠOANELA ho ba le Tšebeliso e Ka sehloohong e latelang le thepa e Atolositsoeng ea Tšebeliso ea Key:

  • Tšebeliso ea bohlokoa: Tshaeno ea Dijithale, Tumellano ea Bohlokoa
  • EKU: Ts'ireletso ea IP IKE e bohareng, sistimi ea ts'ireletso ea IP

Likarolo tsa Lebitso la Sehlooho (SAN) ka har'a ECDSA le litifikeiti tsa RSA tse ho ASA TŠEBELE HO nyallana le lintlha tsa khokahano tse boletsoeng ka har'a pro ea AnyConnect.file ho moreki.

  • Kenya le ho Lokisa Sefako sa VPN

Kenya Cisco ASA 9.1 (kapa hamorao), ka boikhethelo le ASDM, ho latela litataiso tsa ho instola le lintlha tsa tokollo tse loketseng liphetolelo tse tla kengoa. ASDM e lumella ASA hore e laoloe ho tsoa ho sebopeho sa mosebelisi. Ntle le moo, haeba molaoli a rata, mehato ea tlhophiso e lekanang le ea CLI e ka sebelisoa.

Tlhokomeliso ea Tlhophiso: Kaha ho na le li-parameter tse laoloang ke ASA, Gateway Administrator o tlameha ho latela mehato e karolong ena ho netefatsa hore TOE e boemong ba eona bo hlahlobiloeng.

  • Numella AnyConnect le IKEv2 ho ASA. Ho ASDM, ea ho Configuration> Remote Access VPN> Network (Client) Access> AnyConnect Connection Pro.files ebe u khetha Numella Cisco AnyConnect lebokose la ho hlahloba 'me U lumelle ho fihlella tlas'a IKEv2.
    Mekhoa le Ts'ebetso
  • Ho AnyConnect Connection Profiles leqepheng le boletsoeng ka holimo, khetha Setifikeiti sa Sesebelisoa. Netefatsa hore Sebelisa setifikeiti sa sesebediswa se tshwanang... HA E hlahlojwe ebe o kgetha setifikeiti sa EC ID tlasa setifikeiti sa sesebediswa sa ECDSA. Ebe u khetha Ok.
    Mekhoa le Ts'ebetso
  • Theha leano la IKEv2 crypto u sebelisa li-algorithms tse lumelletsoeng ho tlhophiso e hlahlobiloeng e tloaelehileng. Ho ASDM, ea ho Configuration > Remote Access VPN > Network (Client) Access > E tsoetseng pele > IPsec > Melao ea IKE 'me u kenye leano la IKEv2.

Kgetha Eketsa ebe o kenya 1 bakeng sa ntho e tlang pele. Sebaka ke 1 ho isa ho 65535, 'me 1 e le eona e tlang pele ka ho fetisisa.

Encryption:
AES: E totobatsa AES-CBC e nang le encryption ea 128-bit bakeng sa ESP.
AES-256: E totobatsa AES-CBC e nang le encryption ea 256-bit bakeng sa ESP.
AES-GCM-128: E totobatsa mokhoa oa AES Galois Counter 128-bit encryption
AES-GCM-256: E totobatsa mokhoa oa AES Galois Counter 256-bit encryption

Sehlopha sa DH: Khetha sekhetho sa sehlopha sa Diffie-Hellman. Sena se sebelisoa ke thaka e 'ngoe le e' ngoe ea IPsec ho fumana sephiri se arolelanoang, ntle le ho se fetisetsa ho e mong. Likhetho tse nepahetseng ke: 19 le 20.

PRF Hash - Hlalosa PRF e sebelisoang bakeng sa kaho ea lisebelisoa tsa keying bakeng sa li-algorithms tsohle tsa cryptographic tse sebelisoang SA. Likhetho tse nepahetseng ke: sha256 le sha384

Ho sena mohlalaample configuration khetha:

 

Ntho ea bohlokoa: 1

Mokhoa oa AES Galois Counter (AES-GCM) 256-bit encryption: Ha GCM e khethoa, e thibela tlhoko ea ho khetha algorithm ea botšepehi. Sena ke hobane bokhoni ba 'nete bo hahiloe ho GCM, ho fapana le CBC (Cipher-Block Chaining).

Sehlopha sa Diffie-Hellman: 20
Integrity Hash: Null
PRF Hash: sha384
Bophelong: 86400
Mekhoa le Ts'ebetso

Khetha Ho lokile.

Tsebiso ea Mookameli: Tšebeliso ea Encryption efe kapa efe e Ekelitsoeng, DH-Group, Integrity kapa PRF Hash e sa thathamisitsoeng ka holimo ha e ea hlahlojoa.

Tsebiso ea Mookameli: Taba e tsoetseng pele e bonts'a paramente ea ts'ebetso ea matla ea IKE. Netefatsa hore paramethara ea Tšireletso ea Mokhatlo oa Tšireletso (SA) e hlahlojoe. Sena se tiisa hore matla a IKEv2 encryption cipher a phahametse matla a ngoana oa eona a IPsec SA's encryption ciphers. Li-algorithms tsa matla a phahameng li tla fokotsoa.

E lekanang le CLI ke: crypto ipsec ikev2 sa-strength-enforcement

  • Etsa tlhahiso ea IPSEC. Ho ASDM, ea ho Configuration > Remote Access VPN > Network (Client) Access > E tsoetseng pele > IPsec > IPsec Proposals (Transform Sets) 'me u kenye IKEv2 IPsec Proposal. ebe o kgetha OK.
    Ka mohlalaampLe ka tlase ho lebitso le sebelisitsoeng ke NGE-AES-GCM-256 e nang le AES-GCM-256 bakeng sa encryption le Null bakeng sa Integrity Hash:
    Mekhoa le Ts'ebetso
  • Theha 'mapa o matla oa li-crypto, khetha tlhahiso ea IPsec' me u sebelise sebopeho sa kantle. Ho ASDM, e ea ho Configuration> Remote Access VPN> Network (Client) Access> E tsoetseng pele> IPsec> Crypto Maps. Khetha Eketsa, khetha sebopeho sa kantle le tlhahiso ea IKEv2.
    Tobetsa Tab e tsoetseng pele. Netefatsa tse latelang:
    Thusa NAT-T -E nolofalletsa NAT Traversal (NAT-T) bakeng sa leano lena
    Tšireletso ea Mokhatlo oa Bophelo Bohle Setlhophiso - e behiloe ho lihora tse 8 (28800 metsotsoana)
  • Theha letamo la liaterese VPNUSERS e tla abeloa basebelisi ba VPN. Libaka tsa liaterese li na le likarolo tse latelang:
    Lebitso - E hlalosa lebitso le abetsoeng letamo la aterese ea IP.
    Ho qala Aterese ea IP - E totobatsa aterese ea pele ea IP ka letamong.
    Tlosa aterese ea IP - E totobatsa aterese ea ho qetela ea IP ka letamong.
    Subnet Mask - E khetha subnet mask ho e sebelisa ho liaterese tse ka letamong.

Ho ASDM, ea ho Configuration> Remote Access VPN> Network (Client) Access> Mosebetsi oa Aterese> Matamo a Liaterese ebe u eketsa letamo la IP le hlalosang likarolo tse ka holimo ebe u khetha Ok.

Kenya leano la sehlopha le tla sebelisa litlhophiso tse lakatsehang ho basebelisi ba VPN. Melao ea Sehlopha e u lumella ho laola maano a sehlopha sa AnyConnect VPN. Leano la sehlopha sa VPN ke pokello ea litšobotsi tse shebaneng le basebelisi / boleng bo bolokiloeng ka hare ho sesebelisoa sa ASA. Ho hlophisa leano la sehlopha sa VPN ho etsa hore basebelisi ba rue litšoaneleho tseo u sa li lokiselitseng ho sehlopha ka seng kapa boemo ba mosebelisi. Ka ho sa feleng, basebelisi ba VPN ha ba na mokhatlo oa leano la sehlopha. Lintlha tsa leano la sehlopha li sebelisoa ke lihlopha tsa lithanele tsa VPN le li-account tsa basebelisi. Ho ASDM, e ea ho Configuration > Remote Access VPN > Network (Client) Fihla > Mapolesa a Sehlopha le Eketsa leano la sehlopha sa ka hare. Netefatsa hore protocol ea VPN e behiloe ho IKEv2 mme letamo la IP le entsoeng ka holimo le boletsoe leanong ka ho khetha lebokose la ho hlahloba Lefa le ho khetha tlhophiso e nepahetseng. DNS e loketseng, WINS le mabitso a domain le tsona li ka eketsoa leanong la karolo ea Li-server.

Sheba mohlalaampleano la sehlopha NGE-VPN-GP ka tlase:
Mekhoa le Ts'ebetso

  • Theha lebitso la sehlopha sa kotopo. Sehlopha sa kotopo se na le maano a khokahano ea kotopo bakeng sa khokahano ea IPsec. Leano la khokahano le ka hlakisa netefatso, tumello, le li-server tsa accounting, leano la sehlopha sa kamehla, le litšoaneleho tsa IKE.

Ho ASDM, ea ho Configuration> Remote Access VPN> Network (Client) Access> AnyConnect Connection Pro.files. Botlaaseng ba leqephe tlas'a Connection Profiles, kgetha Eketsa.

Ka mohlalaample ka tlase ho lebitso la sehlopha sa kotopo NGE-VPN-RAS e sebelisoa.
Mekhoa le Ts'ebetso

Litšupiso tsa tlhophiso Netefatso ea Setifikeiti, leano la sehlopha le amanang le NGE-VPN-GP le Enable IPsec (IKEv2). DNS le domain name le tsona li ka eketsoa mona. Hape etsa bonnete ba hore IPsec feela e sebelisoa ka ho se hlahlobe hore na SSL VPN Client Protocol e thusa.

  • Theha 'mapa oa setifikeiti, ho etsa 'mapa oa basebelisi ba NGE VPN ho sehlopha sa VPN se neng se entsoe pele. 'Mapa oa setifikeiti o tla sebelisoa ho basebelisi ba AC. Boemong bona, lebitso le tloaelehileng la Subordinate CA le ile la bapisoa ho netefatsa hore kopo ea sethala sa TOE e tlang e nang le setifikeiti sa EC se fanoeng ho tsoa ho Subordinate CA e tla etsoa 'mapa ho sehlopha se nepahetseng sa lithanele se neng se entsoe pele. Basebelisi ba VPN ba sa fuoang setifikeiti ho tsoa ho EC CA ba tla khutlela ho lihlopha tsa lithanele tsa kamehla le
    hloleha ho netefatsa mme o tla hanelwa ho fihlella.
    Ho ASDM, ea ho Configuration> Remote Access VPN> E tsoetseng pele> Setifikeiti ho AnyConnect le Clientless SSL VPN Connection Pro.file Limmapa. Tlas'a Setifikeiti sa Khokahano ea Profile Limmapa khetha Eketsa. Khetha 'Mapa o teng oa DefaultCertificate ka bohlokoa ba 10 'me u supe sehlopha sa kotopo sa NGE-RAS-VPN.
    Mekhoa le Ts'ebetso
    Ho ASDM, ea ho Configuration> Remote Access VPN> E tsoetseng pele> Setifikeiti ho AnyConnect le Clientless SSL VPN Connection Pro.file Limmapa. Tlas'a Lintlha tsa 'Mapa khetha Eketsa. Kgetha Moetsi bakeng sa sebaka, Lebitso le Tloaelehileng (CN) bakeng sa karolo, E na le Operator, ebe o kgetha Ok.
    Mekhoa le Ts'ebetso
    Netefatsa hore o khetha SEBELISA leqepheng la sehlooho 'me U BOLOKE tlhophiso.
  • Lokisa ASA ho amohela likhokahano tsa VPN ho tsoa ho moreki oa AnyConnect VPN, sebelisa AnyConnect VPN Wizard. Wizate ena e lokisa liprothokholo tsa IPsec (IKEv2) VPN bakeng sa phihlello ea marang-rang e hole. Sheba litaelo mona:
    https://www.cisco.com/c/en/us/td/docs/security/asa/asa910/asdm710/vpn/asdm-710-vpnconfig/vpn-wizard.html#ID-2217-0000005b

Mekhoa ea Boitokisetso le Tataiso ea Ts'ebetso bakeng sa TOE

Ho kenya Cisco Secure Client-AnyConnect TOE, latela mehato e ka tlase:

  1. Bula App Store.
  2. Kgetha Batla
  3. Ka Lebokoseng la Lipatlisiso, kenya Cisco Secure Client-AnyConnect
  4. Tlanya INSTALL APP
  5. Kgetha Kenya

Qala Cisco Secure Client-AnyConnect

Tlanya aekhone ea Cisco Secure Client-AnyConnect ho qala ts'ebeliso. Haeba e le lekhetlo la pele u qala Cisco Secure Client-AnyConnect ka mor'a ho kenya kapa ho ntlafatsa, khetha OK ho nolofalletsa TOE ho atolosa bokhoni ba Virtual Private Network (VPN) ea sesebelisoa sa hau.

Netefatso ea Botšepehi

Netefatso ea Botšepehi e etsoa nako le nako ha sesebelisoa se kentsoe 'me se tla emela hore netefatso ea botšepehi e phethe. Litšebeletso tsa Cryptographic tse fanoeng ke sethala sa iOS li kopuoa ho netefatsa signature ea dijithale ea TOE's e ka sebetsoang. files. Haeba netefatso ea bots'epehi e hloleha ho phetheha ka katleho, GUI e ke ke ea kenya, e etsa hore sesebelisoa se se ke sa sebelisoa. Haeba netefatso ea botšepehi e atlehile, GUI ea app e tla kenya le ho sebetsa ka mokhoa o tloaelehileng.

Beakanya Reference Identifier

Karolo ena e totobatsa litlhophiso tsa sekhetho sa litšupiso bakeng sa peer ea VPN Gateway. Nakong ea netefatso ea IKE phase 1, TOE e bapisa sekhetho sa litšupiso le sesupo se hlahisitsoeng ke VPN Gateway. Haeba TOE e etsa qeto ea hore ha e lumellane, netefatso e ke ke ea atleha.

Kgetha Mahokelo ho tswa skrineng sa lapeng ho ya view dikeno tse seng di hlophisitswe sesebedisweng sa hao. Likenyo tse ngata tsa khokahano li ka thathamisoa, tse ling tlas'a sehlooho sa Per-App VPN. Likenyo tsa khokahano li ka ba le boemo bo latelang:

  • E lumelletsoe— Keno ena ea khokahano e lumelletsoe ke molaoli oa sesebelisoa sa mohala mme e ka sebelisoa ho hokela.
  • E sebetsa- Khokahano ena e tšoailoeng kapa e totobalitsoeng e ntse e sebetsa hajoale.
  • E hokahane— Khokahano ena ke eona e sebetsang 'me e ntse e hoketsoe ebile ea sebetsa.
  • E khaotsoe— Keno ena ea khokahano ke e sebetsang empa ha joale e khaotsoe 'me ha e sebetse.

Bakeng sa litaelo sheba ho "Eketsa kapa Fetola Kenyelletso ea Khokahano ka letsoho" karolo ea [3].

Lokisa Tšebeliso ea Setifikeiti

AnyConnect e hloka setifikeiti sa X.509. Sheba ho "Lokisa Litifikeiti" karolo ea [3].

Thibela li-server tse sa tšepahaleng

Tlhophiso ena ea sesebelisoa e etsa qeto ea hore na AnyConnect e thibela likhokahano ha e sa khone ho tseba tsela e sireletsehileng ea ho kena.
Tšireletso ena e BUTSE ka kamehla 'me ha ea lokela ho tingoa.

AnyConnect e sebelisa setifikeiti se amohetsoeng ho tsoa ho seva ho netefatsa lebitso la sona. Haeba ho na le phoso ea setifikeiti ka lebaka la letsatsi le felloang ke nako kapa le sa sebetseng, tšebeliso e fosahetseng ea linotlolo, kapa lebitso le sa lumellaneng, khokahanyo e thibetsoe.

Beha Mokhoa oa FIPS oa VPN
VPN FIPS Mode e sebelisa Federal Information Processing Standards (FIPS) cryptography algorithms bakeng sa likhokahano tsohle tsa VPN.

  1. Ho sesebelisoa sa Cisco Secure Client-AnyConnect, tlanya Litlhophiso.
  2. Tlanya FIPS Mode ho bulela peakanyo ena.

Ho fihlela litlhoko tsa cryptographic ho ST, mokhoa oa FIPS o tlameha ho lumelloa. Ka mor'a hore u netefatse phetoho ea mokhoa oa FIPS, sesebelisoa se tla tsoa 'me se tlameha ho qala hape ka letsoho. Ha u qala bocha, tlhophiso ea mokhoa oa FIPS e ea sebetsa.

Mokhoa o tiileng oa ho tšepa Setifikeiti

Tlhophiso ena e lokisa Cisco Secure Client-AnyConnect TOE ho hana setifikeiti sa pheletso ea VPN Gateway eo e ke keng ea e netefatsa ka bo eona.

  1. Ho tsoa fensetereng ea lapeng, tlanya Menu > Li-setting.
  2. Numella Mokhoa oa ho Tšepa Setifikeiti se Strict.

Kamora teko e latelang ea ho hokela, Strict Certificate Trust e tla bulela

Hlahloba ho Hlakola Setifikeiti

Tlhophiso ena e laola hore na Cisco Secure Client-AnyConnect TOE e tla fumana boemo ba ho hlakoloa ha setifikeiti se amohetsoeng ho tsoa ho VPN Gateway. Peakanyo ena e tlameha ho BULETSOE 'me ha ea lokela ho tingoa.

  1. Ho tsoa fensetereng ea lapeng ea AnyConnect, tlanya Menu > Litlhophiso.
  2. Numella ho Hlakola Setifikeiti sa Cheka ho nolofalletsa maemo ana.

Tataiso ea Ts'ebetso bakeng sa TOE

Theha Khokahano ea VPN

Sheba ho “Theha a Khokahano ea VPN" karolo ea [3].

Mookameli o lokela ho ela hloko melao e latelang PROTECT, BYPASS, le DISCARD mabapi le tšebeliso ea IPsec ho AnyConnect:

  • TS'IRELETSENG
    Kenyelletso bakeng sa PROTECT e lokisoa ka leano la sehlopha sa phihlello ho ASA ho sebelisoa ASDM. Bakeng sa lipehelo tsa PROTECT, sephethephethe se phalla ka har'a kotopo ea IPsec VPN e fanoeng ke TOE. Ha ho tlhophiso e hlokahalang bakeng sa kotopo ea TOE sephethephethe sohle. Mookameli ka boikhethelo a ka beha boitšoaro bona ka ho hlaka ka taelo ho Group Policy ea bona: split-tunnel-policy tunnelall.
  • TS'ELISO
    TOE e tšehetsa ts'ebetso ea BYPASS (ha ho arola kotopo ho lumelletsoe ka ho hlaka ke leano la Remote Access). Ha peiso ea ho arola e nolofalitsoe, ASA VPN Gateway e sutumelletsa lethathamo la likarolo tsa marang-rang ho TOE ho TS'IRELETSENG. Sephethephethe se seng kaofela se tsamaea se sa sireletsoa ntle le ho kenyelletsa TOE kahoo se feta tšireletso ea IPsec.
    Ho arola tunnel ho hlophisitsoe ho Leano la ho kena sehlopheng sa Network (Client). Mookameli o na le likhetho tse latelang:
    Ha e kenyeletsoe: Se kenyelletse feela marang-rang a boletsoeng ke split-tunnel-network-list
    Lithanele tse boletsoeng: Mananeo a marang-rang feela a boletsoeng ke lenane la marang-rang a arohaneng Sheba karolo ea "About Configuring Split Tunneling for AnyConnect Traffic" ho tataiso ea tlhophiso ea ASDM ea VPN 'me u bone mehato e fanoeng karolong ea "Configure Split-Tunneling for AnyConnect Traffic". Kamora ho etsa liphetoho ho leano la sehlopha ho ASDM, etsa bonnete ba hore pholisi ea sehlopha e amahanngoa le Connection Profile ho Tlhophiso > Phihlello ya Remoutu VPN > Netweke (Client) Phihlello > AnyConnect Connection Profiles > Eketsa/Edita > Leano la Sehlopha. Likenyo tsa BYPASS SPD li fanoa ke sethala sa moamoheli ka melao e hlakileng ea tumello ea sephethephethe sa marang-rang. Ha ho tlhophiso e hlokahalang sethaleng sa TOE ho e lumella ho fetisa sephethephethe sena.
  • LAHLA
    Melao ea DISCARD e etsoa feela ke sethala sa TOE. Ha ho na sebopeho sa tsamaiso bakeng sa ho hlakisa molao oa DISCARD.

Lekola le ho Rarolla Mathata

Sheba ho Lekola le ho Rarolla Mathata karolo ea [3].

E tsoa ho Cisco Secure Client-AnyConnect
Ho tsoa ka har'a sesebelisoa ho emisa khokahano ea VPN ea hajoale mme ho emisa lits'ebetso tsohle tsa TOE. Sebelisa ts'ebetso ena ka hloko. Lisebelisoa tse ling kapa lits'ebetso tse sesebelisoa sa hau li ka sebelisa khokahano ea VPN ea hajoale le ho tsoa ho Cisco Secure Client-AnyConnect app ho ka ama ts'ebetso ea tsona hampe.

Ho tsoa fensetereng ea lapeng, tlanya Menu > Tsoa.

Tšehetso ea Cryptographic
TOE e fana ka li-cryptography ho tšehetsa IPsec e nang le ESP symmetric cryptography bakeng sa bongata ba AES encryption/decryption le SHA-2 algorithm bakeng sa hashing. Ho phaella moo, TOE e fana ka cryptography ho tšehetsa phapanyetsano ea bohlokoa ea Diffie Hellman le ts'ebetso ea ho tsoa e sebelisoang ho IKEv2 le ESP protocol. Litaelo tsa ho hlophisa mesebetsi ea li-cryptographic li hlalositsoe karolong ea "Mekhoa le Tataiso ea Ts'ebetso bakeng sa Tikoloho ea IT" ea tokomane ena.

Lintlafatso tse Tšeptjoang

Karolo ena e fana ka litaelo tsa ho amohela TOE ka mokhoa o sireletsehileng le lintlha life kapa life tse latelang tsa TOE. "Lintlafatso" ke mofuta o mocha oa TOE.

Phetolelo ea TOE e ka botsoa ke mosebelisi. Ho tsoa skrineng sa lapeng, tlanya "About". Phetolelo e ka botsoa hape ka sethala sa mobile:

  • iPhone: Bula Litlhophiso 'me u ee ho Kakaretso> Tšebeliso. Tlas'a Storage, fumana Cisco Secure Client Any Connect ebe o tlanya. Lintlha tsa mofuta ona li tla hlahisoa.

Lintlafatso ho Cisco Secure Client-AnyConnect TOE li laoloa ke Apple App Store ho sebelisa mokhoa o ka tlase.

Hlokomela: Pele o ntlafatsa sesebelisoa sa hau, o tlameha ho hakolla seboka sa VPN haeba se se se thehiloe, 'me u koale sesebelisoa haeba se butsoe. Haeba u hloleha ho etsa sena, ho hlokahala ho qala sesebelisoa sa hau pele u sebelisa mofuta o mocha oa Cisco Secure Client-AnyConnect TOE.

  1. Tlanya letšoao la App Store leqepheng la lehae la iOS.
  2. Tlanya tsebiso ea ntlafatso ea Cisco Secure Client-AnyConnect.
  3. Bala ka likarolo tse ncha.
  4. Tobetsa Update.
  5. Kenya password ea hau ea Apple ID.
  6. Tlanya HO LOKILE.

Ntlafatso e ntse e tsoela pele.

Ho Fumana Litokomane le ho Romela Kopo ea Tšebeletso

Ho fumana leseli mabapi le ho fumana litokomane, ho sebelisa Cisco Bug Search Tool (BST), ho fana ka kopo ea ts'ebeletso, le ho bokella lintlha tse ling, bona Ke eng e ncha ho Cisco Product Documentation.

Ho amohela litaba tsa tekheniki tse ncha le tse ntlafalitsoeng tsa Cisco ka kotloloho komporong ea hau, o ka ingolisa ho Ke eng e Ncha ho Cisco Product Documentation RSS feed. Liphepelo tsa RSS ke tšebeletso ea mahala.

Ikopanye le Cisco

Cisco e na le liofisi tse fetang 200 lefatšeng ka bophara. Liaterese, linomoro tsa mohala le linomoro tsa fekse li thathamisitsoe ho Cisco website at www.cisco.com/go/offices.

Letšoao la CISCO

Litokomane / Lisebelisoa

CISCO AnyConnect 5.0 Client e sireletsehileng [pdf] Bukana ea Mosebelisi
5.0 bakeng sa iOS 16, AnyConnect 5.0 Secure Client, 5.0 Client e Sireletsehileng, Client e Sireletsehileng, Client

Litšupiso

Related Posts

Tlohela maikutlo

Aterese ea hau ea lengolo-tsoibila e ke ke ea phatlalatsoa. Libaka tse hlokahalang li tšoailoe *