|
Since we couldn't get this to work in class. I took the liberty of learning how to do a basic IPSec setup on my
own. The following guide is a walkthrough on setting up IPSec for Telnet communication using Group Policy.
This walkthough is based on a install of Server 2008 R2 with one Windows 7 Enterprise x64 client installed using
Hyper-V. The server is functioning as a Domain Controller and the Win 7 client is joined to that domain.
Domain and Forest functional levels are set to Server 2008.
1) Add Telnet Client to Win 7 Machine
- Go to Control Panel > Programs and Features > Turn Windows features on or off
- A new window appears, scroll down the list till you find "Telnet Client", place a check mark in the
box and click "OK"
- Windows will install the feature
2) Add Telnet Server to Server 2008 Machine
- Go to Server Manager > Features > Add Features
- Select "Telnet Server" and click "Next", click "Install"
- Close the dialog box
3) Start the Telnet Service
- Windows Key + R and then type "services.msc"
- Locate the "Telnet" service and set it to run Automatically and start the service.
4) Test Telnet from Client to Server
- On your Win 7 machine open up a command prompt and type "telnet servername"
- You'll need to make sure the user credentials you are using are in the "TelnetClients" security group
- Type "dir" once connected to list contents of the directory you're in
- Type "exit" to exit
4) Make A New IPSec Policy in Group Policy
- Windows Key + R and type "gpmc.msc"
- Create a new Group Policy Object Called "IPSec Telnet"
- Right click the GPO and select "edit"
- Go to Computer Configuration > Policies > Windows Settings > Security Settings > IP Security Policies
- Right click in the Right Pane and choose "Create IP Security Policy"
- Click "Next" at the Welcome Screen
- Give the IP Policy the name "IPsec Telnet to client01" where client01 is the name of the client you want
to give secure telnet access to, and click "Next"
- Click "Next" at the Requests for Secure Communication Page
- Leave "Edit Properties" checked and click "Finish"
- Click on the "Add" button in the lower left to add a new Rule
- Click "Next"
- Leave the default settings for tunneling, click "Next"
- Leave "All Network Connections" selected and click "Next"
- Click "Add" on the right to add a new IP Filter for our rule
- Give the IP Filter the name "Telnet from client01" where client01 is the name of your Win7 client
- Click the "Add" button on the right, click "Next"
- Leave the option "Mirrored" checked and click "Next"
- For the source address use the dropdown box to select "A specific IP Address or Subnet", in the IP Address
box key in the IP address of your Win 7 client, click "Next"
- Under Destination address, select the "A specific IP Address or Subnet" option, in the IP Address box
key in the IP Address for your server which is the destination for the telnet traffic, click "Next"
- Under the protocol type select "TCP" and click next
- Leave "From any port" selected. Select the "To this port" radio button and enter 23 which is the port for
Telnet. Click Next
- Click "Finish", and click "OK" to confirm your filter
- Select your newly made IP Filter from the list and click "Next"
- On the filter action page click the "Add" button on the right, click "Next" on the initial welcome screen
- Give the Filter Action the name "Telnet to client01" where client 01 is your Win 7 client and hit "Next"
- Leave "Negotiate security" checked and hit "Next"
- Leave "Do not allow unsecured communication" selected and click "Next"
- Leave "Integrity and encryption" selected and hit "Next", click "Finish"
- Select your newly created filter action and click "Next"
- Leave Active Directory option selected and click "Next", click "Finish", and click "OK", and then "OK"
again
- In GPME right click your new policy (IPSec Telnet to client01 in our case) and choose "Assign"
- Link the GPO "IPSec Telnet" to the entire domain and close the GPMC
5) Update group policy on server and client
- On your Win 7 box and your server open a command prompt with administrative privledges and type
"gpupdate /force"
6) Telnet to your server from your client again
- On the Win 7 machine open a command prompt and type "telnet servername" where servername is the name of
your server
- Type "dir" to list directory contents
7) Check IPSec functionality on Server
- Open Server Manager > Configuration > Windows Firewall with Advanced Security > Monitoring > Security
Associations
- If you look under "Main Mode" and "Quick Mode" you should see your telnet session info as well as
encryption info.
That's pretty much it. I realize this is not an exhaustive guide, just a simple set up to get the ball rolling. |