minggj

server2008R2平台部署exchange2010

2010-12-15 14:17:32

实验环境：

VMware® Workstation 7.0.0 build-203739

Windows Server 2008 R2 Enterprise

Exchange 2010
实验拓扑：

DC配置：

IPv4 地址: 192.168.240.240/24

IPv4 默认网关: 192.168.240.2

DNS：192.168.240.240

Mail配置:

IPv4 地址: 192.168.240.241/24

IPv4 默认网关: 192.168.240.2

DNS：192.168.240.240
在DC和Mail上分别禁用IPV6，

1.打开注册表编辑器。

2.找到以下注册表子项：

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters

3.在详细信息窗格中单击“新建”，然后单击“DWORD (32 位) 值” 。

4.键入 DisabledComponents，然后按 Enter 键。

5.双击“DisabledComponents”，然后以十六进制格式键入 0xffffffff，或以十进制格式键入 4294967295。
注意0xffffffff 值或 4294967295 值将禁用除 IPv6 环回接口以外的所有 IPv6 组件。
在DC上安装AD

运行dcpromo安装活动目录，具体过程略。

将Mail加入DEMO域，

开始安装Exchange 2010：

类别：ms|阅读(1862)|回复(3)|赞(5)阅读全文>>

原创

ISA 2006 预共享密钥 L2TP IPSEC VPN

2010-09-02 16:23:58

实验环境：
Windows Server 2003 R2
ISA 2006 enterprise
Windows XP
实验拓扑：

ISA服务器操作系统为Windows Server 2003 R2，ISA版本为ISA 2006 enterprise，VPN客户端操作系统均为Windows XP，ISA server工作在工作组环境。

打开ISA server，选择阵列中的“虚拟专用网络（VPN）”如图

配置VPN客户端访问

启用VPN客户端访问，定义VPN客户端连接上限。
组标签页中添加应用IPSEC策略的用户组

类别：vpn|阅读(1001)|回复(1)|赞(1)阅读全文>>

原创

cisco ssl vpn

2009-12-15 00:45:44

实验环境：
GNS3 0.6
模拟CISCO 7200 ，IOS使用 c7200-advipservicesk9_li-mz.124-11.t.bin
VPN 客户端软件：sslclient-win-1.1.3.173.pkg
R0的F0/0连接cloud0，F1/0连接cloud1
Cloud0桥接到物理网卡，cloud1桥接到loopback网卡
VPC虚拟两台客户端client1，client2分别桥接到物理网卡和loopback网卡上
R0 F0/0：10.10.10.10/24 F1/0：172.16.1.1/24
Client1：10.10.10.100/24 default gateway：10.10.10.10
Client2：172.16.1.100/24 default gateway：172.16.1.1

R0上配置：
Connected to Dynamips VM "R0" (ID 0, type c7200) - Console port

% Please answer 'yes' or 'no'.
Would you like to enter the initial configuration dialog? [yes/no]: n

Press RETURN to get started!

Router>en
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#int f0/0
Router(config-if)#ip add 10.10.10.10 255.255.255.0
Router(config-if)#no shut
Router(config-if)#
*May 14 19:52:22.575: %LINK-3-UPDOWN: Interface FastEthernet0/0, changed state to up
*May 14 19:52:22.579: %ENTITY_ALARM-6-INFO: CLEAR INFO Fa0/0 Physical Port Administrative State Down
*May 14 19:52:23.575: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up
Router(config-if)#int f1/0
Router(config-if)#ip add 172.16.1.1 255.255.255.0
Router(config-if)#no shut
Router(config-if)#
*May 14 19:52:49.939: %LINK-3-UPDOWN: Interface FastEthernet1/0, changed state to up
*May 14 19:52:49.943: %ENTITY_ALARM-6-INFO: CLEAR INFO Fa1/0 Physical Port Administrative State Down
*May 14 19:52:50.939: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet1/0, changed state to up
Router(config-if)#exit
Router(config)#no ip domain-lookup
Router(config)#do ping 10.10.10.100
Translating "10.10.10.100"

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.10.100, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 12/74/124 ms
Router(config)#clock timezone beijing 8
Router(config)#
*May 14 19:55:57.727: %SYS-6-CLOCKUPDATE: System clock has been updated from 19:55:57 UTC Thu May 14 2009 to 03:55:57 beijing Fri May 15 2009, configured from console by console.
Router(config)#exit
Router#
*May 14 19:56:07.787: %SYS-5-CONFIG_I: Configured from console by console
Router#clock set 19:59:00 14 may 2009
Router#
*May 14 11:59:00.003: %SYS-6-CLOCKUPDATE: System clock has been updated from 03:59:01 beijing Fri May 15 2009 to 19:59:00 beijing Thu May 14 2009, configured from console by console.
Router#format disk0:
Format operation may take a while. Continue? [confirm]
Format operation will destroy all data in "disk0:". Continue? [confirm]
Format: Drive communication & 1st Sector Write OK...
Writing Monlib sectors.
.....................................................................................................................................................
Monlib write complete

Format: All system sectors written. OK...

Format: Total sectors in formatted partition: 130883
Format: Total bytes in formatted partition: 67012096
Format: Operation completed successfully.

Format of disk0 complete
Router#copy tftp disk0:
Address or name of remote host []? 10.10.10.100
Source filename []? sslclient-win-1.1.3.173.pkg
Destination filename [sslclient-win-1.1.3.173.pkg]?
Accessing tftp://10.10.10.100/sslclient-win-1.1.3.173.pkg...
Loading sslclient-win-1.1.3.173.pkg from 10.10.10.100 (via FastEthernet0/0): !!
[OK - 416354 bytes]

416354 bytes copied in 57.896 secs (7191 bytes/sec)
Router#dir disk0:
Directory of disk0:/

1 -rw- 416354 May 14 2009 20:04:42 +08:00 sslclient-win-1.1.3.173.pkg

66846720 bytes total (66428928 bytes free)
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#webvpn install svc disk0:/sslclient-win-1.1.3.173.pkg
SSLVPN Package SSL-VPN-Client : installed successfully

Router(config)#do dir disk0:
Directory of disk0:/

1 drw- 0 May 14 2009 20:06:48 +08:00 webvpn

66846720 bytes total (66424832 bytes free)
Router(config)#aaa new-model
Router(config)#aaa authentication login webvpn local
Router(config)#int loopback0
Router(config-if)#
May 14 12:24:38.399: %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback0, changed state to up
Router(config-if)#ip add 192.168.1.254 255.255.255.0
Router(config-if)#exit
Router(config)#ip local pool ssl-add 192.168.1.100 192.168.1.200
Router(config)#username cisco password cisco
Router(config)#webvpn gateway vpngateway
% Generating 1024 bit RSA keys, keys will be non-exportable...[OK]

Router(config-webvpn-gateway)#
May 14 12:26:47.963: %SSH-5-ENABLED: SSH 1.99 has been enabled
May 14 12:26:48.419: %PKI-4-NOAUTOSAVE: Configuration was modified. Issue "write memory" to save new certificate
Router(config-webvpn-gateway)#ip add 10.10.10.10 port 443
Router(config-webvpn-gateway)#inservice
Router(config-webvpn-gateway)#exit
Router(config)#webvpn context webcontext
Router(config-webvpn-context)#gateway vpngateway
Router(config-webvpn-context)#aaa authentication list webvpn
Router(config-webvpn-context)#inservice
Router(config-webvpn-context)#
May 14 12:28:31.235: %SSLVPN-5-UPDOWN: sslvpn context : webcontext changed state to UP
Router(config-webvpn-context)#policy group sslvpn-policy
Router(config-webvpn-group)#functions svc-enable
Router(config-webvpn-group)#svc address-pool ssl-add
Router(config-webvpn-group)#svc split include 172.16.1.0 255.255.255.0
Router(config-webvpn-group)#exit
Router(config-webvpn-context)#default-group-policy sslvpn-policy
Router(config-webvpn-context)#exit
Router(config)#exit
Router#
May 14 12:30:16.363: %SYS-5-CONFIG_I: Configured from console by console
Router#write memory
Building configuration...
[OK]
Router#

Client1上配置：

类别：vpn|阅读(1234)|回复(1)|赞(0)阅读全文>>

原创

cisco pptp vpn

2009-12-13 22:42:53

实验环境：
GNS3 0.6
模拟CISCO 7200 ，IOS使用 c7200-advipservicesk9_li-mz.124-11.t.bin
R0的F0/0连接cloud0，F1/0连接cloud1
Cloud0桥接到物理网卡，cloud1桥接到loopback网卡
VPC虚拟两台客户端client1，client2分别桥接到物理网卡和loopback网卡上
R0 F0/0：10.10.10.10/24 F1/0：172.16.1.1/24
Client1：10.10.10.100/24 default gateway：10.10.10.10
Client2：172.16.1.100/24 default gateway：172.16.1.1

R0上配置：
Connected to Dynamips VM "R0" (ID 0, type c7200) - Console port

% Please answer 'yes' or 'no'.
Would you like to enter the initial configuration dialog? [yes/no]: n

Press RETURN to get started!

Router>en
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#int f0/0
Router(config-if)#ip add 10.10.10.10 255.255.255.0
Router(config-if)#no shut
Router(config-if)#
*May 15 03:05:35.659: %LINK-3-UPDOWN: Interface FastEthernet0/0, changed state to up
*May 15 03:05:35.663: %ENTITY_ALARM-6-INFO: CLEAR INFO Fa0/0 Physical Port Administrative State Down
*May 15 03:05:36.659: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up
Router(config-if)#int f1/0
Router(config-if)#ip add 172.16.1.1 255.255.255.0
Router(config-if)#no shut
Router(config-if)#
*May 15 03:06:01.599: %LINK-3-UPDOWN: Interface FastEthernet1/0, changed state to up
*May 15 03:06:01.603: %ENTITY_ALARM-6-INFO: CLEAR INFO Fa1/0 Physical Port Administrative State Down
*May 15 03:06:02.599: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet1/0, changed state to up
Router(config-if)#exit
Router(config)#no ip domain-lookup
Router(config)#username cisco password cisco
Router(config)#ip local pool dhpool 192.168.1.100 192.168.1.200
Router(config)#vpdn enable
Router(config)#vpdn-group vpdn
Router(config-vpdn)#accept-dialin
Router(config-vpdn-acc-in)#protocol pptp
Router(config-vpdn-acc-in)#virtual-template 1
Router(config-vpdn-acc-in)#exit
Router(config-vpdn)#exit
Router(config)#int virtual-template 1
Router(config-if)#ip add 192.168.1.254 255.255.255.0
Router(config-if)#peer default ip add pool dhpool
Router(config-if)#ppp encrypt mppe 40
Router(config-if)#ppp authentication ms-chap
Router(config-if)#exit
Router(config)#exit
Router#
*May 15 03:41:26.339: %SYS-5-CONFIG_I: Configured from console by console
Router#write memory
Building configuration...
[OK]
Router#

Client1上创建VPN连接：
运行“rasphone”，

类别：vpn|阅读(520)|回复(0)|赞(0)阅读全文>>

原创

Cisco ios 备份、升级、灾难恢复

2009-12-12 21:50:09

实验环境：
Cisco 2950
Cisco 2950 vlan1 ip:192.168.1.200/24 tftp server:192.168.1.100/24

Cisco 2950上配置：

C2950 Boot Loader (C2950-HBOOT-M) Version 12.1(11r)EA1, RELEASE SOFTWARE (fc1)
Compiled Mon 22-Jul-02 17:18 by antonino
WS-C2950T-24 starting...
Base ethernet MAC Address: 00:12:d9:05:b3:80
Xmodem file system is available.
Initializing Flash...
flashfs[0]: 86 files, 3 directories
flashfs[0]: 0 orphaned files, 0 orphaned directories
flashfs[0]: To..

类别：cisco|阅读(774)|回复(0)|赞(0)阅读全文>>

原创

Cisco 2950密码恢复

2009-12-11 22:04:42

实验环境：
Cisco 2950

Cisco 2950上配置：

C2950 Boot Loader (C2950-HBOOT-M) Version 12.1(11r)EA1, RELEASE SOFTWARE (fc1)
Compiled Mon 22-Jul-02 17:18 by antonino
WS-C2950T-24 starting...
Base ethernet MAC Address: 00:12:d9:05:b3:80
Xmodem file system is available.

The system has been interrupted prior to initializing the
flash filesystem. The following commands will initialize
the flash filesystem, and finish loading the operating
system softwa..

类别：cisco|阅读(389)|回复(0)|赞(0)阅读全文>>

原创

提升域用户帐户在本地计算机上的权限

2009-12-10 22:42:14

工作在域模型下"domain users"组的用户，经常会因为没有写入权限等原因造成工作上的不便，应老同事需求具体说下方法，以达到自己动手，丰衣足食的目的。
要达到“我的电脑我做主”只要提升帐户在本地计算机上的权限就好了，"domain users"组的用户默认在本地用户组的"users"里，本地用户组"administrators"里默认只有"administrator"和"domain admins"，我们现在的任务就是强行更改本地计算机管理员帐户的密码，或新建一个本地计算机帐户然后将其提升为本地计算机管理员权限。实际环境很可能没..

类别：ms|阅读(5032)|回复(26)|赞(1)阅读全文>>

原创

思科设备加密和远程管理

2009-12-09 22:38:45

登录路由器即进入用户模式的口令

不进行身份验证
Router#config terminal
Router(config)#line console 0
Router(config-line)#login
Router(config-line)#password your password

进行身份验证
Router#config terminal
Router(config)#username user1 password password1
Router(config)#username user2 password password2
Router(config)#username user3 password password3
……
Router(config)#line console 0
Router(config)#login local

这样，当用户试图登录路由器时系统就会提示输入用..

类别：cisco|阅读(638)|回复(0)|赞(1)阅读全文>>

原创

基于IPV4的IP分类与子网划分

2009-12-08 22:19:18

关于IP地址的定义：
IP地址主要由网络号和主机号组成，使用32位二进制地址格式，为方便记忆将32位二进制分四段，每段8位中间用小数点隔开，再将每8位二进制转换为10进制来表示。

按网络规模的大小，IP地址空间划分为5个不同的地址类别：
A类：0xxx xxxx   0-127
B类：10xx xxxx   128-191
C类：110x xxxx   192-223
D类：1110 xxxx   224-239
E类：1111 0xxx    240-255

其中A、B、C三类常用，D类用于多点广播，E类保留实验使用。

IP地址的..

类别：随笔|阅读(144)|回复(0)|赞(0)阅读全文>>

自定义区块

minggj 的BLOG

博客统计信息

我最近发表的评论

最新评论

背景音乐

文章