HNG DN CU HNH VPN SERVER TRN WINDOWS SERVER 2003 MC LC 1. Ci t windows server 2003 v update cc service pack 2.

Cu hnh VPN server 3. Cu hnh Nat 4. Cu hnh Filter Do nhu cu bo mt khi truy cp vo cc server ca cng ty t cc mng public khng ng tin cy ca cc thnh vin trong cng ty. Mt knh kt ni m ha d liu cn c thit lp trn cc mng public khng ng tin cy cn c xy dng, gip cho d liu m cc thnh vin truyn i trn mng khi truy cp vo cc server ca cng ty c m ha. V th, yu cu t ra l cu hnh mt VPN server + NAT v thng qua VPN server ny cc remote client c th truy cp cc ti nguyn cng ty trn mng public c an ton. 1. Ci t windows server 2003 v update sevice pack 2. Cu hnh VPN Vo Control Panel > Aministrator tools > Routing and Remote Access, ca s Routing and Remote Access hin ra.

Nhp phi trn CONGDAT (local) chn Configure And Enable Routing And Remote Access.

Sau khi mn hnh Welcome to the routing and remote access server setup winzard hin ra, ta nhnNext.

Chn mc Remote access (dial-up or vpn). Tip tc Nhn Next

Ti y ta config server VPN nn ta chn mc VPN nh hnh trn, tip tc nhn Next

Ti ca s tip theo ny, wizard a ra cc la chn cho ta chn card mng no l card mng external (card mng i c internet). V cng ti ca s ny, ta c th enable hoc disable security trn interface external (Enable security on the select interface by setting up static packet filters), nu ta check mc ny, th tt c client khng the kt ni c vo vpn server v mc nh, firewall s chn t c cc kt ni ca client vo vpn sever. V th ti mc ty chn ny ,ta c th uncheck (ta c th cu hnh mc ny sau khi cu hnh VPN hon tt ), d dng debug li. Tip tc nhn nt Next.

Ti y, ta c th cu hnh server VPN cp ip mng Internal cho client khi client kt ni vpn vo thnh cng, c 2 ty chn y Automatically : Nu mng internal c sn mt DHCP, th ta chn ty chn ny DHCP cp lun ip cho cc client khi client kt ni VPN vo. Nu chn ty chn ny, bn phi khai bo DHCP server trong mc DHCP relay agent sau khi cu hnh vpn hon tt. From a specified range of addresses : chn ty chn ny gip ta ch nh mt dy ip s c cp cho client khi client kt ni vo vpn server. Trong c 2 trng hp, cc ip cp cho client khi client kt ni vpn vo l dy ip internal ca vpn server. Ti y ta chn From a specified range of addresses. Nhp Next n ca s k tip. ca s k tip, ta khai bo dy ip internal s cp cho client khi client kt ni vo vpn. Nhn next n ca s k tip.

Nu trong mng hin thi c sn mt RADIUS server dng xc thc remote client, ta c th chn Yes, ngc li chn NO, v Routing And Remote Access c th t xc thc cc remote client khi client k ni vo VPN server. y ta chn No, use Routing and Remote Access to authenticate connection requests Nhn next n ca s k tip.

Nhn Finish hon tt. 3. Cp Account VPN client Trn Desktop, nhp phi chut ln My Computer, chn manage, trong mc Local user and group > user, chn menu Action > new user

Chn nh hnh v, client khi connect vao vpn server s phi i li password ca acount v client s t qun l password account ca mnh. Trn panel bn phi, nhp phi vo user testvpn m ta mi va to, chn Properties.

Trong hp thai Properties. Trong phn Remote access permission (Dial-in or VPN) : chn Allow Access Trong phn Assign a static ip address : Chon check box ny v nhp a ch ip s c cp cho client (ip internal) Trong phn Apply Static Routes : chn check box ny v nhp vo Button Static routes. Ca s Static routes hin ra, nhp a mng v subnet mng ca network internal. Luu : phi chn check box static routes v nhp a ch mng, th khi , cc client kn ni vo VPN server mi c cp a ch ip m set trn. 4. Cu hnh Nat client c th i internet thng qua kt ni vpn va setup trn, ta cn phi setup Nat trn VPN server, khi client kt ni vo VPN server thnh cng, cc remote client trn c bn tr thnh mt thnh vin ca mng Local Area Network, v th khi cc client i internet, cn qua mt con Nat tn VPN server. Trong mc IP Routing, nhp phi chut ln General chn New Routing Protocol

Trong ca s New Routing Protocol, chn Nat/Basic Firewall, chn Ok. Trn Panel bn tri, trong mc IP routing. Chn Nat/Basic Firewall, trn panel bn phi, nhp phi chut trn vng trng chn New Interface

Trong ca s New interface, ln lt chn tt c cc interface. u tin chn interface Wan v nhn Ok, sau chn nh hnh bn di

Ta chn nh trn v interface ny l interface wan kt ni vi internet, nn Nat s chy trn interface ny. Tng t cho cc interfacecn li:Internal v Local area network nhng cc ty chn mc nh v nhn ok. 4.Cu hnh Filter Cu hnh firewall l mt trong nhng yu cu trong vic cu hnh VPN server. y, ta ch cu hnh mc cn bn(Basic Firewall) m Windows service 2003 cho php trn Nat. Yu cu ca vic cu hnh Firewall. Trn interface External Chn tt c cc port, ch cho php cc port sau i thng qua: + Port: 1723, port ca VPN + Protocol 47: Protocol GRE dng xc thc remote client + Port 3389: port remote desktop, ch cho php cc ip ng tin cy s dng port ny + ICMP: ch cho php cc ip ng tin cy mi c th ping ti VPN server Cu hnh Trn Panel bn tri, chn m rng IP Routing, chn mc Nat/Basic Firewall, trn Panel bn phi, nhp phi chut trn interface Wan, chn Properties, ca s Properties hin ra, nhp Button Inbound Filters

Nhn Button New ln lt setup cc rule m cho php cc gi tin no c i thng qua interface wan, sau khi setup hon tt, chn radio button Drop all packets except those that meet the criteria below.