Professional Documents
Culture Documents
Tìm hiểu mạng riêng ảo VPN
Tìm hiểu mạng riêng ảo VPN
Gii php VPN (Virtual Private Network) c thit k cho nhng t chc c xu hng tng
cng thng tin t xa v a bn hot ng rng (trn ton quc hay ton cu). Ti nguyn
trung tm c th kt ni n t nhiu ngun nn tit kim c c chi ph v thi gian.
Trong hnh minh ha trn, kt ni gia Vn phng chnh v Vn phng t xa l loi VPN Intranet,
kt ni gia Vn phng chnh vi i tc kinh doanh l VPN Extranet.
Bo mt trong VPN
Tng la (firewall) l ro chn vng chc gia mng ring v Internet. Bn c th thit lp cc
tng la hn ch s lng cng m, loi gi tin v giao thc c chuyn qua. Mt s sn
phm dng cho VPN nh router 1700 ca Cisco c th nng cp gp nhng tnh nng ca
tng la bng cch chy h iu hnh Internet Cisco IOS thch hp. Tt nht l hy ci tng la
tht tt trc khi thit lp VPN.
Mt m truy cp l khi mt my tnh m ha d liu v gi n ti mt my tnh khc th ch c my
mi gii m c. C hai loi l mt m ring v mt m chung.
Mt m ring (Symmetric-Key Encryption): Mi my tnh u c mt m b mt m ha gi tin
trc khi gi ti my tnh khc trong mng. M ring yu cu bn phi bit mnh ang lin h vi
nhng my tnh no c th ci m ln , my tnh ca ngi nhn c th gii m c.
Mt m chung (Public-Key Encryption) kt hp m ring v mt m cng cng. M ring ny ch c
my ca bn nhn bit, cn m chung th do my ca bn cp cho bt k my no mun lin h
(mt cch an ton) vi n. gii m mt message, my tnh phi dng m chung c my tnh
ngun cung cp, ng thi cn n m ring ca n na. C mt ng dng loi ny c dng rt
ph bin l Pretty Good Privacy (PGP), cho php bn m ha hu nh bt c th g.
Giao thc bo mt giao thc Internet (IPSec) cung cp nhng tnh nng an ninh cao cp nh cc
thut ton m ha tt hn, qu trnh thm nh quyn ng nhp ton din hn.
IPSec c hai c ch m ha l Tunnel v Transport. Tunnel m ha tiu (header) v kch thc
ca mi gi tin cn Transport ch m ha kch thc. Ch nhng h thng no h tr IPSec mi c
th tn dng c giao thc ny. Ngoi ra, tt c cc thit b phi s dng mt m kha chung v
cc tng la trn mi h thng phi c cc thit lp bo mt ging nhau. IPSec c th m ha d
liu gia nhiu thit b khc nhau nh router vi router, firewall vi router, PC vi router, PC vi
my ch.
My ch AAA
AAA l vit tt ca ba ch Authentication (thm nh quyn truy cp), Authorization (cho php) v
Accounting (kim sot). Cc server ny c dng m bo truy cp an ton hn. Khi yu cu
thit lp mt kt ni c gi ti t my khch, n s phi qua my ch AAA kim tra. Cc
thng tin v nhng hot ng ca ngi s dng l ht sc cn thit theo di v mc ch an
ton.
Sn phm cng ngh dnh cho VPN
Ty vo loi VPN (truy cp t xa hay im-ni-im), bn s cn phi ci t nhng b phn hp
thnh no thit lp mng ring o. c th l:
- Phn mm cho desktop ca my khch dnh cho ngi s dng t xa.
- Phn cng cao cp nh b x l trung tm VPN hoc firewall bo mt PIX.
- Server VPN cao cp dnh cho dch v Dial-up.
- NAS (my ch truy cp mng) do nh cung cp s dng phc v ngi s dng t xa.
- Mng VPN v trung tm qun l.
B x l trung tm VPN
C nhiu loi my x l VPN ca cc hng khc nhau, nhng sn phm ca Cisco t ra vt tri
mt s tnh nng. Tch hp cc k thut m ha v thm nh quyn truy cp cao cp nht hin nay,
my x l VPN c thit k chuyn bit cho loi mng ny. Chng cha cc module x l m ha
SEP, cho php ngi s dng d dng tng dung lng v s lng gi tin truyn ti. Dng sn
phm c cc model thch hp cho cc m hnh doanh nghip t nh n ln (t100 cho n 10.000
im kt ni t xa truy cp cng lc).
ring (khng nh tuyn) bn trong mt gi khc dng a ch IP chung (nh tuyn) m rng mt
mng ring trn Internet.
K thut Tunneling trong mng VPN im-ni im
Trong VPN loi ny, giao thc m ha nh tuyn GRE (Generic Routing Encapsulation) cung cp
c cu "ng gi" giao thc gi tin (Passenger Protocol) truyn i trn giao thc truyn ti
(Carier Protocol). N bao gm thng tin v loi gi tin m bn nag m ha v thng tin v kt ni
gia my ch vi my khch. Nhng IPSec trong c ch Tunnel, thay v dng GRE, i khi li ng
vai tr l giao thc m ha. IPSec hot ng tt trn c hai loi mng VPN truy cp t xa v imni-im. Tt nhin, n phi c h tr c hai giao din Tunnel.
Khai bo a ch IP.
13. Nhn Next. Trn trang Add Exclusions, nhn Next.
14. Trn trang Lease Duration, nhn Next.
15. Trn trang Configure DHCP Options, nhn Yes, I want to configure DHCP options now.
16. Nhn Next. Trn trang Router (Default Gateway), nhn Next.
17. Trn trang Domain Name and DNS Servers, nhp vo dng example.com trong mc Parent
domain. Nhp 172.16.0.1 trong a ch IP ri nhn Add.
18. Nhn Next. Trn trang WINS Servers, nhn Next.
19. Trn trang Activate Scope, nhn Yes, I want to activate the scope now.
20. Nhn Next. Trn trang Completing the New Scope Wizard, nhn Finish.
21. Ci t Certificate Services lm mt CA gc vi tn Example CA bng cch dng Control Panel
=> Add or Remove Programs.
22. M Active Directory Users and Computers.
23. Trong cy th mc, chn example.com.
24. Nhn chut phi vo Users, chn Computer.
25. Trong hp thoi New Object Computer, nhp IAS1 trong mc Computer name.
26. Nhn Next. Trong hp thoi Managed, nhn Next. Trong hp thoi New Object Computer, nhn
Finish.
27. Dng cc bc t 24 n 26 to thm ti khon my tnh vi cc tn IIS1, VPN1 v
CLIENT1.
Policy.
11. Trn trang Welcome to the New Remote Access Policy Wizard, nhn Next.
12. Trn trang Policy Configuration Method, nhp VPN remote access to intranet vo Policy name.
1. Ci t Windows Server 2003, Standard Edition cho my vi t cch l server thnh vin mang
tn VPN1 trong domain example.com.
2. M th mc Network Connections.
3. i vi kt ni ni b Intranet, t li tn kt ni thnh "Mang Cong ty". i vi kt ni ni b
Internet, t li tn kt ni thnh "Internet".
4. nh cu hnh giao thc TCP/IP cho kt ni Mang Cong ty vi a ch IP l 172.16.0.4, mng cp
di (subnet mask) l 255.255.255.0 v a ch IP cho my ch DNS l 172.16.0.1.
5. nh cu hnh giao thc TCP/IP cho kt ni Internet vi a ch IP l 10.0.0.2 v mng cp di l
255.255.255.0.
6. Chy trnh Routing v Remote Access t th mc Administrative Tools.
7. Trong cy chng trnh, nhn chut phi vo VPN1 v chn Configure and Enable Routing and
Remote Access.
8. Trn trang Welcome to the Routing and Remote Access Server Setup Wizard, nhn Next.
9. Trn trang Configuration, Remote access (dial-up or VPN) c la chn mc nh.
10. Nhn Next. Trn trang Remote Access, chn VPN.
11. Nhn Next. Trn trang VPN Connection, nhn vo giao dien Internet trong Network interfaces.
12. Nhn Next. Trn trang IP Address Assignment , ch Automatically c chn mc nh.
13. Nhn Next. Trn trang Managing Multiple Remote Access Servers, nhn vo Yes, set up this
server to work with a RADIUS server.
14. Nhn Next. Trn trang RADIUS Server Selection, g 172.16.0.2 trong Primary RADIUS server
v m b mt chung trong Shared secret.
15. Nhn Next. Trn trang Completing the Routing and Remote Access Server Setup Wizard, nhn
Finish.
16. Bn s nhn c message nhc phi nh cu hnh DHCP Relay Agent.
17. Nhn OK.
18. Trong cy chng trnh, m VPN1 (local), sau l IP Routing v k tip l DHCP Relay Agent.
Nhn chut phi vo DHCP Relay Agent ri chn Properties.
19. Trong hp thoi DHCP Relay Agent Properties, g 172.16.0.1 trong Server address.
20. Nhn Add ri OK.
CLIENT1
CLIENT1 l my tnh chy Windows XP Professional, hot ng nh mt my khch VPN v truy
cp t xa n cc ti nguyn trong Intranet thng qua mng Internet. nh cu hnh cho
CLIENT1 lm my khch, bn thc hin cc bc sau:
1. Kt ni CLIENT1 vi phn on mng Intranet.
2. Trn my CLIENT1, ci t Windows XP Professional nh l mt my tnh thnh vin c tn
CLIENT1 thuc domain example.com.
3. Thm ti khon VPNUser trong domain example.com vo nhm Administrators.
4. Ri h thng (log off) ri vo li (log on), s dng ti khon VPNUser trong domain example.com.
5. T Control Panel-Network Connections, t cc c im trn kt ni Local Area Network, sau
t cc c im trn giao thc TCP/IP.
6. Nhn vo th Alternate Configuration ri chn User configured.
7. Trong a ch IP, g 10.0.0.1. Ti Subnet mask, g 255.255.255.0.
8. Nhn OK lu cc thay i i vi giao thc TCP/IP. Nhn OK lu cc thay i i vi kt
ni Local Area Network.
9. Tt my CLIENT1.
10. Ngt CLIENT1 khi mng Intranet v kt ni n vi phn on mng Internet.
11. Khi ng li my CLIENT1 v log on bng ti khon VPNUser.
12. Trn my CLIENT1, m th mc Network Connections t Control Panel.
13. Trong Network Tasks, chn Create a new connection.
14. Trn trang Welcome to the New Connection Wizard ca New Connection Wizard, nhn Next.
15. Trn trang Network Connection Type, nhn Connect to the network at my workplace.
16. Nhn Next. Trn trang Network Connection, nhn Virtual Private Network connection.
17. Nhn Next. Trn trang Connection Name, g PPTPtoCorpnet trong Company Name.
18. Nhn Next. Trn trang VPN Server Selection , g 10.0.0.2 ti Host name or IP address.
19. Nhn Next. Trn trang Connection Availability, nhn Next.
20. Trn trang Completing the New Connection Wizard, nhn Finish. Hp thoi Connect
PPTPtoMangCongty hin ra.
21. Nhn vo mc Properties ri nhn vo th Networking.
22. Trn th Networking, Type of VPN, nhn PPTP VPN.
23. Nhn OK lu cc thay i i vi kt ni PPTPtoMangcongy. Hp thoi PPTPtoMangcongy
hin ra.
24. Trong User name, g example/VPNUser. Ti Password, g mt khu ca bn cho ti khon
VPNUser.
25. Nhn Connect.
26. Khi kt ni hon tt, chy Internet Explorer.
27. Nu Internet Connection Wizard nhc, nh cu hnh n cho kt ni LAN. Address, g
http://IIS1.example.com/winxp.gif. Bn s nhn thy hnh nh ca Windows XP.
28. Nhn Start > Run, g \\IIS1\ROOT ri nhn OK. Bn s thy cc ni dung ca C: trn my
IIS1.
29. Nhn chut phi vo kt ni PPTPtoMangcongty ri nhn vo Disconnect.
T.H.
Chng ta s dng m hnh thc nghim vi 5 my tnh ng cc vai tr khc nhau. y l con s ti
thiu chy c VPN im-ni-im. Trn thc t, quy m ca tng mng LAN v my ch ca
VPN s ln hn nhiu, nh thm nh quyn truy cp, kim sot domain, IAS... Gi s mng ny l
ca cng ty XYZ vi hai LAN H Ni v TP HCM. My khch u TP HCM ang cn gi ti vn
phng H Ni.
Tn my tnh
Vai tr
- My ch VPN
- Router tr li
Router Internet
- My ch VPN
- Router gi
a ch IP
CLIENT1
172.16.4.3
172.16.4.1
My tnh/Giao din
a ch IP
10.1.0.2
10.1.0.1
10.2.0.2
10.2.0.1
a ch IP
172.16.56.1
CLIENT2
172.16.56.3
3. a. Trn giao din To the Internet, g 10.1.0.2 mc IP address, 255.255.0.0 Subnet mask v
10.1.0.1 mc Default gateway.
3. b. Trn giao din To Hanoi intranet, g 172.16.4.1 IP address, 255.255.255.0 Subnet mask
v Default gateway b trng.
- Windows Firewall v Routing and Remote Access khng th chy ng thi trn mt my ch
VPN nn nu Windows Firewall c bt ln, bn phi tt i. Nu dch v Windows Firewall/Internet
Connection Sharing (ICS) thit lp t ng trc khi nh cu hnh Routing and Remote Access,
bn cng phi tt i.
1. Nhn vo Administrative Tools > Services.
2. Trong bng hin th chi tit ca Services, nhn chut phi vo Windows Firewall/Internet
Connection Sharing (ICS), chn Properties.
3. Nu Startup Type l Automatic hay Manual, chn li l Disabled.
4. Nhn OK hai ln lu thay i.
ROUTER2
- Cc thuc tnh TCP/IP
1. M Network Connections trong Control Pannel, nhn chut phi vo ri chn Properties.
2. Trn th General, chn Internet Protocol (TCP/IP), nhn vo Properties.
3. a. Trn giao din To the Internet, g 10.2.0.2 mc IP address, 255.255.0.0 Subnet mask v
10.2.0.1 mc Default gateway.
3. b. Trn giao din To Hanoi intranet, g 172.16.56.1 IP address, 255.255.255.0 Subnet
mask v Default gateway b trng.
- Tt Windows Firewall nh vi ROUTER1.
nh cu hnh cho router Internet
1. M Network Connections trong Control Pannel, nhn chut phi vo ri chn Properties.
2. Trn th General, chn Internet Protocol (TCP/IP), nhn vo Properties.
3.a. Trn giao din To Router1, g 10.1.0.1 mc IP address, 255.255.0.0 mc Subnet mask.
3.b. Trn giao din To Router2, g 10.2.0.1 mc IP address, 255.255.0.0 mc Subnet mask.
4. Vo Administrative Tools, chn Routing and Remote Access v m trnh Routing and Remote
Access Microsoft Management Console (MMC).
5. Nhn chut phi vo INTERNET (local) trong cy chng trnh ri nhn vo Configure and
Enable Routing and Remote Access.
6. Nhn Next trn trang Routing and Remote Access Server Setup Wizard.
7. Trn trang Configuration, chn Custom configuration.
8. Nhn Next. Trn trang Custom Configuration, chn LAN routing.
9. Nhn Next. Trn trang Completing the Routing and Remote Access Server Setup, nhn Finish >
Yes khi ng dch v.
Tt Windows Firewall nh vi ROUTER1.
Kim tra
- Trn ROUTER1, ping a ch IP 10.2.0.2. Vic ny thnh cng.
- Trn CLIENT2, ping a ch IP 172.16.4.3. Vic ny khng thnh cng v CLIENT1 khng lin lc
c vi CLIENT2 bng phn on mng Internet m phng, cho ti khi kt ni VPN im-ni-im
hon thnh.
Thit lp VPN im-ni-im theo giao thc PPTP
- nh cu hnh VPN cho router tr li
1. Trn ROUTER1, nhn vo Administrative Tools, chn Routing and Remote Access.
2. Nhn chut phi vo ROUTER1 (local) trong cy chng trnh, chn Configure and Enable
Routing and Remote Access.
3. Nhn Next trn trang Routing and Remote Access Server Setup Wizard.
4. Trn trang Configuration, chn Remote access (dial-up or VPN).
5. Nhn Next. Trn trang Remote Access, chn VPN.
6. Nhn Next. Trn trang VPN Connection, chn To the Internet, nh du vo Enable security on
the selected interface by setting up static packet filters.
7. Nhn Next. Trn trang IP Address Assignment, chn From a specified range of addresses.
8. Nhn Next. Trn trang Address Range Assignment, nhn New.
9. Trong hp thoi New Address Range, lm cc vic sau:
a. G 172.16.100.1 Start IP address
b. G 172.16.100.2 End IP address
c. Chp nhn gi tr 2 hp Number of Addresses
10. Nhn OK. Trn trang Address Range Assignment, nhn Next.
11. Trn trang Managing Multiple Remote Access Servers, chn No, use Routing and Remote
Access to authenticate connection requests.
12. Nhn Next. Trn trang Completing the Routing and Remote Access Server Setup, nhn Finish.
13. Nhn OK ng hp thoi yu cu nh cu hnh DHCP Relay Agent. Trng hp ny DHCP
Relay Agent s khng c nh cu hnh.
- nh cu hnh giao din quay s yu cu trn router tr li
1. Trn trnh Routing and Remote Access, chn ROUTER1, nhn chut phi vo Network
Interfaces.
2. Chn New Demand-dial Interface m Demand-Dial Interface Wizard, nhn Next.
3. Trn trang Interface Name, g VPN_TPHCM. Ch : tn trn giao din phi ng nh tn ti
khon ngi s dng trn router gi.
4. Nhn Next. Trn trang Connection Type, chn Connect using virtual private networking (VPN).
5. Nhn Next. Trn trang VPN Type, chn Point-to-Point Tunneling Protocol (PPTP).
6. Nhn Next. Trn trang Destination Address, g 10.2.0.2 Host name or IP address.
7. Nhn Next. Trn trang Protocols and Security, lm nhng vic sau:
a. Chn Route IP packets on this interface.
b. Chn Add a user account so a remote router can dial in.
8. Nhn Next. Trn trang Static Routes for Remote Networks, nhn Add.
9. Trong hp thoi Static Route, lm nhng cng vic sau:
a. G 172.16.56.0 Destination.
b. G 255.255.255.0 Network Mask.
c. Chp nhn gi tr 1 trong Metric.
10. Nhn OK. Trn trang Address Range Assignment , nhn Next.
11. Trn trang Dial In Credentials, g mt khu cho ti khon VPN_TPHCM.
12. Nhn Next. Trn trang Dial Out Credentials, lm nhng vic sau:
a. G VPN_Hanoi trong User name.
b. G ROUTER2 trong Domain.
c. G mt khu VPN_Hanoi trong Password.
d. G li mt khu ny trong Confirm password.
13. Nhn Next. Trn trang Demand-Dial Interface Wizard, nhn Finish.
14. Nhn OK ng hp thoi yu cu nh cu hnh DHCP Relay Agent. Trng hp ny DHCP
Relay Agent s khng c nh cu hnh.
- nh cu hnh VPN trn router gi
1. Trn ROUTER2, chn Administrative Tools, nhn vo Routing and Remote Access.
2. Nhn chut phi vo ROUTER2 (local) trong cy chng trnh ri nhn vo Configure and Enable
Routing and Remote Access.
3. Nhn Next trn trang Remote Access Server Setup Wizard.
4. Trn trang Configuration, chn Remote access (dial-up or VPN), nhn Next.
Phn ny s gii thiu cch ci t VPN kiu LAN ni LAN theo giao thc L2TP/IPSec. y l
giao thc c mc bo mt cao nht dnh cho mng ring o v c ngi s dng v my
tnh u phi qua giai on kim nh quyn truy cp.
Tm hiu mng ring o VPN (Phn 5)
6. Trn trang Connection Owner, chn my trong danh sch lm nh danh kt ni. La chn ny
ch c th thy trong bn ISA Enterprise Edition ch khng c trong Standard Edition. Nu c cn
bng ti (NLB) trn dy my, bn khng cn t ch nh my kt ni v qu trnh NLB s t ng
chn.
Trong v d ny chng ta khng dng NLB v ch c mt my trong dy. V vy, hy dng cng mc
nh l tn firewall vn phng chnh VPN_Hanoi. Nhn Next.
7. Trn trang Remote Site Gateway, g a ch IP hoc tn min y cho my ch VPN mng
khch. Ch y l tnh nng mi trong ISA firewall 2006; bn c bn ch c th nhp a ch IP.
Tnh nng ny t ra hu ch khi nhiu vn phng chi nhnh phi dng IP ng; do , cch duy nht
kt ni chc chn nht l thng qua dch v tn min. V d, trong trng hp ny l
tphcm.xyz.com.vn Nhn Next.
8. Trn trang Remote Authentication, nh du vo Local site can initiate connections to remote
site using these credentials. G tn ti khon m bn s to trn firewall vn phng TP HCM
cho php vn phng H Ni truy cp. Trong v d ny, nhp tn VPN_Hanoi vo User name.
Domain l tn ca firewall ISA Server 2006 ti chi nhnh TP HCM, trong v d ny l
ISA2006VPN_TPHCM. Nu firewall ny cng l my ch qun l domain (domain controller), bn s
dng tn min thay cho tn my. G mt khu v xc nhn li trong hai tip theo. Nhn Next.
9. Trn trang L2TP/IPSec Outgoing Authentication, chn phng php bn mun dng thm
nh quyn truy cp i vi firewall vn phng TP HCM. Trong thc nghim ny, chng ta chn
Pre-shared key authentication (mt khu chung) ri g mt khu vo tng ng. Nhn Next.
10. Nhn vo mc Add Range trn trang Network Address. Trong hp thoi IP Address Range
Properties, g a ch 10.0.1.0 vo Starting address. G 10.0.1.255 vo Ending address. Nhn
OK.
11. Nhn Next trn trang Network Addresses.
12. Trn trang Remote NLB, kim tra NLB c c dng firewall ny khng. Nu c, nh du
vo The remote site is enabled for Network Load Balancing. Sau , thm a ch IP vo dy NLB
ca chi nhnh TP HCM bng cch nhn vo nt Add Range.
Thc nghim ny khng dng NLB nn bn b du trong The remote site is enabled for Network
Load Balancing. Nhn Next.
13. Trn trang Site to Site Network Rule, bn c th cu hnh mt Network Rule kt ni vn
phng chnh vi chi nhnh. Ch rng firewall ISA lun yu cu bn c Network Rule kt ni cc
mng vi nhau. Ngay c khi to ra cc mng v Access Rules, kt ni vn khng thnh cng cho
n khi bn to Network Rule.
Firewall ISA mi gii quyt c trc trc m nhiu ngi gp phi khi dng bn c, nh ISA
2004, l h thng qun hoc khng bit ti vai tr ca Network Rule. Bn 2006 s yu cu bn
lm vic ny ngay trong wizard.
Chn Create a Network Rule specifying a route relationship chp nhn tn mc nh. (Ch : bn
c th chn Ill create a Network Rule later nu mun t to mt Network Rule. Ch rng la chn
mc nh dng kt ni mng ca vn phng chnh v chi nhnh). Nhn OK.
14. Mt tnh nng ni bt na trong bn 2006 l trang Site to Site Network Access Rule. Ti y,
bn c th cu hnh mt Access Rule cho php cc kt ni t tr s n chi nhnh.
Khi chn Create an allow Access Rule. This rule will allow traffic cetween the Internal Network and
the new site to site Network for all users, bn c 3 la chn t menu x xung Apply the rule to
these protocols.
- All outbound traffic: dng khi bn mun cho php tt c cc truy cp t vn phng chnh n chi
nhnh.
- Selected protocols: Mc ny c dng khi bn mun kim sot cc truy cp t tr s ti chi
nhnh. Nu mun hn ch kt ni trong mt s giao thc, chn mc ny ri nhn vo nt Add cho
tt c cc giao thc. Ch : lc ny bn khng th kha vic s dng giao thc pha ngi s
dng. Bn phi i cho n khi wizard ny kt thc ri ti mc Firewall Policy thay i sau.
- All outbound traffic except selected: La chn ny gip bn cho php tt c cc truy cp nhng
gii hn giao thc. Nhn nt Add thit lp cc giao thc bn mun kha.
thc nghim ny, chng ta chn All outbound traffic. Nhn Next.
15. Nhn Finish trn trang Completing the New Site to Site Network Wizard.
16. Hp thoi Remaining VPN Site to Site Tasks hin ra bo bn cn phi to mt ti khon vi ci
tn VPN_TPHCM. Nhn OK.
17. Chn Remote Site Network v nhn vo ng lin kt Edit Selected Network trong ca s
Task.
18. Trong hp thoi VPN_TPHCM Properties, th General cung cp thng tin v Remote Site
Network. Bn c th tt hoc bt kt ni VPN im-ni-im t th ny.
19. Trn th Server, ngi dng c th thay i my nh danh kt ni cho kiu VPN im-ni-im.
Bn ch c th ch nh mt my duy nht khi NLB khng c bt trn giao din m rng ca
tng la ISA.
Nu NLB c bt trn giao din ny, n s t ng ch nh my kt ni cho bn. Ch rng bn
c th to ra cc dy gateway VPN m khng cn bt NLB. Tuy nhin, trong hu ht cc trng
hp, bn nn dng n cn bng ti.
20. Trn th Address, bn c th thay i hay thm a ch mng khch.
21. Trn th Remote NLB, bn xc nh cc a ch IP c ch nh trn gateway VPN mng
khch. Bn ch cn cu hnh cc a ch IP nu gateway VPN mng khch c s dng NLB.
thc nghim ny, chng ta khng thm cc a ch mi v NLB khng c bt ln tng la
ISA ti mng vn phng TP HCM.
22. Trn th Authentication, chn giao thc thm nh quyn truy cp m bn mun trn tng la
ISA dng khi lm vic vi gateway mng chi nhnh. Mc nh y l Microsoft CHAP
Version 2.
La chn an ton nht l EAP nhng phng php ny yu cu bn ch nh chng nhn
(certificate) ca ngi dng cho cc ti khon.
23. Trn th Protocol, cu hnh giao thc VPN m bn mun to ra tunnel truyn dn cho mng
ring o. Ngi dng c th thay i mt m chung y.
24. Trn th Connection, bn c th thay i cc thuc tnh cho gateway VPN ca mng khch.
Ngi dng s thay i c thi gian duy tr kt ni VPN trong khi khng lm vic vi my (trng
thi idle). Mc nh l Never drop the connection. ng hp thoi VPN_TPHCM Properties.
25. Nhn phi chut vo Remote Site Network > Site to Site Summary command. Trong hp thoi,
bn s thy cc thng tin ci t trn mng chnh v Required site to site settings for the other end
of this tunnel (yu cu ci t i vi mng khch).
26. Hon thnh cng on cu hnh bng cch nhn vo Apply lu cc thay i. Nhn OK trong
hp thoi Apply New Configuration.