VPN (Virtual Private Networks) l gii php truy nhp t xa (Remote Access) da trn nn tng mng Internet cng

cng. Cng ty ITTI xin gii thiu gii php VPN. y l mt gii php kinh t, c tnh bo mt cao, mt gii php ca tng lai.

1. S cn thit, mc ch v li ch ca cng ngh VPN

1.1 Gii thiu v VPN Virtual Private Networks (VPN) hay gi theo ting Vit l Mng ring o, cho php bn m rng phm vi mng ni b (LAN) bng cch s dng li th ca mng Internet. K thut VPN cho php bn kt ni vi mt my ch nm xa hng ngn dm vi mng ni b ca cng ty (LAN - Local Area Network) ca bn v lm cho n tr thnh mt im truy cp (Node) hay mt PC na trong mng LAN v tr thnh 1 mng din rng (WAN). Mt c im na ca VPN l s kt ni gia my trm v mng o ca bn kh an ton nh chnh bn ang ngi trong cng mt mng LAN. Cc h iu hnh Windows 2000 Server, Windows 2003 Server cho php bn thit lp VPN server bng cch s dng li th c sn trong dch v cho php truy cp t xa RRAS (Remote Routing Access Service). Sau khi thit lp mt my ch (Server) thnh mt my ch n nhn kt ni t xa (VPN Server) th cc my trm (Clients) c th gi vo v truy cp nhng ti nguyn trong mng ni b (mng LAN) nh l ang kt ni trc tip vi mng . Dch v kt ni t xa thng qua dch v VPN Client ti my ch s m bo truy cp ti thng tin trong mng ni b mt cch an ton bi giao thc m ha v o ng hm trn nn tng mng Internet, nhm mc ch to mt mng ring o trn nn mng Internet c th trao i d liu, khai thc cc dch v CSDL trn mng 1.2 Mc ch - p ng cc nhu cu khai thc d liu, dch v CSDL, dch v c cung cp trong mng ni b cng ty p ng cho cc cng vic, hot ng sn xut kinh doanh ca doanh nghip bt c ni u m khng cn phi ngi trong vn phng. p dng cho cc t chc c nhiu vn phng chi nhnh, gia cc vn phng cn trao i d liu vi nhau. V d: Mt cng ty a quc gia c nhu cu chia s thng tin gia cc chi nhnh t ti nhiu nuc khc nhau, c th xy dng mt h thng VPN

Site-to-Site kt ni hai vn phng to mt ng truyn ring trn mng Internet phc v qu trnh truyn thng an ton, hiu qu. Trong mt s t chc, qu trnh truyn d liu gia mt s b phn cn bo m tnh ring t, khng cho php nhng b phn khc truy cp. H thng Intranet VPN c th p ng tnh hung ny. Qun l vn phng mt cch hiu qu, gim st cng vic t xa

Tch hp cc h thng cng ngh cao nh Camera quan st, in thoi trn nn tng Internet, Voice chat, y mnh hiu qu kinh doanh, b phn qun l mun cc nhn vin kinh doanh trong qu trnh cng tc bn ngoi c th truy cp bo co bn hng (Sale Reports) chia s trn File Server v c th tng tc vi my tnh ca h trong vn phng khi cn thit. Ngoi ra, i vi cc d liu mt, nhy cm nh bo co doanh s, trong qu trnh truyn c th p dng cc c ch m ha cht ch nng cao an ton ca d liu. 1.3 Li ch ca cng ngh VPN Kh nng linh hot cao, c th kt ni bt c khi no, bt c ni u, ch cn c th truy cp Internet. Gi thnh r, ch mt chi ph cho vic truy cp Internet thng thng (gim t 60%80% chi ph cho cc my trm truy cp t xa). Bng thng khng b hn ch, ch ph thuc vo tc ng truyn Internet m bn x dng (Hin nay ng truyn ADSL ti Vit nam cung cp bng thng cho khi thc dch v nh CSDL K ton, cng vn, cng vic, bn hng, mua hng, qun l thng tin trong doanh nghip thng qua h thng lm vic t xa VPN) S lng kt ni ng thi t xa vo vn phng cng ty hoc chi nhnh ln, khng hn ch s lng, ty thuc vo nhu cu khai thc d liu s c cc m hnh VPN c th ph hp vi loi hnh kinh doanh ca doanh nghip (VPN Client hoc Site to site / truy cp t cc my trm vo vn phng cng ty hoc truy cp t h thng mng vn phng ny sang h thng mng vn phng khc to thnh 1 h thng mng thng nht) m bo kh nng bo mt cao vi cc c ch m ho trn nn tng mng ring o (m ha, xc thc truy cp, xc nhn truy cp v bo mt h thng) Qun l cc kt ni d dng thng qua tn v mt khu truy cp v h thng mng ring o trong mng ni b (Cung cp thng tin cc Acccont xc thc truy cp).

2. Tnh nng ca gii php VPN 2.1 M hnh chung M hnh chung: M hnh mng ring o s dng ng kt ni Internet to ra mt ng hm o trao i thng tin t mng t xa kt ni thnh 1 mng thng nht.

M hnh kt ni VPN n: M hnh VPN kt ni t cc my trm xa vo mng LAN ca doanh nghip:

M hnh site to site: VPN kt ni gia 02 mng ni b t xa vi nhau (LAN LAN):

2.2 Yu cu gii php a. Phn cng Mt modem ADSL h tr dch v Virtual Server (Dch v my ch o)

Cn c mt ng truyn ADSL tc cao (dch v ADSL vi a ch IP tnh l tt nht) phc v cho qu trnh kt ni v truyn thng gia trong v ngoi cng ty. Cc ngi dng xa (VPN Client) s kt ni n my ch cung cp dch v VPN Server gia nhp h thng mng ring o ca cng ty v c cp pht a ch IP thch hp kt ni vi cc ti nguyn ni b ca cng ty. 01 my ch ci t Firewall cung cp cc kt ni VPN lm my ch VPN (VPN Server) , c 1 card mng kt ni vi h thng mng ni b v mt card mng kt ni ti lp mng chy dch v Internet bn ngoi ADSL kt ni vi bn ngoi (Internet). My ch cung cp dch v tt nht chy ng dng trn nn tng Domain Controler ca hng Microsoft m bo an ton, d qun tr khi chia s d liu v chia s cc dch

v trong mng LAN (Dch v File, Email ni b, Email Internet, Phn mm Nghip v: K ton, qun l cng vn cng vic, nhn s tin lng, chm sc khch hng, ) b. Phn mm Firewall Software: Firewall mm chy trn nn tng applicant. L Firewall bo v hn thng mng bn trong, chng thc cc kt ni t bn ngoi vo, m ha d liu khi truyn ra ngoi theo knh VPN. C mt quy tc c p t trn h thng bo mt (Firewall) cho php thng tin c truyn qua h thng bo mt (Firewall), sau nhng thng tin ny s c chuyn (Pass) qua, v ngc li nu khng c bt k quy tc no cho php nhng thng tin y truyn qua, nhng thng tin ny s b h thng bo mt (Firewall) chn li. 2.3 Bo mt, an ton thng tin Xc thc truy cp (User Authentication): Cung cp c ch chng thc ngi dng, ch cho php ngi dng hp l v c php Kt ni v truy cp h thng truy cp t xa (VPN Server). Qun l phn cp a ch (Address Management): Cung cp a ch IP hp l cho ngi dng sau khi ng nhp vo h thng VPN v khai thc cc ti nguyn trong mng ni b (LAN) to thnh mng din rng (WAN). M ha d liu (Data Encryption): Cung cp gii php m ho d liu trong qu trnh truyn nhm bo m tnh ring t v ton vn d liu. Qun l cung cp kha (Key Management): Cung cp gii php qun l cc kho dng cho qu trnh m ho v gii m d liu. H thng bo mt (Firewall): s p ng oc cc c ch bo mt ra: IPSec, 3Des, Client Policy, RADIUS, LDAP theo cc tiu chun bo mt v m ha ca th gii. Ti pha ngi truy cp s c m bo an ninh vi cc c ch ng gi v m ho ca ng dng VPN (VPN Client Sofware). Chng tht thot d liu do ngi dng truyn ra ngoi thng qua cc c ch chia s file ngang hng (P2P), chat (Yahoo, Sky, MSM) cng nh cc phng thc truyn file khc qua mng Internet. 3. D tr gii php ng truyn d phng cho h thng Firewall, VPN: c cung cp bi mt ISP khc, c IP tnh. Khi c s c s chuyn qua ng d phng chy. Trong trng hp

bnh thng th ng d phng ng vai tr l ng Internet tng bng thng cho ng truyn chnh. H thng phn cng chi Firewall cn nng cp mnh hn sau mt thi gian s dng p ng nhu cu ngy cng cao ca Doanh Nghip. 4. Kt lun Vi cng ngh thng tin pht trin nh hin nay p dng cc gip php cng ngh VPN s gp phn ng k vo s pht trin ca doanh nghip, gip qun l cc vn phng mt cch c hiu qa. Cng ngh VPN gip cc nh qun tr c mt ci nhn tng quan hn v mng Intranet (M rng mng v phm vi khai thc thng tin) nh mng Internet ang ngy cng pht trin mnh nc ta nh hin nay. Vi cng ngh mng VPN s lm tng kh nng p ng khai thc thng tin mi lc, mi ni v m bo kh nng an ton bo mt trong qu trnh khai thc , n s lm thay i cch suy ngh, lm vic v khai thc thng tin nhanh chng trong thi i CNTT bng n v h tng CNTT ti Vit nam ngy cng mnh. N s l nn tng cho cc dch v lp trn khai thc trit khng gii hn v khng gian a l, thi gian v tng cc cng c cho nh qun l iu hnh sn xut kinh doanh trong doanh nghip mnh.

Mng ring o (Vitual Private Network - VPN) da trn cng ngh MPLS mi xut hin Vit Nam l gii php ha hn nhiu li ch cho DN ng dng. Mng ring o (Vitual Private Network - VPN) da trn cng ngh MPLS mi xut hin Vit Nam l gii php ha hn nhiu li ch cho DN ng dng. Li ch ca MPLS vi DN/TC

mt cng ty t c cc mc tiu kinh doanh, h tng mng ring phi c ta rng theo mi hng. Xt v kh nng h tr VPN, cc h tng mng ring o truyn thng da trn cc cng ngh c nh lease line, X25, ATM khng th p ng yu cu ca cc khch hng. S xut hin ca MPLS s gip xy dng c mt mng mm do v a

dch v, c kh nng tch hp cc dch v ca Intranet, Extranet, Internet v h tr m hnh VPN a dch v. Vi mng s dng MPLS, rt nhiu dch v cht lng cao c cung cp nh: 1. Ti tin cho cc mng s liu, Internet v thoi. Lu lng thoi c chuyn dn sang mng trc MPLS quc gia. Mng ny s thay th dn mng trc truyn thng ang hot ng. 2. Cung cp dch v truy nhp Internet tc cao ti mt s a phng trng im trn ton quc. Bc u hnh thnh mng trc quc gia trn c s cng ngh gi. 3. Cung cp dch v truyn s liu tc cao cho cc doanh nghip/ t chc (DN/TC) nh ngn hng, cc hng thng tn bo ch. 4. Cung cp dch v VPN cho cc cng ty xuyn quc gia v cc DN/TC ln. y ang c coi nh dch v quan trng nht tc ng n vic thay i c cu kinh doanh v tng kh nng cnh tranh ca cc nh khai thc. 5. Cung cp dch v Video.

Hnh 1: Mng MPLS cho dch v ti chnh

M hnh thc t ng dng MPLS trong mng ring

Di y l hai v d trin khai VPN da trn MPLS. V d th nht, mt t chc ti chnh vn hnh mng ring kt ni vi mt s n v trc thuc. Nhng n v ny u yu cu kt ni ring v trung tm, nhng thnh thong mi kt ni. H li c nhu cu kt ni rt khc nhau, c n v ch yu cu dch v email, trong khi n v khc li cn truy cp cc ng dng tng tc thi gian thc... (nh cc cuc gi VoIP). Gii php cho loi ny l mt mng MPLS dng cng ngh VPN/MPLS lp 3 nh trong hnh 1. V d th hai, DN s hu v vn hnh mt mng ring phc v cho cc khi phng ban hay vn phng xa kt ni ti mt s ng dng quan trng. DN ny mun nng cp s h tr dn ln theo cch

Mng ring o (VPN) - Virtual Private Network

VPN l mt mng ring ca khch hng da trn c s h tng mng cng cng (Internet). VPN bng n vo nm 1997 v ngy cng c nhiu nh cung cp a ra nhng gii php ring v VPN cho khch hng ca h. VPN cho php thnh lp cc kt ni ring vi nhng ngi dng xa, cc vn phng chi nhnh ca DN v i tc s dng chung mt mng cng cng. Cc loi VPN: VPN truy cp t xa ( Remote Access VPN):cung cp truy cp tin cy cho nhng ngi dng t xa nh cc nhn vin di ng, cc nhn vin xa v cc vn phng chi nhnh thuc mng li ca DN. VPN ni b (Intranet VPN): cho php cc vn phng chi nhnh c lin kt mt cch bo mt n tr s chnh ca DN VPN m rng (Extranet VPN): cho php cc khch hng v cc i tc c th truy cp mt cch bo mt n Intranet ca DN.

sau:

Phn tch logic lu lng phng ban - thng qua mng ni b o VLANs chia tch lu lng ny trn h tng mng LAN v duy tr s chia tch ny trn mng WAN vi tnh bo mt cao. Trin Truy khai nhp VoIP vo ti cc tt ng c dng phng tng ban tc v thi chi gian nhnh. thc.

Gii php a ra l trin khai m hnh MPLS theo cng ngh VPN/MPLS lp 3 (hnh 2). Cc lu lng thoi v d liu trong mng LAN o s c dn ti cc VRF (b nh tuyn chuyn tip) ti cc b nh tuyn vn phng chi nhnh v khi y chuyn ti thng qua mng WAN n cc v tr xa khc.

Hnh 2: Cc kt ni phng ban xa v phng ban b phn

MPLS VPN ti Vit Nam C bn v MPLS

MPLS l thut ng vit tt ca Multi-Protocol Label Switching (chuyn mch nhn a giao thc). Nguyn tc c bn ca MPLS l thay i cc thit b lp 2 trong mng nh cc thit b chuyn mch ATM (Asynchronous Transfer Mode) thnh cc LSR (label-switching router-B nh tuyn chuyn mch nhn). LSR c th c xem nh mt s kt hp gia h thng chuyn mch ATM vi cc b nh tuyn truyn thng. Cng ngh MPLS l mt dng phin bn ca cng ngh IPoA (IP over ATM) truyn thng, nn MPLS c c u im ca ATM (tc cao, QoS v iu khin lung) v ca IP ( mm do v kh nng m rng). Gii quyt c nhiu vn ca mng hin ti v h tr c nhiu chc nng mi, MPLS c cho l cng ngh mng trc IP l tng.

MPLS hin ang c xc tin xy dng trong mng truyn ti ca Tng Cng Ty Bu Chnh Vin Thng (VNPT). Vi d n VoIP ang trin khai, VNPT thit lp mng trc MPLS vi 3 LSR li. Cc LSR bin s c tip tc u t v m rng ti cc a im c nhu cu ln nh Hi Phng, Qung Ninh (pha Bc), Nng, Khnh Ha (min Trung) v Bnh Dng, ng Nai, B Ra - Vng Tu (min Nam). Bn cnh , FPT Telecom, Vin Thng Qun i, in Lc cng vo cuc to ra mi trng cnh tranh vi cht lng dch v cao, gi r.

Hin ti, khng k cc DN v VP i din nc ngoi, c rt nhiu DN trong nc lnh vc ti chnh, bo him, ngn hng s dng dch v ny (tng cng ty Bo Him Bo Vit; ngn hng ng ...). Bn cnh cc t chc nh nc nh B Ti Chnh, Hi Quan, Kho Bc, Thu lin kt vi nhau bng VPN/MPLS. Mng ca t chc ng, cc vn phng tnh y cng ang th nghim cng ngh ny.

Kt

lun

Nh vy, vi VPN da trn MPLS, cc DN/TC hon ton c th t c cc mc tiu ca mnh nh: iu khin nhiu hn trn h tng mng, cung cp a lp dch v ti ngi s dng, m bo hiu nng p ng theo yu cu ca ng dng, h tr hi t a cng ngh vi nhiu kiu lu lng trn cng mt mng n. Tuy nhin, khi chn la nh cung cp phn cng v nh trin khai dch v, DN/TC cn cn c trn nhiu gc v tiu ch nh gi khc nhau. V d c th cn c cc ti liu nh gi hiu nng sn phm ca cc n v truyn thng, bc tranh pht trin ca nh cung cp v chiu rng v chiu su... Nh u im vt tri ca cht lng dch v qua mng IP v l phng n trin khai VPN theo cng ngh mi, khc phc c nhiu vn m cc cng ngh ra i trc n cha gii quyt c, MPLS thc s l mt la chn hiu qu trong trin khai h tng thng tin DN. MINH HA S A DNG CA YU CU V CHT LNG THEO 3 NHM I TNG T chc kinh doanh ln, vi cc vn phng cch xa nhau nh cc cng ty a quc gia: Bo mt thng tin cao v c cc chnh sch v truyn thng. Truy nhp t xa. m bo cao v cht lng truyn d liu Mng Extranet cho cc i tc Gia cc ca hng bn l, c c th l s Cc cng ty quy m va v phn tn rng: nh, c cc n v thnh vin gn nhau v a l: Yu cu bo mt Yu cu bo mt trong thng tin truyn gia truyn thng. cc bn. Khng yu cu cao v cam Khng yu cu cao v kt cht lng dch v. cam kt cht lng Khng yu cu kh nng dch v. vn ti ton cu. C th vn ti ton cu.

VPN l g?

Nhu cu truy cp t xa (ngoi vn phng) mng ni b trao i d liu hay s dng ng dng ngy cng ph bin. y l nhu cu thit thc, tuy nhin do vn bo mt v an ton thng tin nn cc cng ty ngi "m" h thng mng ni b ca mnh cho php nhn vin truy cp t xa. Bi vit ny trnh by gii php truy cp t xa VPN trn Windows Server 2003 c c ch m ha da trn giao thc IPSec nhm m bo an ton thng tin.
VPN

VPN (virtual private network) l cng ngh xy dng h thng mng ring o nhm p ng nhu cu chia s thng tin, truy cp t xa v tit kim chi ph. Trc y, truy cp t xa vo h thng mng, ngi ta thng s dng phng thc Remote Access quay s da trn mng in thoi. Phng thc ny va tn km va khng an ton. VPN cho php cc my tnh truyn thng vi nhau thng qua mt mi trng chia s nh mng Internet nhng vn m bo c tnh ring t v bo mt d liu. cung cp kt ni gia cc my tnh, cc gi thng tin c bao bc bng mt header c cha nhng thng tin nh tuyn, cho php d liu c th gi t my truyn qua mi trng mng chia s v n c my nhn, nh truyn trn cc ng ng ring c gi l tunnel. bo m tnh ring t v bo mt trn mi trng chia s ny, cc gi tin c m ho v ch c th gii m vi nhng kha thch hp, ngn nga trng hp "trm" gi tin trn ng truyn.
Cc tnh hung thng dng ca VPN:

- Remote Access: p ng nhu cu truy cp d liu v ng dng cho ngi dng xa, bn ngoi cng ty thng qua Internet. V d khi ngi dng mun truy cp vo c s d liu hay cc file server, gi nhn email t cc mail server ni b ca cng ty. - Site To Site: p dng cho cc t chc c nhiu vn phng chi nhnh, gia cc vn phng cn trao i d liu vi nhau. V d mt cng ty a quc gia c nhu cu chia s thng tin gia cc chi nhnh t ti Singapore v Vit Nam, c th xy dng mt h thng VPN Site-to-Site kt ni hai site Vit Nam v Singapore to mt ng truyn ring trn mng Internet phc v qu trnh truyn thng an ton, hiu qu.

- Intranet/ Internal VPN: Trong mt s t chc, qu trnh truyn d liu gia mt s b phn cn bo m tnh ring t, khng cho php nhng b phn khc truy cp. H thng Intranet VPN c th p ng tnh hung ny. trin khai mt h thng VPN chng ta cn c nhng thnh phn c bn sau y: - User Authentication: cung cp c ch chng thc ngi dng, ch cho php ngi dng hp l kt ni v truy cp h thng VPN. - Address Management: cung cp a ch IP hp l cho ngi dng sau khi gia nhp h thng VPN c th truy cp ti nguyn trn mng ni b. - Data Encryption: cung cp gii php m ho d liu trong qu trnh truyn nhm bo m tnh ring t v ton vn d liu. - Key Management: cung cp gii php qun l cc kho dng cho qu trnh m ho v gii m d liu. IPSEC (IP SECURITY PROTOCOL) Nh chng ta bit, cc my tnh trn h thng mng LAN/WAN hay Internet truyn thng vi nhau, chng phi s dng cng mt giao thc (ging nh ngn ng giao tip trong th gii con ngi) v giao thc ph bin hin nay l TCP/IP. Khi truyn cc gi tin, chng ta cn phi p dng cc c ch m ha v chng thc bo mt. C nhiu gii php thc hin vic ny, trong c ch m ha IPSEC hot ng trn giao thc TCP/IP t ra hiu qu v tit kim chi ph trong qu trnh trin khai. Trong qu trnh chng thc hay m ha d liu,

IPSEC

th

dng

mt

hoc

hai

giao

thc

bo

mt

sau:

- AH (Authentication Header): header ca gi tin c m ha v bo v phng chng cc trng hp "ip spoofing" hay "man in the midle attack", tuy nhin trong trng hp ny phn ni dung thng tin chnh khng c bo v - ESP (Encapsulating Security Payload): Ni dung thng tin c m ha, ngn chn cc trng hp hacker t chng trnh nghe ln v chn bt d liu trong qu trnh truyn. Phng thc ny rt hay c p dng, nhng nu mun bo v lun c phn header ca gi tin th phi kt hp c 2 giao thc AH v ESP. IPSec/VPN trn Windows Server 2003

Chng ta tham kho tnh hung thc t ca cng ty Green Lizard Books, mt cng ty chuyn xut bn v phn phi vn ho phm. Nhm y mnh hiu qu kinh doanh, b phn qun l mun cc nhn vin kinh doanh trong qu trnh cng tc bn ngoi c th truy cp bo co bn hng (Sale Reports) chia s trn File Server v c th tng tc vi my tnh ca h trong vn phng khi cn thit. Ngoi ra, i vi cc d liu mt, nhy cm nh bo co doanh s, trong qu trnh truyn c th p dng cc c ch m ha cht ch nng cao an ton ca d liu. Green Lizard Books cn c mt ng truyn ADSL vi a ch IP tnh phc v cho qu trnh kt ni v truyn thng gia trong v ngoi cng ty. Cc ngi dng xa (VPN Client) s kt ni n VPN Server gia nhp h thng mng ring o ca cng ty v c cp pht a ch IP thch hp kt ni vi cc ti nguyn ni b ca cng ty. Chng ta s dng 1 my Windows Server 2003 lm VPN Sever (t tn l SRV-1), c 1 card mng kt ni vi h thng mng ni b (IP: 192.168.1.1) v mt card ADSL (IP tnh, nu dng IP ng th phi s dng kt hp vi cc dch v Dynamic DNS nh DtnDNS.Org hay No-IP.Com) kt ni vi bn ngoi (Internet). qun l ngi dng trn h thng v ti nguyn chng ta cn c 1 domain controler ci t trn Windows Server 2003 tn l SRV-11 (IP: 192.168.0.11).

Trong m hnh ny, chng ta s dng mt my client bn ngoi chy h iu hnh Windows XP, kt ni VPN vi c ch chng thc v m ha d liu da trn IPSec ESP. y ti ch trnh by nhng buc chnh trong qu trnh trin khai, chi tit ci t v cu hnh cc bn c th tham kho cc tp tin video (.avi) ti v website www.pcworld.com.vn. Bc 1: To domain controler

(dcpromo-srv-11-greenlizardbooks-domain-controller.avi)

Bc

2: a

SRV-1

(VPN

Server)

vo

domain

(join_srv-1_server_to_domain.avi)

Bc

3: ci

VPN Server

trn

SRV-1

(install_vpn_server_on_srv-1.avi)

Bc

4: Thit

lp

VPN

Client

Client-1

kt

ni

VPN

Server

(create_vpn_client_1_and_connect_to_srv-1_vpn_server.avi)

Bc

5: Kt

ni

VPN

Client

Client-1

vo

domain

(join-vpn-client-1-to-greenlizardbooks_domain.avi) Bc 6: Yu cu cp pht chng ch in t (certificate) cho VPN Server v Client dng chng thc v m ha. (request_certificate_for_vpn_server_and_client.avi)

Bc

7: Thit

lp

kt

ni

VPN

dng

giao

thc

L2TP/IPSEC

(establish_L2TP_VPN_connection.avi)

KT LUN VPN l cng ngh c s dng ph bin hin nay nhm cung cp kt ni an ton v hiu qu truy cp ti nguyn ni b cng ty t bn ngoi thng qua mng Internet. Mc d s dng h tng mng chia s nhng chng ta vn bo m c tnh ring t ca d liu ging nh ang truyn thng trn mt h thng mng ring. Gii php VPN

"mm" gii thiu trong bi vit ny thch hp cho s lng ngi dng nh, p ng s lng ngi dng ln hn, c th phi cn n gii php VPN phn cng.

TUNNELING Tunneling l

k thut s dng mt h thng mng trung gian (thng l mng Internet) truyn d liu t mng my tnh ny n mt mng my tnh khc nhng vn duy tr c tnh ring t v ton vn d liu. D liu truyn sau khi c chia nh thnh nhng frame hay packet (gi tin) theo cc giao thc truyn thng s c bc thm 1 lp header cha nhng thng tin nh tuyn gip cc packet c th truyn qua cc h thng mng trung gian theo nhng ng ring (tunnel). Khi packet c truyn n ch, chng c tch lp header v chuyn n cc my trm cui cng cn nhn d liu. thit lp kt ni tunnel, my client v server phi s dng chung mt giao thc (tunnel protocol). - PPTP (Point-to-Point Tunneling Protocol): PPTP c th s dng cho Remote Access hay Site-to-Site VPN. Nhng thun li khi p dng PPTP cho VPN l khng yu cu certificate cho qu trnh chng thc v client c th t pha sau NAT Router. - L2TP ( Layer 2 Tunneling Protocol): L2TP l s kt hp ca PPTP v Layer 2 Forwading (L2F, giao thc c pht trin bi Cisco System). So vi PPTP th L2TP c nhiu c tnh mnh v an ton hn. Trn h thng Microsoft, L2TP c kt hp vi IPSec Encapsulating Security Payload (ESP) cho qu trnh m ha d liu, gi l L2TP/IPSec. S kt hp ny khng ch cho php chng thc i vi ngi dng PPTP m cn cho php chng thc i vi cc my tnh thng qua cc chng ch, nng cao hn an ton ca d liu khi truyn, v qu trnh tunnel c th din ra trn nhiu h thng mng khc nhau. Tuy nhin trong mi trng L2TP/IPSec cc VPN Client khng th t pha sau NAT Router. Trong trng hp ny chng ta cn phi c VPN Server v VPN Client h tr IPSec NAT-T.