do an trien khai vpn 715
TRANSCRIPT
-
8/2/2019 Do an Trien Khai VPN 715
1/126
Trin khai dch v VPN
Gio vin hng dn : Trn Ng Nh Khnh
Sinh vin thc hin :Nguyn Vit Sn 0612251
Nguyn Vn Vinh 0610185
-
8/2/2019 Do an Trien Khai VPN 715
2/126
Lab 3 : Certification Authority
1. Phn 1: Ci t Stand-alone CA
Hng dn :
Ch : Ci t Stand-alone CA trong trng hp chng ta cp chng ch CA cho Client thucnhm Workgroup .
Ci t dch v CA : B1 : logon vo my A bng ti khon Administrator . B2 : Start -> Run -> Control Panel - > Add or Remove Programs . B3 : Trong ca s Add or Remove Programs -> Click vo Add/Remove Windows
Compones -> check vo 2 Application Serverv Certificate Sevices ->Next
-
8/2/2019 Do an Trien Khai VPN 715
3/126
B5 : chn Stand-Alone root CA -> Next
-
8/2/2019 Do an Trien Khai VPN 715
4/126
B6 : khung Common name for this CA : nhp tn chng ch -> Next .
B8 : Chon Finish .
-
8/2/2019 Do an Trien Khai VPN 715
5/126
ci xong dch v Certification
T my B , xin cp chng ch CA . B1 : mIE -> nhp http://10.10.150.1/certsrv ( 10.10.150.1 l IP ca my A )
Click vo Request a Certificate
-
8/2/2019 Do an Trien Khai VPN 715
6/126
B2 : Clickadvancd certificate request -> Create and submit a request to this CA
B3 : nhp tn ng k -> submit .
-
8/2/2019 Do an Trien Khai VPN 715
7/126
Vy l ta xin chng ch CA cho my B xong , gisang my Akim tra xem c chng ch CA ca my B cha .
Qua my A : Start - > Adiministrator Tools -> Certification Authority -> IssuedCertificates
Chng ta thy c chng ch CA ca my B .
-
8/2/2019 Do an Trien Khai VPN 715
8/126
2. Phn 2: Cu hnh Web server s dng SSL:
2.1 M hnh trin khai :
Hng dn :
Thc hin ti my A : B1 : Start -> Administrator Tools -> Internet Information Services ( IIS ) Manager B2 : Ti ca s Internet Information Services ( IIS ) Manager -> chn Web Sites
-> Default Web Sites -> click chut phi -> Properties
-
8/2/2019 Do an Trien Khai VPN 715
9/126
B3 : Ti ca s Default Web Site Properties -> chn tab Directory Security-> Click Server Certificates -> Click Next -> Create a new certificate
-> Click Next -> Click Next .
B4 : hp IIS Certificate Wizard -> nhp tn cho certificate -> click Next
-
8/2/2019 Do an Trien Khai VPN 715
10/126
B5 : Ti Country/Region : chn VN(Viet Nam) v nhp thng tin nhng cn li
-
8/2/2019 Do an Trien Khai VPN 715
11/126
B6 : Click Browse -> chn ni lu tr -> click Next -> Next -> Finish
-
8/2/2019 Do an Trien Khai VPN 715
12/126
B7 : MIE ln -> http://localhost/certsrv -> clickRequest a certificate -> clickadvanced certificate request -> clicksubmit a certificate request by using a base
64 encoded CMC or PKCS # 10 file or submit ..
-
8/2/2019 Do an Trien Khai VPN 715
13/126
B8 : Mfile lc ny va to ri copy sau pase vo Saved request -> click Submit
-
8/2/2019 Do an Trien Khai VPN 715
14/126
B9 : mIE : http://localhost/certsrv -> clickView the status of a pending certificaterequest -> clickSave request certificate ( Sunday April 18 2010 10:35:59 AM ) -> click
download certificate
-
8/2/2019 Do an Trien Khai VPN 715
15/126
B10 : Start -> Administrator Tools -> Internet Information Services ( IIS ) Manager B12 : Ti ca s Internet Information Services ( IIS ) Manager -> chn Web Sites
-> Default Web Sites -> click chut phi -> Properties
B13 : Ti ca s Default Web Site Properties -> chn tab Directory Security-> Click Server Certificates -> Click Next -> Click Next -> Click Next ->
click Browse -> tim n file va download trn -> click Next - > Finish .
-
8/2/2019 Do an Trien Khai VPN 715
16/126
-
8/2/2019 Do an Trien Khai VPN 715
17/126
B14 : Click Edit.. - >
B15 : ti Default Web Site Properties -> click check vo Request sesure channel (SSL) vrequest 128-bit encryption -> OK
-
8/2/2019 Do an Trien Khai VPN 715
18/126
Vy cu hnh xong trn my A truy cp Web s dng SSL . Gisang my B mIE ln truy cp Web coi kt qunh th no .
Nhp http://10.10.150.1 ( 10.10.150.1 l IP ca my A ) -> th kt qunh hnh di .
-
8/2/2019 Do an Trien Khai VPN 715
19/126
Ginhp https://10.10.150.1 th kt qunh hnh di :
-
8/2/2019 Do an Trien Khai VPN 715
20/126
4. Phn 3: Chng thc IPSec bng CA
4.1 M hnh trin khai :
Hng dn :
Ch : my cp chng ch CA tng phi ci t Domain controller .
-
8/2/2019 Do an Trien Khai VPN 715
21/126
Trin khai cp chng ch tng CA : Cc bc ci t lm ging nh phn 1 , nhng ta chn Enterprise root CA
B2 : Start -> Run -> mmc -> Add /Remove Snap-in .
-
8/2/2019 Do an Trien Khai VPN 715
22/126
B3 : Ti ca s Add Standalone Snap-in -> Add 3 file Certificate Templates,Certificates , Certification Authority . -> OK
B4 : ClickCertificate Templates -> Duplicate Templates 2 chng chComputervIPSec .
-
8/2/2019 Do an Trien Khai VPN 715
23/126
B5 : Chn Certification Authority -> Certificate Templates -> Click chut phi ->New Certificate Template to Issue -> Chn IPSec v computer-> OK
-
8/2/2019 Do an Trien Khai VPN 715
24/126
B6 : Start -> Administrator Tools -> Domain Security Policy
-
8/2/2019 Do an Trien Khai VPN 715
25/126
-
8/2/2019 Do an Trien Khai VPN 715
26/126
Gita s cp chng ch tng cho Server 1 v WS01 . Ta jon Server 1 v WS01 voDomain controller sau reset li Server 1 v WS01 . ta thy Server 1 v WS01 ccp chng chCA nh hnh di .
-
8/2/2019 Do an Trien Khai VPN 715
27/126
-
8/2/2019 Do an Trien Khai VPN 715
28/126
Lab 4: Remote Access VPN vi Radius v DHCP Relay
Hng dn :
Cu hnh RADIUS Server : B1 : logon vo my A bng ti khon Administrator . B2 : Start -> Run -> Control Panel - > Add or Remove Programs .
-
8/2/2019 Do an Trien Khai VPN 715
29/126
B3 : Trong ca s Add or Remove Programs -> Click vo Add/Remove WindowsCompones -> Click chut vo Networking Services -> Details-> chn InternetAuthentication Services -> OK -> Click Next-> Finish .
-
8/2/2019 Do an Trien Khai VPN 715
30/126
B4 : Click chut phi vo My Computer -> Manage -> Local Users and Groups -> UserTo mt user ( tn : user1 ) v mt group ( tn : VPNs ) sau add user1 vo VPNs .user1 dng Cho VPN connect ti th dng ti khon ny ng nhp .
-
8/2/2019 Do an Trien Khai VPN 715
31/126
-
8/2/2019 Do an Trien Khai VPN 715
32/126
-
8/2/2019 Do an Trien Khai VPN 715
33/126
B5 : Start -> Adminitrator Tools -> Internet Authentication Services .
-
8/2/2019 Do an Trien Khai VPN 715
34/126
-
8/2/2019 Do an Trien Khai VPN 715
35/126
-
8/2/2019 Do an Trien Khai VPN 715
36/126
-
8/2/2019 Do an Trien Khai VPN 715
37/126
-
8/2/2019 Do an Trien Khai VPN 715
38/126
Ci t dch v Web v FTP Server : B1 : To mt web site n gin lu vo th mc tn Web_Server v to mt th mcFTP_Server .
B2 : Start -> Run -> Control Panel - > Add or Remove Programs
-
8/2/2019 Do an Trien Khai VPN 715
39/126
B3 : start -> Adminsitrator Tools -> Internet Information Services (IIS) Mangager.
-
8/2/2019 Do an Trien Khai VPN 715
40/126
-
8/2/2019 Do an Trien Khai VPN 715
41/126
-
8/2/2019 Do an Trien Khai VPN 715
42/126
B4 :
-
8/2/2019 Do an Trien Khai VPN 715
43/126
B5 : Cu hnh FTP lm tng tnh Web .
-
8/2/2019 Do an Trien Khai VPN 715
44/126
-
8/2/2019 Do an Trien Khai VPN 715
45/126
Kt qunh hnh di :
-
8/2/2019 Do an Trien Khai VPN 715
46/126
Cu hnh VPN Server : B1 : Logon vo my VPN Server bng ti khon Administrator B2 : Start -> Administrator Tools -> Routing and Remote Access
-
8/2/2019 Do an Trien Khai VPN 715
47/126
-
8/2/2019 Do an Trien Khai VPN 715
48/126
-
8/2/2019 Do an Trien Khai VPN 715
49/126
-
8/2/2019 Do an Trien Khai VPN 715
50/126
B6 : Cu hnh RADIUS :
-
8/2/2019 Do an Trien Khai VPN 715
51/126
-
8/2/2019 Do an Trien Khai VPN 715
52/126
-
8/2/2019 Do an Trien Khai VPN 715
53/126
-
8/2/2019 Do an Trien Khai VPN 715
54/126
To kt ni VPN Client : Ti my VPN Client ta lm nh sau :
-
8/2/2019 Do an Trien Khai VPN 715
55/126
-
8/2/2019 Do an Trien Khai VPN 715
56/126
-
8/2/2019 Do an Trien Khai VPN 715
57/126
-
8/2/2019 Do an Trien Khai VPN 715
58/126
-
8/2/2019 Do an Trien Khai VPN 715
59/126
-
8/2/2019 Do an Trien Khai VPN 715
60/126
2. Phn 2: Remote Access VPN kt hp DHCP Relay
Hng dn :
Bi ny chng ta cu hnh ging nh phn 1 ca Lab 4 nhng ch thm 1 my chy dch vDHCP Server .
-
8/2/2019 Do an Trien Khai VPN 715
61/126
Ci bc cu hnh cho my Web Server , RADIUS Server v VPN Client ta lm nh phn 1 .Ch c cu hnh VPN Server l hi khc mt cht .
Cu hnh DHCP Server : B1 : Logon vo my DHCP Server bng quyn Administrator B2 : Start -> Control Panel -> Add or Remove Programs B3 : Ti ca s : Add or Remove Programs -> chn : Add/Remove Windows Component B4 : Ti ca s Windows Components Wizard -> chn Networking Services ->
Details -> Dynamics Host Configuration Protocol (DHCP ) -> OK -> Next ->
Finish .
-
8/2/2019 Do an Trien Khai VPN 715
62/126
-
8/2/2019 Do an Trien Khai VPN 715
63/126
B5 : To mt min IP tng cp a ch IP cho VPN Client . start -> AdministratorTools -> Dynamics Host Configuration Protocol ( DHCP ) .
-
8/2/2019 Do an Trien Khai VPN 715
64/126
-
8/2/2019 Do an Trien Khai VPN 715
65/126
-
8/2/2019 Do an Trien Khai VPN 715
66/126
-
8/2/2019 Do an Trien Khai VPN 715
67/126
Cu hnh VPN Server : B1 : Logon vo my VPN Server bng quyn Administrator B2 : Start -> Administrator Tools -> Routing and Remote Access
-
8/2/2019 Do an Trien Khai VPN 715
68/126
-
8/2/2019 Do an Trien Khai VPN 715
69/126
-
8/2/2019 Do an Trien Khai VPN 715
70/126
B6 : Cu hnh RADIUS :
-
8/2/2019 Do an Trien Khai VPN 715
71/126
-
8/2/2019 Do an Trien Khai VPN 715
72/126
-
8/2/2019 Do an Trien Khai VPN 715
73/126
-
8/2/2019 Do an Trien Khai VPN 715
74/126
-
8/2/2019 Do an Trien Khai VPN 715
75/126
Git VPN Client connect vo th ta s thy kt qunh hnhdi .
-
8/2/2019 Do an Trien Khai VPN 715
76/126
-
8/2/2019 Do an Trien Khai VPN 715
77/126
Lab 5: Trin khai Remote Access VPN s dng L2TP/IPSec
-
8/2/2019 Do an Trien Khai VPN 715
78/126
Hng dn :
Bi lab5 thc hin gn ging vi phn 3 ca bi lab 3 , nn mnh khng minh ha y , cc
mun tham kho th c th download nhng video m mnh lm t bi lab 1 -> lab 7 2 linkny : http://www.mediafire.com/download.php?5w3nzjnjf1z v
http://www.mediafire.com/?4lxnlm3rzmo .
-
8/2/2019 Do an Trien Khai VPN 715
79/126
Lab 6: Trin khai Site-to-site VPN
-
8/2/2019 Do an Trien Khai VPN 715
80/126
Hng dn :
Cu hnh Router Internet : ta s s dng 1 my chy windows server 2003 lm router internet .vi 2 card mng : card DaLat c IP 172.30.1.1/24 ; card SaiGon c IP 172.31.1.1/24 . B1 : logon vao my router internet bng ti khon Administrator . B2 : start -> Administrator Tools -> Routing and Remote Access
-
8/2/2019 Do an Trien Khai VPN 715
81/126
-
8/2/2019 Do an Trien Khai VPN 715
82/126
-
8/2/2019 Do an Trien Khai VPN 715
83/126
-
8/2/2019 Do an Trien Khai VPN 715
84/126
-
8/2/2019 Do an Trien Khai VPN 715
85/126
Ch : Router_DaLat to mt ti khon c tn : saigon ; password : 123 . Router_SaiGonto mt ti khon c tn : dalat ; password : 123 . 2 user nay c thit lp Allow Access trongphn Dial in .
Cu hnh Router_DaLat : B1 : logon vo my Router_DaLat vi quyn Administrator . B2 : Start -> Administrator Tools -> Routing and Remote Access
-
8/2/2019 Do an Trien Khai VPN 715
86/126
-
8/2/2019 Do an Trien Khai VPN 715
87/126
B3 :
-
8/2/2019 Do an Trien Khai VPN 715
88/126
-
8/2/2019 Do an Trien Khai VPN 715
89/126
B4 :
-
8/2/2019 Do an Trien Khai VPN 715
90/126
-
8/2/2019 Do an Trien Khai VPN 715
91/126
-
8/2/2019 Do an Trien Khai VPN 715
92/126
-
8/2/2019 Do an Trien Khai VPN 715
93/126
-
8/2/2019 Do an Trien Khai VPN 715
94/126
Cu hnh Router_SaiGon ta lm tng tnh cu hnh Router_DaLat , nhng mt sbc th ta nhp IP l min ca chi nhnh DaLat v user ca Router_DaLat to .
-
8/2/2019 Do an Trien Khai VPN 715
95/126
Gichng ta connect t chi nhnh Da Lat ti chi nhnh SaiGon .
-
8/2/2019 Do an Trien Khai VPN 715
96/126
Hng dn :Ch : Web Server mnh cu hnh bi trc nn khng cu hnh li na .
Cu hnh ISA Server : Jon ISA Server vo Domain Controller ri logon vo ISA Server bngquyn Administrator ca Domain Controller ri mi ci t ISA 2006 .
-
8/2/2019 Do an Trien Khai VPN 715
97/126
B1 : Chy file Setup.exe
-
8/2/2019 Do an Trien Khai VPN 715
98/126
-
8/2/2019 Do an Trien Khai VPN 715
99/126
-
8/2/2019 Do an Trien Khai VPN 715
100/126
-
8/2/2019 Do an Trien Khai VPN 715
101/126
Ci t xong ISA 2006
B2 : Thit lp li min IP ta lm nh sau :Mchng trnh ISA -> Click tn Server -> Configuration -> Network-> Click
chut Internal -> Properties -> Address -> Click dy IP -> chn Edit -> Nhp li dyIP theo chnh 192.168.2.0 -> 192.168.2.255 -> OK.
-
8/2/2019 Do an Trien Khai VPN 715
102/126
Cu hnh cho php bn trong mng ni b truy cp internet : B1 : Right click vo Firewall Policy -> chn New -> Access Rule
-
8/2/2019 Do an Trien Khai VPN 715
103/126
-
8/2/2019 Do an Trien Khai VPN 715
104/126
-
8/2/2019 Do an Trien Khai VPN 715
105/126
-
8/2/2019 Do an Trien Khai VPN 715
106/126
-
8/2/2019 Do an Trien Khai VPN 715
107/126
-
8/2/2019 Do an Trien Khai VPN 715
108/126
cu hnh xong , gicc my bn trong mng c th truy cp internet .
-
8/2/2019 Do an Trien Khai VPN 715
109/126
Cu hnh cho php VPN Client connect vao mng ni b : B1 : Cu hnh my Domain Controller : Windows Server 2003 SP2
+ To OU Remote Access . Tong OU Remote Access , to goup VNP_Users .+ Ta s to cc User s dng VPN nm trong OU ny nhm thun tin cho vic
qun l .+ Add cc users vo group VPN_Users .+ Cho cc user quyn Allow Access trong phn Dial in .
B2 : Cu hnh VPN Client to Gateway ti ISA Server .+ Click chut phi vo Virtual Private Network-> chn Properties .
-
8/2/2019 Do an Trien Khai VPN 715
110/126
B3 : Trong hp thoi Virtual Private Network-> chn tab Address Assignment ->chn Static address pool -> nhn Add -> Nhp vo IP range s cp cho Client . Startingaddress : 10.10.1.1 ; Ending address : 10.10.1.254 . -> nhn OK-> Apply .
-
8/2/2019 Do an Trien Khai VPN 715
111/126
B4 : Trong ca sISA Server Management , ti khung Task-> ClickEnable VPNClient Access - > Nhn chn Apply-> OK.
-
8/2/2019 Do an Trien Khai VPN 715
112/126
B5 : Click vo Configure VPN Client Accessqui nh group c php kt ni VPN
- Trong hp thoi VPN Client Properties -> chn tab Group -> Add vo group VPN_Users
-
8/2/2019 Do an Trien Khai VPN 715
113/126
B6 : To access rule cho php kt ni VPN ti ISA Server .
-
8/2/2019 Do an Trien Khai VPN 715
114/126
-
8/2/2019 Do an Trien Khai VPN 715
115/126
-
8/2/2019 Do an Trien Khai VPN 715
116/126
cu hnh xong VPN to Gateway trn my ISA Server .Gisang my VPN Client to connect th chng ta sc kt qunh hnh di .
-
8/2/2019 Do an Trien Khai VPN 715
117/126
Gichng tao cu hnh Publishing Server cho php bn ngoi ( VPN Client ) c th sdng cc dch v( Web server , Ftp , ..) c cung cp trong mng ni b .Ch : my Web Serve mnh cu hnh web server v dch v DNS vi Forward LookupZone tn min : www.vietson.com.vn bi lab trc nn gimnh ch s dng li chkhng cu hnh na nh ^_^ .
B1 : Cu hnh Listening Web trn cng Wan ca ISA Server .- Mchng trnh ISA Management- Trong phn Network Objects -> Click chut phi vo Web Listening -> chn
New Listener
B2 :
-
8/2/2019 Do an Trien Khai VPN 715
118/126
-
8/2/2019 Do an Trien Khai VPN 715
119/126
-
8/2/2019 Do an Trien Khai VPN 715
120/126
B3 : Tip theo ta cu hnh Publishing Website www.vietson.com.vn
-
8/2/2019 Do an Trien Khai VPN 715
121/126
-
8/2/2019 Do an Trien Khai VPN 715
122/126
-
8/2/2019 Do an Trien Khai VPN 715
123/126
-
8/2/2019 Do an Trien Khai VPN 715
124/126
B5 : Cu hnh bn my VPN Client- MMy Computer -> vo th mc C:\WINDOWS\system32\drivers\etc -> m
file Hosts bng Notepad v chn thm dng nh sau .
- Close v Save file Hosts li .- Gimchng trnh Internet Explore nh http://www.vietson.com.vn ta s truy cp
thnh cng vo Web Server ca mng ni b .
-
8/2/2019 Do an Trien Khai VPN 715
125/126
Vy l mnh cu hnh xong dch v VPNkt hp ISA 2006 .
-
8/2/2019 Do an Trien Khai VPN 715
126/126