Professional Documents
Culture Documents
VLAN (Virtual LAN) l gii php dng cch ly cc my tnh trong mt mng ni b cng cm chung vo mt Switch.Chc nng ny c mt s loi Switch cao cp nhng trong thc t, khng phi c.ty no cng trang b c mt SW c h tr VLAN. Khi chng ta khng c mt SW c chc nng VLAN th vic s dng IPSec l gii php ti u v hiu qu nht! Thng thng, h iu hnh XP/2000/2003 dng giao thc TCP port 139 & port 445 trao i ti nguyn trn my.Nh vy, ta ch cn to Policy lc 2 port ny l c th c th cch ly cc my v nhau. Bi LAB ny thc hin theo nhu cu thc t sau y : Gi s c.ty bn c 2 phng ban Lp Trnh & Kinh Doanh.Yu cu t ra l lm th no Phng Lp Trnh v Phng Kinh Doanh khng th truy cp ln nhau. thc hin yu cu trn,chng ta cn lm cc phn sau: Phn I: Khi to Phn II:Sao chp IP Security Policy ---------------------------------------------v cu hnh IP Secutity Policy mu
Phn I: Khi to v cu hnh IP Secutity Policy mu Thc hin trn my phng Lp Trnh Bc 1: Chn Start, Run v g MMC -> Enter Bc 2: Trong ca s Console1, chn File, ri chn Add/Remove Snap-in
Bc 3: Trong hp thoi tip theo, nhn Add. Trong hp thoi Add Stanalone Snap-in, chn IP Security Policy Management ri nhn Add
Bc 4: Trong hp thoi Select Computer or Domain ta chn Local computer, nhn Finish.
Bc 5: Tip tc nhn Finish -> Close -> OK Bc 6: Nhn phi chut vo IP Security Policies on Local Computer, chn Create IP Security Policy. Nhn Next tip tc.
->Chn Activate the default response rule, nhn Next. Bc 8:Ti ca s Default Response Rule Authentication Method, chn Use this string to protect the key exchange (preshared key) v g vo "1234" , Nhn Next
Bc 10: Trong hp thoi "Filter Port 445 v 139", b du check mc ,nhn Add. Tip tc, bn chn Next v chn This rule does not specify a tunnel.
Bc 11: Chn Use this string to protect the key exchange (preshared key) v g vo "1234". Nhn Next tip tc..
Trong hp thoi IP Filter List, bn chn Add. Ti mc name, bn g vo tn ca danh sch -> nhn Add -> Next -> Next tip tc.
Bc 12: Trong hp thoi IP Filter Wizard, Description g vo: "Port 445 Out". Nhn Next tip tc. Bc 13: Ti mc IP Traffic Source Address, chn My IP Address. Nhn Next tip tc.
Ti mc IP Traffic Destination Address bn chn Any IP Address. Nhn Next tip tc.
Bc 14:Thc hin li t bc 11 n bc 13 thm 3 ln na vi cc thng s sau Ln 1: * Descripton : Port 445 In * Source Address : My IP Address * Destination Address: Any IP Address
* Protocol Type: TCP * IP Protocol Port: From This Port 445 Ln 2: * Descripton: Port 139 Out * Source Address: My IP Address * Destination Address: Any IP Address * Protocol Type: TCP * IP Protocol Port: To This Port :139 Ln 3: * Descripton: Port 139 In * Source Address: My IP Address * Destination Address: Any IP Address * Protocol Type: TCP * IP Protocol Port: Chn From this port : 139
Nhn OK Bc 15: Trong hp thoi Security Rile Wizard, chn Filter Port 445 & 139. Nhn Next tip tc.
Bc 17: Trong hp thoi Require Security Properties, chn mc Use session key perfect forward secrecy (PFS). Nhn OK
Bc 18: Trong hp thoi Authentication Method, chn Use this string to protect the key exchange (preshared key) v g vo "1234". Nhn Next -> Finish ** Bn c th dung bt c gi tr no cng c, nhng cc my trong cng mt phng ban th gi tr phi ging nhau! Bc 19:Trong hp thoi Edit Rule Properties, chn mc "Filter Port 445 & 139" ,nhn Apply -> OK . Bc 20: Nhn phi chut vo mc IP Security Policy va to (Filter Port 445 & 139), chn Assign.
Bc 2: Copy file IPSec-VLAN lu sang my mi: Thc hin li t bc 1 -5 trong phn I, sau Nhp chut phi vo IP Security., chn ALL Task -> Import Policies v chn File IPSec-VLAN.
->Chn Assign cho Policy Filter Port 445 & 139 va Import trn ****** cc my trong cng mt phng ban th cc bn khng cn phi chnh sa g trn Policy copy. Thc hin trn my phng Kinh Doanh Cc bn copy file IPSec-VLAN t my Lp Trnh sang Kinh Doanh: Thc hin li t bc 1 -2 trong phn II, sau chnh sa gi tr preshared key
Sa gi tr preshared key:
Nhn OK--------------- > sau Assign cho Policy Filter Port 445 & 139 ti phng Kinh Doanh. Sao lu policy ti phng kinh doanh v chp cho cc my khc trong cng phng! Gi th 2 phng ban Lp Trnh & Kinh Doanh khng th truy xut ti nguyn ca nhau d cm chung vo mt SW !