Scribd Logo
Upload

Welcome to Scribd!

  • Chia VLAN bằng IPSEC

    Uploaded by

    Thien Phuc
    4 views15 pages

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    DOC, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as DOC, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    4 views15 pages

    Chia VLAN bằng IPSEC

    Uploaded by

    Thien Phuc

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as DOC, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 15

    Chia VLAN bng IPSEC

    VLAN (Virtual LAN) l gii php dng cch ly cc my tnh trong mt mng ni b cng cm chung vo mt Switch.Chc nng ny c mt s loi Switch cao cp nhng trong thc t, khng phi c.ty no cng trang b c mt SW c h tr VLAN. Khi chng ta khng c mt SW c chc nng VLAN th vic s dng IPSec l gii php ti u v hiu qu nht! Thng thng, h iu hnh XP/2000/2003 dng giao thc TCP port 139 & port 445 trao i ti nguyn trn my.Nh vy, ta ch cn to Policy lc 2 port ny l c th c th cch ly cc my v nhau. Bi LAB ny thc hin theo nhu cu thc t sau y : Gi s c.ty bn c 2 phng ban Lp Trnh & Kinh Doanh.Yu cu t ra l lm th no Phng Lp Trnh v Phng Kinh Doanh khng th truy cp ln nhau. thc hin yu cu trn,chng ta cn lm cc phn sau: Phn I: Khi to Phn II:Sao chp IP Security Policy ---------------------------------------------v cu hnh IP Secutity Policy mu

    Phn I: Khi to v cu hnh IP Secutity Policy mu Thc hin trn my phng Lp Trnh Bc 1: Chn Start, Run v g MMC -> Enter Bc 2: Trong ca s Console1, chn File, ri chn Add/Remove Snap-in

    Bc 3: Trong hp thoi tip theo, nhn Add. Trong hp thoi Add Stanalone Snap-in, chn IP Security Policy Management ri nhn Add

    Bc 4: Trong hp thoi Select Computer or Domain ta chn Local computer, nhn Finish.

    Bc 5: Tip tc nhn Finish -> Close -> OK Bc 6: Nhn phi chut vo IP Security Policies on Local Computer, chn Create IP Security Policy. Nhn Next tip tc.

    Bc 7: Tip theo, g tn ca Policy cn to, nhn Next

    ->Chn Activate the default response rule, nhn Next. Bc 8:Ti ca s Default Response Rule Authentication Method, chn Use this string to protect the key exchange (preshared key) v g vo "1234" , Nhn Next

    Bc 9: Chn Edit properties, nhn Finish

    Bc 10: Trong hp thoi "Filter Port 445 v 139", b du check mc ,nhn Add. Tip tc, bn chn Next v chn This rule does not specify a tunnel.

    Nhn Next, chn All Connection, ri nhn Next

    Bc 11: Chn Use this string to protect the key exchange (preshared key) v g vo "1234". Nhn Next tip tc..

    Nhn Add -> Next

    Trong hp thoi IP Filter List, bn chn Add. Ti mc name, bn g vo tn ca danh sch -> nhn Add -> Next -> Next tip tc.

    Bc 12: Trong hp thoi IP Filter Wizard, Description g vo: "Port 445 Out". Nhn Next tip tc. Bc 13: Ti mc IP Traffic Source Address, chn My IP Address. Nhn Next tip tc.

    Ti mc IP Traffic Destination Address bn chn Any IP Address. Nhn Next tip tc.

    Ti mc Select a protocol type, chn TCP. Nhn Next tip tc.

    Ti mc hp thoi IP Protocol Port , chn To This Port v g vo gi tr 445.

    Nhn Next ri Finish hon tt.

    Bc 14:Thc hin li t bc 11 n bc 13 thm 3 ln na vi cc thng s sau Ln 1: * Descripton : Port 445 In * Source Address : My IP Address * Destination Address: Any IP Address

    * Protocol Type: TCP * IP Protocol Port: From This Port 445 Ln 2: * Descripton: Port 139 Out * Source Address: My IP Address * Destination Address: Any IP Address * Protocol Type: TCP * IP Protocol Port: To This Port :139 Ln 3: * Descripton: Port 139 In * Source Address: My IP Address * Destination Address: Any IP Address * Protocol Type: TCP * IP Protocol Port: Chn From this port : 139

    Nhn OK Bc 15: Trong hp thoi Security Rile Wizard, chn Filter Port 445 & 139. Nhn Next tip tc.

    Bc 16: Ti hp thoi Filter Action ta chn mc Require Security. ->chn Edit

    Bc 17: Trong hp thoi Require Security Properties, chn mc Use session key perfect forward secrecy (PFS). Nhn OK

    Bc 18: Trong hp thoi Authentication Method, chn Use this string to protect the key exchange (preshared key) v g vo "1234". Nhn Next -> Finish ** Bn c th dung bt c gi tr no cng c, nhng cc my trong cng mt phng ban th gi tr phi ging nhau! Bc 19:Trong hp thoi Edit Rule Properties, chn mc "Filter Port 445 & 139" ,nhn Apply -> OK . Bc 20: Nhn phi chut vo mc IP Security Policy va to (Filter Port 445 & 139), chn Assign.

    Phn II:Sao chp IP Security Policy


    cu hnh cho cc my cn li th ta phi tin hnh theo tun t t bc 1 -> bc 20 : mt cng vic tht tn thi gian. Hin ti, ta cu hnh xong my mu, gi ta ch cn copy cu hnh ca my ny cho cc my cn li. ***Thc hin trn my phng Lp Trnh Bc 1: Sao lu cu hnh mu: Nhp chut phi vo IP Security., chn ALL Task -> Export Policies

    Chn ni lu, g vo IPSec-VLAN -> Save

    Bc 2: Copy file IPSec-VLAN lu sang my mi: Thc hin li t bc 1 -5 trong phn I, sau Nhp chut phi vo IP Security., chn ALL Task -> Import Policies v chn File IPSec-VLAN.

    ->Chn Assign cho Policy Filter Port 445 & 139 va Import trn ****** cc my trong cng mt phng ban th cc bn khng cn phi chnh sa g trn Policy copy. Thc hin trn my phng Kinh Doanh Cc bn copy file IPSec-VLAN t my Lp Trnh sang Kinh Doanh: Thc hin li t bc 1 -2 trong phn II, sau chnh sa gi tr preshared key

    Ti th Authentication Methods, nhp vo preshared key-> chn Edit

    Sa gi tr preshared key:

    Nhn OK--------------- > sau Assign cho Policy Filter Port 445 & 139 ti phng Kinh Doanh. Sao lu policy ti phng kinh doanh v chp cho cc my khc trong cng phng! Gi th 2 phng ban Lp Trnh & Kinh Doanh khng th truy xut ti nguyn ca nhau d cm chung vo mt SW !

    You might also like