Lab Thuc Hanh Isa 2006 Toan Tap Phan 4 43

ATHENA INTERNATIONAL
NETWORK ADMINISTRATION & SECURITY TRAINING

-----------------------------------------------------------------------------
Add: 02 Bis Dinh Tien Hoang Street, Dakao Ward, District 1, HCM
Tel: (08) 3824 4041 - Hotline: 090 7879 477
E-mail: training@athenavn.com - Website: www.athena.edu.vn
Phn 5 : VPN
VPN (Virtual Private Network) l gii php hu hiu kt ni cc h thng mng
ca doanh nghip c nhiu chi nhnh v v tr a l xa nhau, hoc doanh nghip ca bn c
nhiu nhn vin phi thng xuyn i cng tc xa v h cos nhu cu truy cp vo ti nguyn
mng ni b.
ISA Server c kh nng cu hnh thnh mt VPN Server cho php Clients t xa truy cp
(Client to Site) hoc cu hnh lm mt Gateway kt ni n mt h thng chi nhnh (Site
to Site). VPN Server ca chi nhnh c khuyn co nn l mt ISA Server , nhng thc t
th ISA Server c th kt ni VPN rt tt vi cc thit b VPN ca cc hng khc.
Clients hoc VPN Server khi quay VPN vo ISA Server s c cp mt a ch IP

Private s dng trong VPN Tunnel. ISA v Clients s s dng a ch IP ny cho phn
Routing trn VPN. Private IP c cp pht c th ly t DHCP Server hoc ly t dch v
Routing and Remote Access trn Windows 2003.
ISA Server thc ra s dng dch v Routing and Remote Access ca Windows 2003 lm
VPN v Routing, ngai ra ISA Server c thm nhng phn Filtering v Application Filter .
Trn ISA Server, IP Address Pool c quy nh l mt khang a ch IP. a ch IP
u tin c ISA Server s dng cho chnh mnh khi bt tnh nng VPN trn ISA Server ln.
Nhng a ch IP tip theo s cp pht cho Clients hoc VPN Server khi quay VPN vo ISA
Server.
Thc hin : V Anh Duy
Lu hnh ni b
Trang : 151

-----------------------------------------------------------------------------
Tel: (08) 3824 4041 - Hotline: 090 7879 477
Khang a ch IP cp pht ny khng c trng Network ID vi bt k lp mng no

ca ISA Server hoc trong tan h thng Routing. Nu trng Network gia cc lp mng,
ISA Server v Router khng th Routing c v b Overlap Destination. iu ny cng s
p dng cho 2 ISA Server quay VPN vi nhau theo m hnh Site to Site.
M hnh minh ha VPN Clients to site v Site to Site :
1. Cu hnh VPN Client to Site :

cu hnh cp pht IP cho VPN Clients, vo ISA Server Management Console. Chn
mc Virtual Private Network
Chn mc Verify VPN Properties and Remote Access Cniguration, chn Tab Address
Assignment
Thc hin : V Anh Duy
Lu hnh ni b
Trang : 152

-----------------------------------------------------------------------------
Tel: (08) 3824 4041 - Hotline: 090 7879 477
y ta khng s dng DHCP cp Ip cho clients. Chn Use Static Address Pool, nhn
Add thm khang IP vo Pool.
Khang IP bt u t 172.30.1.1 n 172.30.1.50 h tr cho 49 Clients kt ni vo ISA
Server bng VPN. Nhn Ok v kim tra khang IP .
Tip theo ta chn Tab Authentication. Check mc Microsoft Encrypted authentication (

MS-CHAP )
Thc hin : V Anh Duy
Lu hnh ni b
Trang : 153

-----------------------------------------------------------------------------
Tel: (08) 3824 4041 - Hotline: 090 7879 477
M Computer Managemet, chn mc Local Users and Groups. Mc User, chn New
User . To User c tn l VPN1/123abc!!!
Chut phi vo user VPN1 chn Properties. Chn Tab Dial-in. Mc Remote Access
Permission chn Allow Access
Thc hin : V Anh Duy
Lu hnh ni b
Trang : 154

-----------------------------------------------------------------------------
Tel: (08) 3824 4041 - Hotline: 090 7879 477
Phi cht vo Groups chn New Group
Group Name g VPN Clients. Nhn Add thm Member vo Group ny
Thc hin : V Anh Duy
Lu hnh ni b
Trang : 155

-----------------------------------------------------------------------------
Tel: (08) 3824 4041 - Hotline: 090 7879 477
Ti ISA Server Management Console, Chn mc Virtual Private Network. Chn mc

Specify Window Users or Select a Radius Server
Thc hin : V Anh Duy
Lu hnh ni b
Trang : 156

-----------------------------------------------------------------------------
Tel: (08) 3824 4041 - Hotline: 090 7879 477
Giao din VPN Clients Properties, ti Tab Groups nhn Add . Nhp vo nhm to.
Chuyn qua tab General. Check vo Enable VPN Client Access. S lng Clients l 40.
Nhn Apply v Ok.
Thc hin : V Anh Duy
Lu hnh ni b
Trang : 157

-----------------------------------------------------------------------------
Tel: (08) 3824 4041 - Hotline: 090 7879 477
Vo mc Network Rules trn ISA Management Console
Chn Tab Network Rules v ch Rule VPN Clients to Internal Network c mi quan h
l kiu Route .
VPN Clients v External s s dng NAT giao tip vi nhau .
Thc hin : V Anh Duy
Lu hnh ni b
Trang : 158

-----------------------------------------------------------------------------
Tel: (08) 3824 4041 - Hotline: 090 7879 477
Ch : ta cn phi to thm 1 Access Rule ti mc Firewall Policy cho php VPN Client
c php truy cp vo mng Internal .
Tip theo ta cu hnh cho my internet kt ni VPN, vo Network Connections v chn

Create New Connection
Thc hin : V Anh Duy
Lu hnh ni b
Trang : 159

-----------------------------------------------------------------------------
Tel: (08) 3824 4041 - Hotline: 090 7879 477
Giao din Welcome nhn Next .

Chn mc Connect to a Network at my workplace
Mc Network Connection, chn Virtual Private Network Connection
Thc hin : V Anh Duy
Lu hnh ni b
Trang : 160

-----------------------------------------------------------------------------
Tel: (08) 3824 4041 - Hotline: 090 7879 477
Mc Company Name nhp tn : athena .
Nhn Next. Mc VPN Server Selection nhp Ip ng card WAN ca my ISA
Thc hin : V Anh Duy
Lu hnh ni b
Trang : 161

-----------------------------------------------------------------------------
Tel: (08) 3824 4041 - Hotline: 090 7879 477
Kim tra li v nhn Finish .
Phi chut vo Connection mi to chn Connect
Thc hin : V Anh Duy
Lu hnh ni b
Trang : 162

-----------------------------------------------------------------------------
Tel: (08) 3824 4041 - Hotline: 090 7879 477
Giao din Connection, nhp Username/Password l vpn1/123abc!!!
Kim ta kt ni.
Thc hin : V Anh Duy
Lu hnh ni b
Trang : 163

-----------------------------------------------------------------------------
Tel: (08) 3824 4041 - Hotline: 090 7879 477
Bn c th tham kho video demo theo link sau :

http://www.mediafire.com/?zd1c7a4bjl59m
Chng ta s xy dng kt ni VPN Client to Site s dng L2TP, RADIUS tp 2.
Thc hin : V Anh Duy
Lu hnh ni b
Trang : 164

-----------------------------------------------------------------------------
Tel: (08) 3824 4041 - Hotline: 090 7879 477
2. Cu hnh VPN Site to Site :

Ta c m hnh gi sau :
Net 172.16.1.0/24
Client 1
Net 192.168.0.0/24
ISA 1
Net 10.10.10.0/24
ISA2
Client 2
M hnh trn c thit lp sn v c m t li nh sau :
M hnh trn s dng 4 my o VMWare gm c : Client 1, Client 2, ISA1, ISA2 .
My ISA 1 : c ci bn ISA standard, my c 2 card mng, 1 card thit lp

ch bridge (net 192.168.0.0/24), 1 card thit lp l host only ( Vmnet2 ).
My Client 1 : s dng 1 card v ni vi my ISA1 thng qua ( Vmnet2 ).
My ISA 2 : ci bn ISA enterprise, my c 2 card mng, 1 card l ch bridge

(net 192.168.0.0/24), 1 card l host only ( Vmnet3 ).
My Client 2 : my c 1 card v ni vi my ISA2 qua (Vmnet3 ).
Tip theo ta s cu hnh theo cc bc sau :

Trn my ISA 1 : to user : vpn2 cp quyn allow dial-in .
VPN 1 Properties
Thc hin : V Anh Duy
Lu hnh ni b
Trang : 165

-----------------------------------------------------------------------------
Tel: (08) 3824 4041 - Hotline: 090 7879 477
Ti ISA Management Console , mc Virtual Private Network, chuyn qua tab Remote
Site, ta to 1 connection tn : VPN2, ri nhn Next .
Mc VPN Protocol, chn PPTP
Thc hin : V Anh Duy
Lu hnh ni b
Trang : 166

-----------------------------------------------------------------------------
Tel: (08) 3824 4041 - Hotline: 090 7879 477
Tip theo, nu ta cha thit lp sn dy IP cp cho Client khi quay VPN vo, th s xut
hin giao din Local Network VPN Setting, ta gn dy : 192.168.100.1 - 192.168.100.254
Nhn Ok, ri Next. Giao din Remote Site Gateway, ta nhp a ch my ca my ISA2 .
Thc hin : V Anh Duy
Lu hnh ni b
Trang : 167

-----------------------------------------------------------------------------
Tel: (08) 3824 4041 - Hotline: 090 7879 477
Giao din Remote Authentication, in user VPN2 v pass, user ny c to bn my

ISA2 .
Giao din Network Address, ta nhp dy IP internal ca bn pha my ISA2 qun l

(VMNet3).
Thc hin : V Anh Duy
Lu hnh ni b
Trang : 168

-----------------------------------------------------------------------------
Tel: (08) 3824 4041 - Hotline: 090 7879 477
Giao din Site to Site Network Rule, yu cu ta to 1 Network rule name v s route vi
ng mng Internal. y chnh l im khc so vi phin bn ISA 2004.
Giao din Site to Site Network Access Rule, yu cu ta to 1 access rule cho php traffic
VPN giao tip vi mng Internal. Ta tn mc nh v chn All outbound Traffic .
Thc hin : V Anh Duy
Lu hnh ni b
Trang : 169

-----------------------------------------------------------------------------
Tel: (08) 3824 4041 - Hotline: 090 7879 477
Nhn Next, kim tra li cc thng s ri nhn Finish kt thc. S c thng bo hin ra nhc
nh ta phi kim tra li : User c cp quyn dial-in hay cha ?, Network rule nh ngha cha?,
Access rule to cha ?. Tip theo ta bt VPN client access .
Chn mc Select Access network, check thm kt ni VPN 2 to .
Thc hin : V Anh Duy
Lu hnh ni b
Trang : 170

-----------------------------------------------------------------------------
Tel: (08) 3824 4041 - Hotline: 090 7879 477
Chn mc Networks, tab networks ta xem li ng mng internal ca my ISA1 qun l.
Qua tab Network rules, kim tra li mi quan h gia traffic VPN2 v mn Internal .
Thc hin : V Anh Duy
Lu hnh ni b
Trang : 171

-----------------------------------------------------------------------------
Tel: (08) 3824 4041 - Hotline: 090 7879 477
Mc Firewall Policy, kim tra li xem c Access rules cho php traffic VPN2 giao tip vi
mng Internal bn ISA1 khng ?
Ti my ISA 2 : tng t to user : vpn1 ( allow dial-in ) .
Thc hin : V Anh Duy
Lu hnh ni b
Trang : 172

-----------------------------------------------------------------------------
Tel: (08) 3824 4041 - Hotline: 090 7879 477
To connection tn : VPN1
VPN Protocol ta chn loi PPTP .
Thc hin : V Anh Duy
Lu hnh ni b
Trang : 173

-----------------------------------------------------------------------------
Tel: (08) 3824 4041 - Hotline: 090 7879 477
Mc Local Network VPN Setting, nhp dy IP cp cho traffic pha bn ISA 1 kt ni vo :

192.168.200.1 - 192.168.200.254 .
Mc Remote authentication, nhp user VPN2 to bn my ISA1 .
Thc hin : V Anh Duy
Lu hnh ni b
Trang : 174

-----------------------------------------------------------------------------
Tel: (08) 3824 4041 - Hotline: 090 7879 477
Giao din Network Address, ta add Range internal bn nhm my ISA 1 .
Giao din remote NLB, khng s dng Network balancing, nhn Next .
Thc hin : V Anh Duy
Lu hnh ni b
Trang : 175

-----------------------------------------------------------------------------
Tel: (08) 3824 4041 - Hotline: 090 7879 477
Giao din Site to Site Network Rule, kim tra li v nhn Next .
Giao din Site to Site Access Rule , chn All Outbound Protocol, nhn Next tip tc .
Thc hin : V Anh Duy
Lu hnh ni b
Trang : 176

-----------------------------------------------------------------------------
Tel: (08) 3824 4041 - Hotline: 090 7879 477
Bt VPN client access
Add thm mng vpn 1 mi to
Thc hin : V Anh Duy
Lu hnh ni b
Trang : 177

-----------------------------------------------------------------------------
Tel: (08) 3824 4041 - Hotline: 090 7879 477
Kim tra li Network rule
Tab Network
Thc hin : V Anh Duy
Lu hnh ni b
Trang : 178

-----------------------------------------------------------------------------
Tel: (08) 3824 4041 - Hotline: 090 7879 477
Kim tra li Access rule
Ti my ISA 1 : vo RRAS kim tra, thy c kt ni
Thc hin : V Anh Duy
Lu hnh ni b
Trang : 179

-----------------------------------------------------------------------------
Tel: (08) 3824 4041 - Hotline: 090 7879 477
Ti my Client1: thc hin lnh ping n my Client 2
Ti my ISA 2 : vo RRAS kim tra, thy c kt ni
Thc hin : V Anh Duy
Lu hnh ni b
Trang : 180

-----------------------------------------------------------------------------
Tel: (08) 3824 4041 - Hotline: 090 7879 477
Ti my Client 2 : thc hin lnh ping n my Client 1
* Nh vy, vi nhng bc cu hnh nh trn th chng ta c th cu hnh cc kt ni

VPN dng Clients to Site hay Site to Site.
Ta thy phin bn ISA 2006, khi cu hnh kt ni VPN th Network Rule v

Access Rule c phn la chn ta c th to sn lun cc rule ny. Cn ISA
2004 th sau khi to kt ni VPN th ta phi nh ngha tip 2 i tng ny.
Ta phi cn nhc khi thit lp Network Rule th mi quan h gia cc ng mng

l Route hay l NAT cho hp l . Chnh v ISA 2006 c phn la chn cho ta to
sn i tng ny, nn chng ta thng t quan tm. iu ny dn n kt qu l
ta s mp m khi phi l h thng mng c nhiu ng mng khc nhau. Thng
thng i vi cc mng s dng Private IP giao tip vi nhau th ta nn xt l
Route .
Thc hin : V Anh Duy
Lu hnh ni b
Trang : 181

-----------------------------------------------------------------------------
Tel: (08) 3824 4041 - Hotline: 090 7879 477
Cn khi mi quan h l Public Ip v Private Ip th ta xt l NAT. Chng hn nh

VPN Clients vi Internal s s dng kiu i l Route v cng lai IP Private.
VPN Clients v External s s dng NAT giao tip vi nhau v ra Internet

phi
s dng Public IP. Private IP c NAT thnh Public IP giao tip vi
Internet .
Mt im lu na l khi ta to kt ni VPN dng Clients to Site, th ta phi t

i to thm 1 Access Rule cho traffic VPN t ngoi truy cp vo mng Internal.
V khng c la chn to sn cho i tng ny.
Thc hin : V Anh Duy
Lu hnh ni b
Trang : 182

-----------------------------------------------------------------------------
Tel: (08) 3824 4041 - Hotline: 090 7879 477
Bn c th tham kham kho Video demo theo link sau :

http://tailieu.athena.edu.vn/Microsoft/Video%2070-351/LAB%208%20%20VPN%20SERVER/
Hoc :
http://www.mediafire.com/?a1c7tbct8wmhp
phn tip theo chng ta s tm hiu v chng nng Cahing trn ISA, mt tnh nng ni tri so vi
cc Firewall phn cng khc .
Thc hin : V Anh Duy
Lu hnh ni b
Trang : 183

-----------------------------------------------------------------------------
Tel: (08) 3824 4041 - Hotline: 090 7879 477
Phn 6 : CACHING
Trc khi i vo phn ny, chng ta s tm hiu v Proxy v Proxy Server .
Proxy l mt Internet server lm nhim v chuyn tip thng tin v kim sot to s an
ton cho vic truy cp Internet ca cc my khch, cn gi l Clients s dng dch v
internet. Trm ci t proxy gi l proxy server. Proxy hay trm ci t proxy c a ch IP
v mt cng truy cp c nh. V d: 123.234.111.222:80. a ch IP ca proxy trong v d l
123.234.111.222 v cng truy cp l 80.
Mt s chc nng ca proxy :
Gip nhiu my tnh truy cp Internet thng qua mt my tnh vi ti khon truy cp
nht nh.
S dng Proxy, cng ty c th cm nhn vin truy cp nhng a ch web khng cho
php.
Ci thin tc truy cp nh s lu tr cc b cc trang web trong b nh ca proxy
server.
Giu nh danh a ch ca mng ni b gy kh khn cho vic thm nhp t bn
ngoi vo cc my ca cng ty .
Phi hp s dng proxy vi Firewall to ra mt b lc gi l firewall proxy nhm
ngn chn cc thng tin c hi hoc tri thun phong m tc i vi quc gia, chng
tc hay a phng .
Vi sn phm ISA Server th c mt tnh nng c o m t c lai Firewall phn cng

no c th snh kp, l cung cp tnh nng truy cp Internet vt tri (Internet
Acceleration). ISA Server c th c cu hnh thnh mt Proxy Server cha ni dung
Thc hin : V Anh Duy
Lu hnh ni b
Trang : 184

-----------------------------------------------------------------------------
Tel: (08) 3824 4041 - Hotline: 090 7879 477
trang web m cc Clients truy cp, ng thi Proxy Server cng c s dng lm
Firewall dng HTTP hoc FTP.
Trong phn ny ny chng ta s cu hnh cc i tng:
Proxy .
Caching Rule .
Scheduler Download Content .
C ch Cache gip ISA Server tng tc Internet khi User truy cp. Mi trang web i bng
HTTP hoc file i bng FTP c ISA Server Cache li (RAM hoc HDD). Khi c mt
Clients th 2 truy cp, ISA Server s s dng Cache sn c cung cp cho Clients.
ISA Server Cache trong RAM v sau chuyn xung b nh. Mc nh ISA Server s
dng 10% RAM cho vic Cache. Chng ta c th cu hnh li s phn trm RAM s dng
ny sau khi ci ISA Server.
Trong ln s dng sau, nu c Clients no truy cp vo ng trang web nm trong
Cache, ISA Server s ly ni dung t trong Cache ra.
Thc hin : V Anh Duy
Lu hnh ni b
Trang : 185

-----------------------------------------------------------------------------
Tel: (08) 3824 4041 - Hotline: 090 7879 477
ISA Server h tr Forward Caching cho Clients trong LAN truy cp Internet v
Reversed Caching cho Internet User truy cp vo Server trong LAN.
1. Thit lp Proxy :
Mc nh ISA Server l mt Proxy Server lng nghe trn Port 8080 nhng khng
Cache c nh li ni dung ca web trn cng m Cache vo RAM. Do , sau khi Server
khi ng li, nhng Cache ny s mt. cu hnh ISA Server thnh proxy, ta c th nh
li s Port m Proxy Server ang s dng (c th i thnh 3128 hoc 6667) v thit lp
lu tr Cache trn cng .
nh li Port ca Proxy Server ISA, ta vo ISA Server Management Console, chn
mc Configuration, tab Network, phi chut vo Network Internal v chn Properties
Chn tip tab Web Proxy, kim tra du check Enable HTTP Proxy Server, lng nghe trn
Port 8080. Ta c th i li port ny .
Thc hin : V Anh Duy
Lu hnh ni b
Trang : 186

-----------------------------------------------------------------------------
Tel: (08) 3824 4041 - Hotline: 090 7879 477
Chn mc Authentication cu hnh cc kiu chng thc i vi cc User s dng

Internet qua Proxy.
Thc hin : V Anh Duy
Lu hnh ni b
Trang : 187

-----------------------------------------------------------------------------
Tel: (08) 3824 4041 - Hotline: 090 7879 477
Cc Option trong mc ny thc ra khng cn thit, v ISA Server c c ch chng thc

bng Access Rule. Nu ta check Option Require all users to authenticate c th gy li cho
nhng session khng th cung cp Username/Password c nh Windows Update.
Microsoft khng khuyn co ngi dng chn Option ny. Khi quyt nh s dng
Option ny, th admin phi chc rng tt c cc traffic khi ra ngai Internet qua Proxy phi c
Username/Password. Kiu chng thc l Integrated s dng Username/Password ca
Windows chng thc.
Thit lp trn Client s dng ISA lm Proxy Server :
Mun s dng tnh nng Proxy th cc Clients (trnh duyt Web) phi h tr tnh nng
Cache. i vi IE th c th s dng Policy cu hnh v tt tnh nng cu hnh
Proxy trn IE ngi s dng khng th thay i thng s ty tin, c gii
thiu phn u. Cn Mozilla Firefox th iu ny l khng th v ch c th cu
hnh Manual trn tng Clients.
cu hnh Proxy trn IE, ta vo Menu chn Tools \ Internet Options \ Tab
Connection \ chn nt LAN Settings .
Chn Use a Proxy Server for your LAN, nhp a ch IP ca ISA Server vi Port
8080.
Chn Bypass proxy Server for local address cho php Clients khng s dng Proxy
Server khi truy cp cc Web Server nm trong mng LAN.
Thc hin : V Anh Duy
Lu hnh ni b
Trang : 188

-----------------------------------------------------------------------------
Tel: (08) 3824 4041 - Hotline: 090 7879 477
i vi Mozilla Firefox, ta vo Menu chn Tools \ Internet Option \ Chn Tab

Advanced, trong ca s Advanced tip tc chn Network v chn Settings
Tng t nhp thng s ca Proxy Server l a ch IP ca ISA Server vi Port 8080.
Thc hin : V Anh Duy
Lu hnh ni b
Trang : 189

-----------------------------------------------------------------------------
Tel: (08) 3824 4041 - Hotline: 090 7879 477
2. Thit lp dung lng lu tr cache trn cng

Vo ISA Server chn mc Configuration, chn mc Cache v ch mc Cache ang
trng thi Disable .
Trong ca s Task Pane chn Define Cache Drive .
Thc hin : V Anh Duy
Lu hnh ni b
Trang : 190

-----------------------------------------------------------------------------
Tel: (08) 3824 4041 - Hotline: 090 7879 477
Chn cng G: cha Cache, in dung lng cha vo mc Maximum cache size, ri
nhn Set
Chn OK , ch phn Cache tr thnh Enabled. Ri nhn Apply v Ok .
Thc hin : V Anh Duy
Lu hnh ni b
Trang : 191

-----------------------------------------------------------------------------
Tel: (08) 3824 4041 - Hotline: 090 7879 477
Mt s lu v Cahe :
Ni cha cache phi l a cc b (local drive) .
a cha cache phi c nh dng NTFS
Nn lu cache trn mt a vt l khc vi a h thng.
Sau khi xc lp dung lng cache, trn a D:\ ch nh s tn ti th mc
urlcache cha tp tin dir1.cdat c dung lng bng dung lng ch nh. y chnh l
tp tin cha ni dung cache. Tp tin cha ni dung cache ch c th c dung lng ti
a l 64 GB. Nu mun c dung lng cache ln hn, ta c th ch nh ng thi
nhiu a lun l .
Mc nh ISA khng h tr kh nng quan st v iu chnh ni dung cache. Tuy
nhin, Microsoft cung cp thm cng c "Cache Directory Tool for Internet Security
and Acceleration ISA Server". Bn c th ti theo link sau :
http://www.microsoft.com/downloads/details.aspx?familyid=b9ecfcd3-c13f-4447-83edadd9a8ea45db&displaylang=en
3. Thit lp dung lng RAM
Phi chut vo mc Cache trn ISA Server v chn Properties .
Thc hin : V Anh Duy
Lu hnh ni b
Trang : 192

-----------------------------------------------------------------------------
Tel: (08) 3824 4041 - Hotline: 090 7879 477
Chn Tab Advanced, nhn vo phn trm RAM s dng, mc nh ang l 10%, ta nhp l
60% . Mi i tng khi lu trn RAM ca ISA Server c dng lng khng qu 12,8KB.
Dung lng ny cng nh th tc truy cp cng nhanh v RAM x l s tt hn.
4. Thit lp Cache rule
Thc hin : V Anh Duy
Lu hnh ni b
Trang : 193

-----------------------------------------------------------------------------
Tel: (08) 3824 4041 - Hotline: 090 7879 477
Mc nh c Default Cache Rule cho php Cache li tan b cc ni dung i bng

HTTP v FTP qua ISA Server. Cho d Clients c s dng Proxy hay khng nhng ni dung
HTTP v FTP vn c lu li trn ISA Server nh vo Application Protocol Web Proxy
Filter.
Chc nng ca Cache Rule gip cho ISA Server c th Cache Web, ni dung Cache c
dung lng ti l bao nhiu, khi no th Cache v trang no khng cn Cache ni dung
to Cache Rule, chn Cache trong mc Configuration
Thc hin : V Anh Duy
Lu hnh ni b
Trang : 194

-----------------------------------------------------------------------------
Tel: (08) 3824 4041 - Hotline: 090 7879 477
Phi chut vo Cache chn Create a Caching Rule bn ca s Task Pane
Mc Name nhp : Cache all Microsoft Content
Nhn Next, mc Cache rule Destination xc nh i tng no s tc dng Rule ny.

Destination c th l mt Network, hoc c th l mt trang Web, Server IP nhn Add
thm Destination
Thc hin : V Anh Duy
Lu hnh ni b
Trang : 195

-----------------------------------------------------------------------------
Tel: (08) 3824 4041 - Hotline: 090 7879 477
Tip theo ta to mt Component URL Set vi ni dung l trang web ca Microsoft.com.

Chn Menu New v chn URL Set
Mc Name tn hin th l Microsoft Web Site v nhn Add, nhp URL http://microsoft.com
Thc hin : V Anh Duy
Lu hnh ni b
Trang : 196

-----------------------------------------------------------------------------
Tel: (08) 3824 4041 - Hotline: 090 7879 477
Nhn OK v bung URL Sets vo Microsoft Web Site trong phn Component
Thc hin : V Anh Duy
Lu hnh ni b
Trang : 197

-----------------------------------------------------------------------------
Tel: (08) 3824 4041 - Hotline: 090 7879 477
Nhn Close , kim tra Destination va thm. Nhn Next
Mc Content Retrieval quy nh thi gian ly Cache t Internet (Cache Retrieval). bo

m thng tin lun lun mi .
Only if a valid version of the object exists in cache. If no valid version exists,
route the request: ch cung cp ni dung lu tr cn hp l cho client. Nu ni dung
qu hn th ISA s truy cp web server ti v. Cu hnh ny bo m cho client c
c ni dung mi nht (trong mt thi hn nht nh.)
If any version of the object exists in cache. If none exists, route the request: cung
cp ni dung lu tr cho client bt k thi hiu. Ch khi khng c lu tr th mi ti
v. Cu hnh ny bo m cho client lun lun c c ni dung cn thit, bt k tnh
cp nht.
If any version of the object exists in cache. If none exists, drop the request: cung
cp ni dung lu tr cho client bt k thi hiu. Nu khng c lu tr th b qua yu
cu ca client. Ni mt cch khc, cu hnh ny ch cung cp ni dung lu tr sn cho
client, ISA khng bao gi truy cp web server theo yu cu ca client.
Thc hin : V Anh Duy
Lu hnh ni b
Trang : 198

-----------------------------------------------------------------------------
Tel: (08) 3824 4041 - Hotline: 090 7879 477
Nhn Next. Mc Cache Content quy nh ni dung no s c Cache. La chn mc nh

l cho ISA Server ly Cache v khng cn ly ni dung ca nhng Dynamic Web Site
(Logon Session)
Dynamic content: ni dung loi ny s thng xuyn thay i v v th c nh
du l khng th c cahe (not cacheable). Tuy nhin, nu chn phng thc ny
trong rule th ni dung ng s vn c lu cho d n c nh du l khng th
cache.
Content for offline browsing: ni dung c th truy cp khi khng kt ni n web
server. Nu chn phng thc ny trong rule th ISA s lu mi ni dung trang web,
k c phn c nh du l khng th cache.
Content requiring user authentication for retrieval: lu cc ni dung m trang web
yu cu chng thc trc khi cho php truy cp.
Nhn Next. Mc Cache Advanced Configuration ny mc nh s cho php ISA Server

Cache li nhng ni dung i bng SSL.
Thc hin : V Anh Duy
Lu hnh ni b
Trang : 199

-----------------------------------------------------------------------------
Tel: (08) 3824 4041 - Hotline: 090 7879 477
Nhn Next, mc HTTP Caching mc nh cho php ISA Server Cache ni dung ca HTTP
v thi gian TTL cho Cache l 1 ngy.
Nhn Next, mc FTP Caching cho php ISA Server Cache li ni dung ca i tng FTP
khi download t nhng trang web ca Microsoft.
Thc hin : V Anh Duy
Lu hnh ni b
Trang : 200

Lab Thuc Hanh Isa 2006 Toan Tap Phan 4 43

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Lab Thuc Hanh Isa 2006 Toan Tap Phan 4 43

Uploaded by

Copyright:

Available Formats

ATHENA INTERNATIONAL

NETWORK ADMINISTRATION & SECURITY TRAINING

Clients hoc VPN Server khi quay VPN vo ISA Server s c cp mt a ch IP

Thc hin : V Anh Duy

NETWORK ADMINISTRATION & SECURITY TRAINING

Khang a ch IP cp pht ny khng c trng Network ID vi bt k lp mng no

1. Cu hnh VPN Client to Site :

Thc hin : V Anh Duy

NETWORK ADMINISTRATION & SECURITY TRAINING

Tip theo ta chn Tab Authentication. Check mc Microsoft Encrypted authentication (

Thc hin : V Anh Duy

NETWORK ADMINISTRATION & SECURITY TRAINING

Thc hin : V Anh Duy

NETWORK ADMINISTRATION & SECURITY TRAINING

Phi cht vo Groups chn New Group

Group Name g VPN Clients. Nhn Add thm Member vo Group ny

Thc hin : V Anh Duy

NETWORK ADMINISTRATION & SECURITY TRAINING

Ti ISA Server Management Console, Chn mc Virtual Private Network. Chn mc

Thc hin : V Anh Duy

NETWORK ADMINISTRATION & SECURITY TRAINING

Nhn Apply v Ok.

Thc hin : V Anh Duy

NETWORK ADMINISTRATION & SECURITY TRAINING

Vo mc Network Rules trn ISA Management Console

VPN Clients v External s s dng NAT giao tip vi nhau .

Thc hin : V Anh Duy

NETWORK ADMINISTRATION & SECURITY TRAINING

Tip theo ta cu hnh cho my internet kt ni VPN, vo Network Connections v chn

Thc hin : V Anh Duy

NETWORK ADMINISTRATION & SECURITY TRAINING

Giao din Welcome nhn Next .

Mc Network Connection, chn Virtual Private Network Connection

Thc hin : V Anh Duy

NETWORK ADMINISTRATION & SECURITY TRAINING

Mc Company Name nhp tn : athena .

Nhn Next. Mc VPN Server Selection nhp Ip ng card WAN ca my ISA

Thc hin : V Anh Duy

NETWORK ADMINISTRATION & SECURITY TRAINING

Kim tra li v nhn Finish .

Phi chut vo Connection mi to chn Connect

Thc hin : V Anh Duy

NETWORK ADMINISTRATION & SECURITY TRAINING

Giao din Connection, nhp Username/Password l vpn1/123abc!!!

Thc hin : V Anh Duy

NETWORK ADMINISTRATION & SECURITY TRAINING

Bn c th tham kho video demo theo link sau :

Thc hin : V Anh Duy

NETWORK ADMINISTRATION & SECURITY TRAINING

2. Cu hnh VPN Site to Site :

M hnh trn c thit lp sn v c m t li nh sau :

M hnh trn s dng 4 my o VMWare gm c : Client 1, Client 2, ISA1, ISA2 .

My ISA 1 : c ci bn ISA standard, my c 2 card mng, 1 card thit lp

My Client 1 : s dng 1 card v ni vi my ISA1 thng qua ( Vmnet2 ).

My ISA 2 : ci bn ISA enterprise, my c 2 card mng, 1 card l ch bridge

My Client 2 : my c 1 card v ni vi my ISA2 qua (Vmnet3 ).

Tip theo ta s cu hnh theo cc bc sau :

Thc hin : V Anh Duy

NETWORK ADMINISTRATION & SECURITY TRAINING

Mc VPN Protocol, chn PPTP

Thc hin : V Anh Duy

NETWORK ADMINISTRATION & SECURITY TRAINING

Thc hin : V Anh Duy

NETWORK ADMINISTRATION & SECURITY TRAINING