1 / 51

Configure and Security Remote Acess.

Configure and Security Remote Acess. Chapter 8. Advance Computer Network Lecture Sorn Pisey Email: srnpisey@gmail.com 2012-2013. Introduction.

brownmartha
Télécharger la présentation

Configure and Security Remote Acess.

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Configure and Security Remote Acess. Chapter 8 Advance Computer Network Lecture Sorn Pisey Email: srnpisey@gmail.com 2012-2013

  2. Introduction • សំរាប់ក្រុមហ៊ុនដើម្បីផ្តល់នូវ Distributed workforce ហើយវាត្រូវតែអនុវត្តន៍នូវបច្ចេក​ទេស​ដែលអនុញ្ញាតិអោយ User ដែលធ្វើការងារនៅខាងក្រៅភ្ជាប់មកក្រុមហ៊ុនដើម្បីភ្ជាប់ Network បាន បច្ចេកទេសទាំងនេះរូមមាន Virtual Private Network (VPN) និង DirectAccess ។​ អ្នកគូរតែយល់ដឹងពីររបៀបឡើង និងសុវត្ថភាពរបស់ Remote Access Client ដោយការប្រើ Network Policies ។

  3. Configure a Virtual Private Network Connection • VPN គឺជាការបង្កើតនៅផ្លូវមួយសំរាបផ្លាស់ប្តូរ data ពី​ Server ​ទៅ Client ដោយឆ្លងកាត់តាម​ប្រពន្ធ័ Untrusted Network(internet)។ • VPN ផ្តល់នូវ Point-to-Point Connection រវាងសមាសធាតុនៃ Private Network តាមរយៈ Public Network ។ • ហើយនៅក្នុងការបង្កើត VPN យើងមាន​ ៣ protocol • SSTP= Secure Socket Tunneling Protocol • PPTP= Point to Point Tunneling Protocol • L2TP= Layer Two Tunneling Protocol

  4. Virtual Private Networking • Point-to-Point Link:Data ត្រូវបានខ្ចប់ជាមួយ Header ដែល header ផ្តល់នូវ Routing Information ដែលអនុញ្ញាតិអោយ Data ឆ្លងកាត់និងចែកចាយរឺក៏ពី public network ទៅដល់ Endpoint ។ • Private Link: Data ត្រូវបានខ្ចប់ចាក់សោរជាសំងាត់ហើយ Link នេះ private data ត្រូវបានខ្ចប់ចាក់សោរសំងាត់ (Encrypted) នេះជា VPN Connection

  5. VPN Connection • VPN Connection មានពីរប្រភេទគឺ Remote Access និង Site-to-Site • Remote Access VPN Connection: អនុញ្ញាតិអោយ User ធ្វើការងារពីផ្ទះឬ Customer Site តាមរយៈ Wireless access point to access resource នៅក្នុងក្រុមហ៊ុនដោយប្រើ Public Network Provider ដូចជា​ Internet ។ • Site-to-Site VPN: ដែលគេស្គាល់ថាជា router-to-router VPN connection​ ដែលអនុញ្ញាតិក្រុមហ៊ុនរបស់អ្នកត្រូវតែ Route Connection រវាង​ office រឺជាមួយក្រុមហ៊ុនដ៏ទៃទៀតតាមរយៈ Public Network ។

  6. Type of VPN Authentication Method • Type of VPN Authentication Method: មាន ៤ គឺៈ • PAP=Password Authentication Protocol, • CHAP=Challenge Handshake Authentication Protocol, • MSCHAPv2=Microsoft Challenge Handshake Authentication Protocol, • EAP=Extensible Authentication Protocol

  7. What is a Network Policy • Network Policy ជាសុំនំលក្ខណៈ,​ បញ្ជារ, និង ការកំណត់​ផ្សេង​ៗ​ដើម្បី​អនុញ្ញាតិ​អោយ​កំ​ណត់​ថាតើអ្នកណាមានសិទ្ធិភ្ជាប់មក Network បាន ។​ អ្នកអាចត្រួតពិនិត្យមើល Network Policies ដូចជា Rule ដែល rule និមួយៗ​មាន​កំណត់​លក្ខខណ្ឌ័​និងការ​កំណត់​ផ្សេងៗ​ប្រសិនបើ rule និង​ Connection request ត្រូវលក្ខខណ្ឌ័នោះ Rule និង​ applied ទៅនឹង Connection ។

  8. Configuring Routing and Remote Access as a VPN Remote Access • 1. On NYC-EDGE1, click Start, and then click Administrative Tools. • 2. From the Administrative Tools menu, click Server Manager. The Server Manager opens. • 3. In the Server Manager (NYC-EDGE1) list pane, right-click Roles, and then click Add Roles. The Add Roles Wizard appears. Click Next.

  9. On the Select Server Roles page, select Network Policy and Access Services, and then click Next.

  10. 5. On the Network Policy and Access Services introduction page, click Next. • 6. On the Select Role Services page, select the Network Policy Server and Routing and RemoteAccess Services check boxes, and then click Next.

  11. 7. On the Confirm Installation Selections page, click Install. • 8. On the Installation Results page, verify Installation succeeded appears in the details pane, and then click Close. • 9. Close the Server Manager. The Network Policy and Routing and Remote Access Services roles are installed on 6419B-NYC-EDGE1.

  12. Configure as a VPN server with a static address pool forRemote Access clients • 1. On NYC-EDGE1, click Start, and then click Administrative Tools. • 2. From the Administrative Tools menu, click Routing and Remote Access. The Routing and Remote Access administrative tool appears. • 3. In the list pane, select and right-click NYC-EDGE1 (Local), and then click Configure and EnableRouting and Remote Access. • 4. On the wizard Welcome page, click Next.

  13. 5. On the Configuration page, leave the default Remote Access (dial-up or VPN) selected, and click Next. • 6. On the Remote Access page, select the VPN check box, and click Next.

  14. 7. On the VPN Connection page, select the Public, and then click Next.

  15. 8. On the IP Address Assignment page, select From a specified range of addresses, and then click Next.

  16.  9. On the Address Range Assignment page, click New, and in the Start IP address box, type the following value 10.10.0.60. In the Number of addresses box, type the value of 75, and click OK Click Next.

  17. 10. On the Managing Multiple Remote Access Servers page, leave the default selection No, useRouting and Remote Access to authenticate connection requests, and click Next. Click Finish. • 11. In the Routing and Remote Access dialog box, click OK. • 12. In the Routing and Remote Access dialog box regarding the DHCP Relay agent, click OK. The Routing and Remote Access service starts.

  18. Configure available VPN ports on the (RRAS) server to allow 25 PPTP and 25L2TP connections • 1. In the Routing and Remote Access management tool interface, expand NYC-EDGE1, right-click Ports, and then click Properties. • 2. In the Ports Properties dialog box, double-click WAN Miniport (SSTP). • 3. In the Configure Device – WAN Miniport (SSTP) dialog box, assign a value of 25 in the Maximumports box, and then click OK.

  19. 4. In the Routing and Remote Access dialog box, click Yes to continue. • 5. In the Ports Properties dialog box, double-click WAN Miniport (PPTP), and in the ConfigureDevice – WAN Miniport (PPTP) dialog box, assign a value of 25 in the Maximum ports box, and then click OK.

  20. 6. In the Routing and Remote Access dialog box, click Yes to continue. • 7. Repeat this procedure, with the same value (25), for WAN Miniport (L2TP).

  21. 8. In the Ports Properties dialog box, click OK. • 9. Close the Routing and Remote Access administrative tool.

  22. Configuring a Custom Network Policy • 1. On NYC-EDGE1, click Start, and then click Administrative Tools. • 2. On the Administrative Tools menu, click Network Policy Server. The Network Policy Server administrative tool appears.

  23. Create a new network policy for RRAS clients • In the list pane, expand Policies, right-click Network Policies, and then click New. • On the New Network Policy – Specify Network Policy Name and Connection Type page, typeSecure VPN in the Policy name text box, and in the Type of network access server drop-down list,click Remote Access Server (VPN-Dial up), and then click Next.

  24. 3. On the Specify Conditions page, click Add. In the Select Condition dialog box, scroll down and double-click Tunnel Type. In the Tunnel Type dialog box, select L2TP, PPTP, and SSTP, click OK, and then click Next.

  25. 4. On the Specify Access Permission page, leave the default of Access granted, and click Next. • 5. On the Configure Authentication Methods page, deselect the Microsoft Encrypted Authentication (MS-CHAP) check box, and then click Next.

  26. 6. On the Configure Constraints page, under Constraints, select Day and time restrictions, and in the details pane, select Allow access only on these days and at these times, and click Edit. Change the Time of day constraints to Denied access from 11PM to 6AMMonday thru Friday, click OK, and then click Next.

  27. 7. In the Configure Settings dialog box, under Settings, click Encryption, and in the details pane, deselect all settings except Strongest encryption (MPPE 128-bit), click Next, and then click Finish. • 8. In the list pane of the Network Policy Server tool, click the Network Policies node. • 9. If necessary, right-click the Secure VPN policy, and then click Move Up. Repeat this step to make the policy the first in the list. • 10. Close the Network Policy Server tool.

  28. Create and Test a VPN Connection • 1. Switch to the NYC-CL1 computer. • 2. Click Start, and then click Control Panel. • 3. In the Control Panel window, under Network and Internet, click View network status and tasks. • 4. In the Network and Sharing Center window, click Change adapter settings. • 5. Right-click Local Area Connection 3, and then click Properties. • 6. Select Internet Protocol Version 4 (TCP/IPv4), and then click Properties. • 7. Configure the following IP address settings, and then click OK: • • IP Address: 131.107.0.20 • Subnet mask: 255.255.255.0 • Default gateway: 131.107.0.1

  29. 8. Click Close, and then click the Back button to return to the Network and Sharing Center. • 9. In the Network and Sharing Center window, under Change your networking settings, click Set up anew connection or network. In the Choose a connection option dialog box, click Connect to aworkplace, and then click Next.

  30. 10. In the Connect to a workplace dialog box, select the Use my Internet connection (VPN) option. When prompted, click I’ll set up an Internet connection later.

  31. 11. In the Type the Internet address to connect to dialog box, specify an Internet address of131.107.0.2 and a Destination Name of Contoso VPN, and then click Next.

  32. 12. On the Type your user name and password page, leave the user name and password blank, and then click Create. • 13. Click Close in the Connect to a Workplace dialog box. • 14. In the Network and Sharing Center window, click Change adapter settings. • 15. On the Network Connections page, right-click Contoso VPN, and then click Connect.

  33. 16. Use the following information in the Connect Contoso VPN text boxes, and then click Connect: • User name: Administrator • Password: Pa$$w0rd • Domain: Contoso

  34. The VPN connects successfully. • 17. Right-click Contoso VPN, and click Disconnect. The VPN disconnects. • 18. Close all open windows on NYC-CL1.

More Related