07 cấu hình VPN client to site trên TMG 2010

IW User must change password at next logon [" User cannot change password T Password never expires T~ Account is disabled Nhấn phải chuột trên tai khoan vira tao, chon the Dial in t

Trang 1

Cấu hình VPN Client to Site trên TMG 2010

Câu hình VPN Client to Site trên TMG 2010

Chúng ta đã được tiếp cận với Cau hinh VPN Client to Site kết hợp với Radius Server, nhưng nếu hệ thống của chúng ta có một firewall server cai TMG 2010 thi can cau hinh thé nao Bai viét nay sẽ là giải pháp cho bạn

BKNP -SRV08-01

IP:172161.2⁄24

Web Server: Bknpewervn VPN SERVER

BKNP-WRK-03 VPN Client Cau hinh VPN Client to Site tren TMG 2010

1 Tao tài khoản cho người dùng VPN

Mở Server Manager > Configuration > Local Users and Groups: Nhân phải chuột trên Users chon New User

Trang 2

E Server Manager

File Action View Help

@ ®| ?|ra| o 2| HÌmn

ia, Server Manager (BKNP-SRV08-03)

(+) Roles

Features : Dessiption -

Diagnostics * Administrator Built-in account for administering the

] at Configuration + Guest Built-in account for quest access to t

Task Scheduler

Windows Firewall with Adve New User

=) @& Local Users and Groups

| Groups

Password: Jlss

Confirm password: ls

IW User must change password at next logon

[" User cannot change password

T Password never expires

T~ Account is disabled

Nhấn phải chuột trên tai khoan vira tao, chon the Dial in tick chon Allow access dé cho phép kết nối từ xa

Tạo nhóm chứa các tài khoản VPN

vpn PropertHes

Personal Virtual Desktop

Remote Desktop Services Profile Network Access Permission (* Allow access

Deny access Control access through NPS Network Policy

I~ Verity Caller4D: |

—Callback Options

f No Callback Set by Caller (Routing and Remote Access Service only) Always Callback to:

-T~ Assign Static IP Addresses Define IP addresses to enable for this Dialin connection static IP Addresses , |

T Apply Static Routes Define routes to enable for this Dial-in

connection

Static Houtes |

Cancel Apoy Help

L_%

Trang 3

F LD Tipbon | Groups

| & Administrators Administrators have complete and u More Actions

; Task Scheduler & Certificate Service DCO Members of this croup are allowed t

—= - Adve | 4# Cryptogaphic Oper: Do G15

@ Distributed COM Use

nữ cong | Be event Log Readers

=) @& Local Users and Groups

Users

_ Groups

#1 Ê§ Storaoe

(Add) r¡PTIOVE

2 Cau hinh VPN trén TMG

Mo TMG 2010, dé thém dai dia chi danh cho VPN Client, chon Remote Access Policy roi nhan Define Address Assignments:

& Forefront TMG ¬

«Ẳ ®lI?lralHẽm|a| ®@@© #€

LG Mizosoft Forefront Threat Manageme:

=I \ồ ee (BKNP-SRV08-03) + Fo srefro afront

Dashboard “<

eae : Threat RET ae

ee ee @ Glick here to learn about the Customer eIm

Web Access Policy | NET HGGGUHGHGGHEGGEGNGGEG,GGMHGRGGGHG.GGRRKRGGG

{=} E-Mail Policy

Tasks Y Help \

Configure VPN Client Access

did System This page helps you define and configure how clients access the corporate network using a virtual VPN Clients Tasks

Logs & Reports private network (VPN) connection @ Enable VPN Client Access

đ) Configure Address Assignment Method and Enable VPN Client Access F Configure Quarantine Control

Allow remote cients to connect to the network using a VPN connection

General VPN

É.2) Specify Windows Users or select a RADIUS Server Configuration

Specify the Windows users (domain groups) allowed VPN access or, if using RADIUS authentication, select the RADIUS authentication server “of Select Networks

We

cw Verify VPN Properties and Remote Access Configuration | @& tion Methods

Verify that VPN properties, such as protocols and access points, are defined according to your (af Specify RADIUS Configuration network requirements

4 | View Firewall Policy for the VPN Clients Network | Related Tasks

Verify that Firewall Policy rules for the VPN Clients Network are defined in accordance with your §} Monitor vpn Clients network and corporate seaurity requirements © VPN Clents

Verify that the rules specifying network relationships between the VPN Clients Network and Configuration other networks, such as Internal, are defined according to your network requirements @ Read about troubleshooting

VPN

Configure Quarantine (Optional)

Fnahle niiarantine sunnert anniv either Forefrant TMG or R SOTLS oiarantine noliev and enerify

Tick chon Static Address pool réi nhan Add đề thêm dải địa chỉ:

Trang 4

tm! EE tị)

LG Microsoft Forefront Threat Manageme:

| S@ Forefront TMG (BKNP-SRV08-03) >> Forefront

N~ : | Remote Access Policy (VPN) Properties

Firewall Policy @ dic here lo

“@> Intrusion Prevention System / VEN Clients / 1asks \ Hep

SS

« Networking

“ Configure Quarantine Control

General VPN

Configuration

of Select Networks

iy

er tion Methods (af Specify RADIUS Configuration

Related Tasks

&} Monitor yPn Cients

\ : Apply © Export VPN Clients

Verify that the rules specifying network relationships between the VPN Clients Network and Configuration other networks, such as Internal, are defined according to your network requirements @ Read about troubleshooting

with your

Lựa chọn Server và nhập dải địa chỉ cấp phát:

Server IP Address Range Properties "=— 4

Lg

Dé cau hinh tai khoan VPN, click Configure VPN Client Access, réi nhan Add để thêm nhóm người dùng:

Trang 5

| tm a? tị File pe ‘© &_

LG Microsoft Forefront Threat Manageme:

| @ Forefront TMG (BKNP-SRV08-03) +> Forefront

- pene Threat Management Gateway 2010

Firewall Policy | VPN Clients Properties

“> Intrusion Prevention System |/ vpn Clients ¥

ee ae

<>

Logs & Reports |

Update Center

wv |

Verify that the rules specifying network relationships between the VPN Clients Network and other networks, such as Internal, are defined according to your network requirements

Lựa chọn nhóm tài khoản người dùng roi nhan OK đề kết thúc

Select Groups

Tùy chọn số lượng tài khoản VPN được phép kết nối

Trang 6

VPN Clients ProperHes

3 Tạo rule cho các tài khoản VPN truy cập vào tài nguyên miễn nội bộ: Click chọn Firewall Poliey, nhắn chuột phải chọn New Access Rule, tai man hinh bat dau, dién tén cho rule:

New Access Rule Wizard ¬ \ xí

“ C)

Welcome to the New Access k

Wizard

oe

`

_ This wizard helps you create a new access rule Access

ules define the action that is taken, and the protocols that

fy /} i], attempt to access specific destinations or content on

777 another network

“Hack,

Rule Action

f the conditions specified in the rule are met

Trang 7

Tuy chon traffic ma rule sé cho phép

New Access Rule Wizard

Saar ;

442124713

Tùy chọn thiết lập phát hiện malware

Lựa chọn đích đên là miên nội bộ:

Trang 8

This rule will apply to traffic sent from the rule sources to the destinations soecfeC

Tùy chỉnh đối tượng mà rule sẽ tác động

User Sets You can apply the rule to requests from all users Or, you can limit access to specific user sets

Nhấn Finish dé tao rule

You have successfully completed the New Access Rule configuration:

4 Khởi tạo kết nối VPN tir may Client ngoai Internet

Mo Control Panel > Network Connection > Create a new connection > tick chon Connect to the network at my workplace

Trang 9

" Network Connections

Advanced Help

Address |@\ Network Cc Network Connection Type

What do you want to do?

Network Tasks

Connect to the Intermet so you can browse the Web and read email

Connect to 4 business network (using dial-up or VPN) so you can work from home,

a field office, or another location

Connect to an existing home or small office network or set up a new one

set up this computer so that other computers can connect to it

Create a new co

Set up a home or office network

@ Change Windows

settings

Tiêu đề	07 Cấu hình VPN client to site trên TMG 2010
Thể loại	Hướng dẫn
Năm xuất bản	2010

Định dạng
Số trang	11
Dung lượng	1,73 MB