Professional Documents
Culture Documents
Ipsec, Cam Noi Chuyen - Smith.N Ebooks
Ipsec, Cam Noi Chuyen - Smith.N Ebooks
Ipsec, Cam Noi Chuyen - Smith.N Ebooks
Ipsec
Gi i thi u Ipsec BT-1: S d ng Ipsec th c hi n y/c sau - C m xp ni chuy n v i my File nh l nh Gpedit.msc trn my xp Sau
Next:
Next:
Kick Add
Ket qua
nh ngha cc tc ng b l c A1: Permit ( cho php) A2:Block(Ko cho php) - nh ngha Ipsec
( Cam may XP noi chuyen voi may File) = Ipsec = Filters + actions Ipsec = F1+ Permit ( F1 :Me DC(10.0.0.9) F2+Block(F2:Me File 10.0.0.7)
Thuc thi Ipsec tren may XP Right click ipsec Assing Chu y Ipsec = Filters + Actions - Filters : IP_Add, subnet , Protocols - Actions : permit ( cho phep ) , block ( cam ) , Encrypt ( ma hoa ) Note : Truoc khi y/c may thuc thi ipsec thi phai turn-on dich vu ipsec CMD services.msc ipsecurity (started)
Bi T p : Domain Computer # Worgroup computer ( c m my trong mi n ni chuy n v i my ngoi mi n ) Step 1: nh ngha cc b l c ( filters) Th c hi n t my DC (Default Domain controller Policy)
Ok B l c F2 Subnet <10.0.0.0/8>
= F1 + permit = F2 + mahoa
Step 4: tao GPO de y/c cac may trong domain thuc thi ipsec - tao 1 OU_PCs , sau do chuyen toan bo computer vao do - tao va ket noi GPO den ou_pcs
Chuot phai chon Assiag Step 5: Kiem tra Xp1 , File: Gpupdate /force /target:computer Gpresult /scope:computer - Domain ( may trong mien) XP1, FILE ping DC (10.0.0.9 ) duoc nhung ko ma hoa Xp1 ping FILE ( ok , mahoa) Workgroup : XP2 ping DC ( 10.0.0.9) ( ok , ko ma hoa) Xp2 ping File , Xp1 ( not ok ) Note: tat ca cacs PC phai duoc bat Ipsec ( Secvice.msc )