Isa 2006 lab p2

1. ISA ServerTi liu thc hnh dnh cho hc vinModule 5: Configuring Access to Internal ResourcesXay dng mo hnh nh hnh ve:Lab 1: Publish web.Mo ta: trong bai lab nay cha can en domain va CA enterprise. Gia s ben trong internalco mot web server la topic.edu (mang 200.200.200.x). Ta muon cho user external(mang 10.x.x.x) co the truy cap c web server trong internal ta se publish web servernay len ISA. Client external se ch DNS ve ISP e truy cap web internal.Tren may Web server: cai va cau hnh DNS, tao mot alias la www ch ve may webserver, forward DNS internal ra DNS ISP ben ngoai. Cai IIS, ASP.net, tao file Default.htmtrong th muc Inetpubwwwroot co noi dung tuy y. Tai may web server vao IE test thwww.topic.eduTren may ISA: thc hien publish web1. Click phai vao Firewall Policy New Web sitepublishing RuleVSIC Education CorporationTrang 40

2. ISA Server Ti liu thc hnh dnh cho hc vin 2. at ten cho Rule next 3. Chon Option allownextVSIC Education Corporation Trang 41 3. ISA Server Ti liu thc hnh dnh cho hc vin 4. Chon publish a single web site or load balancer nextVSIC Education Corporation Trang 42 4. ISA ServerTi liu thc hnh dnh cho hc vin 5. Chon Option Use non-secured connection nextVSIC Education CorporationTrang 43 5. ISA ServerTi liu thc hnh dnh cho hc vin 6. Trong phan internal site name go ten cua web can publish v du la www.topic.edu,trong phan Computer or ip go IP ca may web server nextVSIC Education Corporation Trang 44 6. ISA Server Ti liu thc hnh dnh cho hc vin 7. Trong phan path (optional) go vao /* nextVSIC Education Corporation Trang 45 7. ISA ServerTi liu thc hnh dnh cho hc vin 8. Trong phan publish name go vao ten web ma external se dung ten nay e truy capvao web server internal thong qua ISAan nextVSIC Education Corporation Trang 46 8. ISA ServerTi liu thc hnh dnh cho hc vin 9. Trong cua so select web listener an new, go vao ten cua web listener nextVSIC Education CorporationTrang 47 9. ISA ServerTi liu thc hnh dnh cho hc vin 10. Chon option Do not require SSL nextVSIC Education CorporationTrang 48 10. ISA Server Ti liu thc hnh dnh cho hc vin 11. Trong cua so Web listener Ip address check vao external, an select ip addressVSIC Education CorporationTrang 49 11. ISA Server Ti liu thc hnh dnh cho hc vin 12. Chon option specified IP address on ISA server, chon IP external cua ISA an Add ok next 13. Chon No Authentication next nextfinishVSIC Education Corporation Trang 50 12. ISA Server Ti liu thc hnh dnh cho hc vin 14. Tiep tuc an nextVSIC Education Corporation Trang 51 13. ISA ServerTi liu thc hnh dnh cho hc vin 15. Chon No delegation, and client cannot next.VSIC Education CorporationTrang 52 14. ISA ServerTi liu thc hnh dnh cho hc vin 16. Chon all user next finishVSIC Education CorporationTrang 53 15. ISA Server Ti liu thc hnh dnh cho hc vin 17. Chon Apply 18. Kiem tra system policy: chon firewall policy, chon the task ca so ben phai, chon edit system policy. Kiem tra xem check box Enable this configuration group a c check cha neu cha th check vao ok applyVSIC Education CorporationTrang 54 16. ISA Server Ti liu thc hnh dnh cho hc vinMay DNS ISP 1. Gia s DNS external la CTL.net a c cau hnh roi. Bay gi i tao them motzone na cho topic.edu va tao alias ch ve card ngoai cua ISA. 2. Test th DNS ISP th 3. Sau o ng tai may DNS ISP vao IE go www.topic.edu se i c web internal.VSIC Education CorporationTrang 55 17. ISA ServerTi liu thc hnh dnh cho hc vinLab 2: Publish web SSLGiong nh lab 1, nhng muon lam web SSL phai co domain va CA enterprise.Tren may web server: luc nay a len domain va cai CA enterprise roi.Tai may ISA: thc hien publish web SSL1. Trc tien phai xin certificate cho may ISA. Vao IE go http://www.topic.edu/certsrv, nhap vao username va password cua administrator, chon Request a certificate 2. Chon Advanced certificate requestVSIC Education CorporationTrang 56 18. ISA Server Ti liu thc hnh dnh cho hc vin 3. Chon Create and submit a request to this CA 4. Chon certificate template la Web server, trong phan name go chnh xac ten cuaweb site can publish, keo thanh trt xuong ben diVSIC Education Corporation Trang 57 19. ISA Server Ti liu thc hnh dnh cho hc vin 5. Chech vao check box store a certificate in the local computer submit 6. An vao Install this certificateVSIC Education CorporationTrang 58 20. ISA ServerTi liu thc hnh dnh cho hc vin 7. Sau khi install certficate xong, ta can kiem tra xem certficate va xin a tin caycha(v ISA khong join domain nen certficate thng se khong tin cay can phaikiem tra lai). Vao Start Run: go mmc, vao menu file chon add/remove snap-inadd chon certifucatechon option computer account next finishclose ok. Chon Certificatespersonalcertificates double click vao certificateva xin (www.topic.edu) kiem tra xem co b anh dau o khong, neu co la cha tincay can thc hien cac bc sau 8. Click phaivao Trusted root certification authorities chon All task importnext Browse 9. Truy cap vao folder CertConfig tren may cai CA chon file .CRT openVSIC Education CorporationTrang 59 21. ISA Server Ti liu thc hnh dnh cho hc vin 10. Nextnextfinish 11. Luc nay kiem tra lai certificate a c tin cay roi Tai may web server (cung la may domain) thc hien https 12. Vao Internet information services, click phai vao default web site properties chon tab Directory SecurityVSIC Education Corporation Trang 60 22. ISA Server Ti liu thc hnh dnh cho hc vin 13. Chon server certificate next chon create a new certificate next 14. Chon option send the request immediatelynextVSIC Education Corporation Trang 61 23. ISA ServerTi liu thc hnh dnh cho hc vin 15. ca so Name and Security setting e tham so mac nh an next 16. ca so Organnization Information nhap cac thong tin can thiet nextVSIC Education CorporationTrang 62 24. ISA ServerTi liu thc hnh dnh cho hc vin 17. Trong phan common name phai go ung ten web site can lam HTTPS, trong trng hp nay la www.topic.edu next 18. Nhap ay u cac thong tin (khong quan trong nhng phai nhap) roi an nextVSIC Education Corporation Trang 63 25. ISA Server Ti liu thc hnh dnh cho hc vin 19. Chon port 443next next finish 20. Trong phan secure communications an Edit anh dau chon vao check box Require secure channel(SSL) va Require 128-bit encrytion okVSIC Education Corporation Trang 64 26. ISA Server Ti liu thc hnh dnh cho hc vin 21. Trong phan Authentication and access control an Edit bo chon check box Enable anonymous access, anh dau chon vao Integrated windows authentication va Basic Authentication ok Apply OK. Hoan tat cau hnh HTTPS Tr lai may ISA: thc hien publish web SSLVSIC Education Corporation Trang 65 27. ISA Server Ti liu thc hnh dnh cho hc vin 22. Vao Isa Click phai vao firewall policy newweb site publishing rule. Go vao ten cua rule next chon Allow next 23. Chon option Publish a single web site or load balancer nextVSIC Education Corporation Trang 66 28. ISA Server Ti liu thc hnh dnh cho hc vin 24. Chon option Use SSL to connect to nextVSIC Education Corporation Trang 67 29. ISA ServerTi liu thc hnh dnh cho hc vin 25. Nhap vao ten web site va IP cua web server internal can publish nextVSIC Education CorporationTrang 68 30. ISA ServerTi liu thc hnh dnh cho hc vin 26. Trong phan Path go /* nextVSIC Education CorporationTrang 69 31. ISA ServerTi liu thc hnh dnh cho hc vin 27. Trong phan publish name go vao ten web can publish nextVSIC Education CorporationTrang 70 32. ISA ServerTi liu thc hnh dnh cho hc vin 28. Tai ca so select web listener an new nhap vao ten cho web listener nextVSIC Education CorporationTrang 71 33. ISA ServerTi liu thc hnh dnh cho hc vin 29. Chon option Require SSL secured connection with clients nextVSIC Education CorporationTrang 72 34. ISA Server Ti liu thc hnh dnh cho hc vin 30. anh dau chon vao check box External , chon select ip addressVSIC Education Corporation Trang 73 35. ISA Server Ti liu thc hnh dnh cho hc vin 31. Chon IP external cua ISA an add ok 32. Chon option Use a singlecertificate for this web listener an Select Certificate, chon certificate an select nextVSIC Education Corporation Trang 74 36. ISA Server Ti liu thc hnh dnh cho hc vin 33. Chon Http Authentication, anh dau chon vao checkbox basic, chon option Windows(active directory) next nextVSIC Education Corporation Trang 75 37. ISA ServerTi liu thc hnh dnh cho hc vin 34. Chon basic Authentication next next finish nextVSIC Education CorporationTrang 76 38. ISA ServerTi liu thc hnh dnh cho hc vin 35. Chon All usernext finish.VSIC Education CorporationTrang 77 39. ISA Server Ti liu thc hnh dnh cho hc vin 36. Hoan tat viec publish web ssl. Tren may DNS ISP cau hnh nh lab 1( neu a cau hnh roi th thoi). ng tai may DNS ISP test th: vao IE go Https://www.topic.eduVSIC Education Corporation Trang 78 40. ISA Server Ti liu thc hnh dnh cho hc vinModule 6: Integrating ISA Server 2004 and MicrosoftExchange ServerXay dng mo hnh nh hnh ve, mail server co la mail Pop3, mail Deamon, trong bai labnay s dung mail Exchange 2003Lab 1: Publish OWA Tren may mail server vao DNS tao them alias la mail ch ve may mail server, vaDNS internal se forward ra ngoai DNS ISP e co the gi mail qua cac domain khac. Tren may ISA: thc hien publish OWA. 1. Click phai firewall policy chon New Exchange web client Access Publishing Rule go vao ten cho rule nextVSIC Education CorporationTrang 79 41. ISA Server Ti liu thc hnh dnh cho hc vin 2. Chon exchange server 2003 va check vao outlook web Accessnext 3. Chon option publish a single web site or load balancer nextVSIC Education Corporation Trang 80 42. ISA ServerTi liu thc hnh dnh cho hc vin 4. Chon option Use non-secured connections nextVSIC Education CorporationTrang 81 43. ISA Server Ti liu thc hnh dnh cho hc vin 5. Nhap vao ten va ip cua mail server nextVSIC Education Corporation Trang 82 44. ISA Server Ti liu thc hnh dnh cho hc vin 6. Nhap vao ten cho publish name, ten nay e cho user external check mail.VSIC Education CorporationTrang 83 45. ISA ServerTi liu thc hnh dnh cho hc vin 7. Tai ca so select web listener an new go ten cho web listener nextVSIC Education Corporation Trang 84 46. ISA Server Ti liu thc hnh dnh cho hc vin 8. Chon option Do not require SSL nextVSIC Education Corporation Trang 85 47. ISA ServerTi liu thc hnh dnh cho hc vin 9. Chon check box external, an select IP AddressVSIC Education CorporationTrang 86 48. ISA ServerTi liu thc hnh dnh cho hc vin 10. Chon option Specified IP address, chon IP external cua ISA an add oknext 11. Chon No Authentication va chon option Windows (active Directory)next next finish nextVSIC Education Corporation Trang 87 49. ISA ServerTi liu thc hnh dnh cho hc vin 12. No delegation, and client may authenticate directly nextVSIC Education CorporationTrang 88 50. ISA ServerTi liu thc hnh dnh cho hc vin 13. Chon all user next finish Apply. Hoan tat publish OWA.VSIC Education CorporationTrang 89 51. ISA ServerTi liu thc hnh dnh cho hc vinTren may DNS ISP cau hnh nh module 5. ng tai may ISP vao IE gohttp://mail.topic.edu/exchangeLab 2: Publish mail POP3 va SMTP1. Click phai vao Firewall Policy new Mail Server Publishing Rule, go ten choRule next 2. Chon option Client access: RPC,IMAP, POP3,SMTPnextVSIC Education CorporationTrang 90 52. ISA Server Ti liu thc hnh dnh cho hc vin 3. Check vao 2 checkbox la POP3 va SMTP next 4. Nhap vao Ip cua mail server nextVSIC Education Corporation Trang 91 53. ISA ServerTi liu thc hnh dnh cho hc vin 5. Chon vao checkbox External an Address 6. Chon Ip external cua ISA an add oknext finishVSIC Education CorporationTrang 92 54. ISA Server Ti liu thc hnh dnh cho hc vin 7. An Apply se thay cac rule va tao nh sau. 8. Tao Rule cho mail POP3 va SMTP i ra external. Click phai vao Firewall policychon new Access rule, go vao ten cua rule next chon option allow nextVSIC Education Corporation Trang 93 55. ISA Server Ti liu thc hnh dnh cho hc vin 9. Chon 2 protocol la POP3 va SMTP next 10. Acess rule sources chon External, Internal va local host nextVSIC Education Corporation Trang 94 56. ISA ServerTi liu thc hnh dnh cho hc vin 11. Access rule Destinations cung chon External, Internal va local hostnext 12. Chon All user next finish 13. Tai may web server tao mail pop3 gi ra cho user tren may DNS ISP va ngc lai. Hoan tat bai lab.VSIC Education Corporation Trang 95 57. ISA Server Ti liu thc hnh dnh cho hc vinModule 7:Advanced Application and Web FilteringXay dng mo hnh nh hnh veCai ISA server va tao rule cho Isa server, client1, client2 ra netLab1: Deny POST (cam gi mail)1. Vao Isa server, click phai vao rule Allow Internet, Chon Configure HTTP 2. Chon the Methods chon Block specified methodsan AddVSIC Education Corporation Trang 96 58. ISA ServerTi liu thc hnh dnh cho hc vin 3. Go vao Mothod la POST ok 4. OkApplyVSIC Education CorporationTrang 97 59. ISA ServerTi liu thc hnh dnh cho hc vin 5. Tren may Client vao http://gmail.com e check mail, luc nay mail van nhan cbnh thng, nhng khi gi mail i se bao loi sau: 6. Con neu ban send mail bang yahoo th se nhan c thong bao sauVSIC Education CorporationTrang 98 60. ISA ServerTi liu thc hnh dnh cho hc vinLab 2: Cam download file 1. Vao Isa server, click phai vao rule Allow Internet, Chon Configure HTTP 2. Chon The Extensions chon Block specified extensions an Add nhap vao phanm rong can cam OKVSIC Education CorporationTrang 99 61. ISA ServerTi liu thc hnh dnh cho hc vin 3. Ok apply 4. Vao trang goolge.com.vn tm file .PDF, .MP3 down ve th luc nay se khongdownload c Lab 3: Cam Chat yahoo 5. Vao Isa server, click phai vao rule Allow Internet, Chon Configure HTTPVSIC Education CorporationTrang 100 62. ISA ServerTi liu thc hnh dnh cho hc vin 1. Chon the signaturesan add 2. Nhap cac thong tin nh hnh sau okVSIC Education CorporationTrang 101 63. ISA Server Ti liu thc hnh dnh cho hc vin 3. Tiep tuc OK apply 4. Bay gi vao Yahoo chat th, luc nay se khong con chat c ke ca chat bangProxy ban co the xem them bai lab nay trang web sau :http://www.vsic.com/forum/showthread.php?t=593VSIC Education Corporation Trang 102

Technology

Isa 2006 lab p2