Isa 2006 lab p2

ISA Server Tài liệu thực hành dành cho học viên

Module 5: Configuring Access to Internal Resources
Xaây döïng moâ hình nhö hình veõ:

Lab 1: Publish web.
Moâ taû: trong baøi lab naøy chöa caàn ñeán domain vaø CA enterprise. Giaû söû beân trong internal
coù moät web server laø topic.edu (maïng 200.200.200.x). Ta muoán cho user ôû external
(maïng 10.x.x.x) coù theå truy caäp ñöôïc web server trong internal ta seõ publish web server
naøy leân ISA. Client external seõ chæ DNS veà ISP ñeå truy caäp web internal.

Treân maùy Web server: caøi vaø caáu hình DNS, taïo moät alias laø www chæ veà maùy web
server, forward DNS internal ra DNS ISP beân ngoaøi. Caøi IIS, ASP.net, taïo file Default.htm
trong thö muïc Inetpubwwwroot coù noäi dung tuy yù. Taïi maùy web server vaøo IE test thöû
www.topic.edu
Treân maùy ISA: thöïc hieän publish web
1. Click phaûi vaøo Firewall Policy New Web sitepublishing Rule

VSIC Education Corporation Trang 40


2. Ñaët teân cho Rule next

3. Choïn Option allow next



4. Choïn publish a single web site or load balancer next



5. Choïn Option Use non-secured connection … next



6. Trong phaàn internal site name goõ teân cuûa web caàn publish ví duï laø www.topic.edu,
trong phaàn Computer or ip goõ IP cæa maùy web server next



7. Trong phaàn path (optional) goõ vaøo /* next



8. Trong phaàn publish name goõ vaøo teân web maø external seõ duøng teân naøy ñeå truy caäp
vaøo web server internal thoâng qua ISA aán next



9. Trong cuûa soå select web listener aán new, goõ vaøo teân cuûa web listener next



10. Choïn option Do not require SSL … next



11. Trong cuûa soå Web listener Ip address check vaøo external, aán select ip address



12. Choïn option specified IP address on ISA server, choïn IP external cuûa ISA aán
Add ok next

13. Choïn No Authentication next next finish



14. Tieáp tuïc aán next



15. Choïn No delegation, and client cannot … next.



16. Choïn all user next finish



17. Choïn Apply

18. Kieåm tra system policy: choïn firewall policy, choïn theû task ôû cöûa soå beân phaûi, choïn
edit system policy. Kieåm tra xem check box Enable this configuration group ñaõ
ñöôïc check chöa neáu chöa thì check vaøo ok apply



Maùy DNS ISP
1. Giaû söû DNS external laø CTL.net ñaõ ñöôïc caáu hình roài. Baây giôø ñi taïo theâm moät
zone nöõa cho topic.edu vaø taïo alias chæ veà card ngoaøi cuûa ISA.

2. Test thöû DNS ISP thöû

3. Sau ñoù ñöùng taïi maùy DNS ISP vaøo IE goõ www.topic.edu seõ ñi ñöôïc web internal.



Lab 2: Publish web SSL
Gioáng nhö lab 1, nhöng muoán laøm web SSL phaûi coù domain vaø CA enterprise.
Treân maùy web server: luùc naøy ñaõ leân domain vaø caøi CA enterprise roài.
Taïi maùy ISA: thöïc hieän publish web SSL
1. Tröôùc tieân phaûi xin certificate cho maùy ISA. Vaøo IE goõ
http://www.topic.edu/certsrv, nhaäp vaøo username vaø password cuûa administrator,
choïn Request a certificate

2. Choïn Advanced certificate request



3. Choïn Create and submit a request to this CA

4. Choïn certificate template laø Web server, trong phaàn name goõ chính xaùc teân cuûa
web site caàn publish, keùo thanh tröôït xuoáng beân döôùi



5. Chech vaøo check box store a certificate in the local computer … submit

6. Aán vaøo Install this certificate



7. Sau khi install certficate xong, ta caàn kieåm tra xem certficate vöøa xin ñaõ tin caäy
chöa(vì ISA khoâng join domain neân certficate thöôøng seõ khoâng tin caäy caàn phaûi
kieâm tra lai). Vaøo Start Run: goõ mmc, vaøo menu file choïn add/remove snap-in
add choïn certifucate choïn option computer account next finish
close ok. Choïn Certificatespersonalcertificates double click vaøo certificate
vöøa xin (www.topic.edu) kieåm tra xem coù bò ñaùnh daáu ñoû khoâng, neáu coù laø chöa tin
caäy caàn thöïc hieän caùc böôùc sau
8. Click phaûivaøo Trusted root certification authorities choïn All task import
next Browse

9. Truy caäp vaøo folder CertConfig treân maùy caøi CA choïn file .CRT open



10. Next next finish

11. Luùc naøy kieåm tra laïi certificate ñaõ ñöôïc tin caäy roài
Taïi maùy web server (cuõng laø maùy domain) thöïc hieän https
12. Vaøo Internet information services, click phaûi vaøo default web site properties
choïn tab Directory Security



13. Choïn server certificate next choïn create a new certificate next

14. Choïn option send the request immediately next



15. Ôû cöûa soå Name and Security setting ñeå tham soá maëc ñònh aán next

16. Ôû cöûa soå Organnization Information nhaäp caùc thoâng tin caàn thieát next



17. Trong phaàn common name phaûi goõ ñuùng teân web site caàn laøm HTTPS, trong tröôøng
hôïp naøy laø www.topic.edu next

18. Nhaäp ñaày ñuû caùc thoâng tin (khoâng quan troïng nhöng phaûi nhaäp) roài aán next



19. Choïn port 443 next next finish

20. Trong phaàn secure communications aán Edit Ñaùnh daáu choïn vaøo check box
Require secure channel(SSL) vaø Require 128-bit encrytion ok



21. Trong phaàn Authentication and access control aán Edit boû choïn check box Enable
anonymous access, ñaùnh daáu choïn vaøo Integrated windows authentication vaø Basic
Authentication ok Apply OK. Hoaøn taát caáu hình HTTPS

Trôû laïi maùy ISA: thöïc hieän publish web SSL



22. Vaøo Isa Click phaûi vaøo firewall policy new web site publishing rule. Goõ vaøo
teân cuûa rule next choïn Allow next

23. Choïn option Publish a single web site or load balancer next



24. Choïn option Use SSL to connect to … next



25. Nhaäp vaøo teân web site vaø IP cuûa web server internal caàn publish next



26. Trong phaàn Path goõ /* next



27. Trong phaàn publish name goõ vaøo teân web caàn publish next



28. Taïi cöûa soå select web listener aán new nhaäp vaøo teân cho web listener next



29. Choïn option Require SSL secured connection with clients next



30. Ñaùnh daáu choïn vaøo check box External , choïn select ip address



31. Choïn IP external cuûa ISA aán add ok

32. Choïn option Use a singlecertificate for this web listener aán Select Certificate,
choïn certificate aán select next



33. Choïn Http Authentication, ñaùnh daáu choïn vaøo checkbox basic, choïn option
Windows(active directory) next next



34. Choïn basic Authentication next next finish next



35. Choïn All user next finish.



36. Hoaøn taát vieäc publish web ssl. Treân maùy DNS ISP caáu hình nhö lab 1( neáu ñaõ caáu
hình roài thì thoâi). Ñöùng taïi maùy DNS ISP test thöû: vaøo IE goõ Https://www.topic.edu



Module 6: Integrating ISA Server 2004 and Microsoft
Exchange Server
Xaây döïng moâ hình nhö hình veõ, mail server coù laø mail Pop3, mail Deamon, trong baøi lab
naøy söû duïng mail Exchange 2003

Lab 1: Publish OWA
Treân maùy mail server vaøo DNS taïo theâm alias laø mail chæ veà maùy mail server, vaø
DNS internal seõ forward ra ngoaøi DNS ISP ñeå coù theå göõi mail qua caùc domain khaùc.
Treân maùy ISA: thöïc hieän publish OWA.
1. Click phaûi firewall policy choïn New Exchange web client Access Publishing
Rule goõ vaøo teân cho rule next



2. Choïn exchange server 2003 vaø check vaøo outlook web Access next

3. Choïn option publish a single web site or load balancer next



4. Choïn option Use non-secured connections… next



5. Nhaäp vaøo teân vaø ip cuûa mail server next



6. Nhaäp vaøo teân cho publish name, teân naøy ñeå cho user external check mail.



7. Taïi cöûa soå select web listener aán new goõ teân cho web listener next



8. Choïn option Do not require SSL next



9. Choïn check box external, aán select IP Address



10. Choïn option Specified IP address…, choïn IP external cuûa ISA aán add ok next

11. Choïn No Authentication vaø choïn option Windows (active Directory) next
next finish next



12. No delegation, and client may authenticate directly… next



13. Choïn all user next finish Apply. Hoaøn taát publish OWA.



Treân maùy DNS ISP caáu hình nhö module 5. Ñöùng taïi maùy ISP vaøo IE goõ
http://mail.topic.edu/exchange
Lab 2: Publish mail POP3 vaø SMTP
1. Click phaûi vaøo Firewall Policy new Mail Server Publishing Rule, goõ teân cho
Rule next

2. Choïn option Client access: RPC,IMAP, POP3,SMTP next



3. Check vaøo 2 checkbox laø POP3 vaø SMTP next

4. Nhaäp vaøo Ip cuûa mail server next



5. Choïn vaøo checkbox External aán Address

6. Choïn Ip external cuûa ISA aán add ok next finish



7. Aán Apply seõ thaáy caùc rule vöøa taïo nhö sau.

8. Taïo Rule cho mail POP3 vaø SMTP ñi ra external. Click phaûi vaøo Firewall policy
choïn new Access rule, goõ vaøo teân cuûa rule next choïn option allow next



9. Choïn 2 protocol laø POP3 vaø SMTP next

10. Acess rule sources choïn External, Internal vaø local host next



11. Access rule Destinations cuõng choïn External, Internal vaø local host next
12. Choïn All user next finish

13. Taïi maùy web server taïo mail pop3 göûi ra cho user treân maùy DNS ISP vaø ngöôïc laïi.
Hoaøn taát baøi lab.



Module 7:Advanced Application and Web Filtering
Xaây döïng moâ hình nhö hình veõ

Caøi ISA server vaø taïo rule cho Isa server, client1, client2 ra net
Lab1: Deny POST (caám göûi mail)
1. Vaøo Isa server, click phaûi vaøo rule Allow Internet, Choïn Configure HTTP

2. Choïn theû Methods choïn Block specified methods aán Add



3. Goõ vaøo Mothod laø POST ok

4. Ok Apply



5. Treân maùy Client vaøo http://gmail.com ñeå check mail, luùc naøy mail vaãn nhaän ñöôïc
bình thöôøng, nhöng khi göõi mail ñi seõ baùo loãi sau:

6. Coøn neáu baïn send mail baèng yahoo thì seõ nhaän ñöôïc thoâng baùo sau



Lab 2: Caám download file

2. Choïn Theû Extensions choïn Block specified extensions aán Add nhaäp vaøo phaàn
môû roäng caàn caám OK



3. Ok apply
4. Vaøo trang goolge.com.vn tìm file .PDF, .MP3 down veà thöû luùc naøy seõ khoâng
download ñöôïc
Lab 3: Caám Chat yahoo



1. Choïn theû signatures aán add

2. Nhaäp caùc thoâng tin nhö hình sau ok



3. Tieáp tuïc OK apply

4. Baây giôø vaøo Yahoo chat thöû, luùc naøy seõ khoâng coøn chat ñöôïc keå caû chat baèng
Proxy baïn coù theå xem theâm baøi lab naøy ôû trang web sau :
http://www.vsic.com/forum/showthread.php?t=593


Isa 2006 lab p2

Recommended

Recommended

More Related Content

Viewers also liked

Viewers also liked (8)

Similar to Isa 2006 lab p2

Similar to Isa 2006 lab p2 (7)

Isa 2006 lab p2