BÀI GIẢNG VPNChuong 2_2_cac Giao Thuc Tang 2

**Bi tpHy so snh s ging v khc nhau ca giao thc L2TP vi PPTP v L2F?

www.themegallery.com

**2.4. Giao thc L2TPL2TP v PPTPGing nhau:u xy dng cho mt kt ni ng hm qua giao thc im-im PPPGing PPTP, L2TP cng c c ch xc thc PAP, CHAP hay RADIUS. Sau khi ng hm c thit lp, d liu c cha trong gi IPGing nh PPTP, L2TP cng nh ngha hai loi thng bo l thng bo iu khin v thng bo d liu. Thng bo iu khin c chc nng iu khin vic thit lp, qun l v gii phng phin lm vic trn ng hm, cho bit tc truyn v tham s ca b m dng iu khin lung cc gi PPP trong mt phin lm vic. +Tuy nhin, L2TP truyn c hai loi thng bo ny trn cng gi d liu UDP v chung trn mt lung+ Cn PPTP dng 2 lung: TCP (iu khin), IP (d liu)


**2.4. Giao thc L2TPL2TP v PPTPGing nhau:H tr nhiu cng ngh mng khc nhau: PPTP v L2TP u hot ng lp lin kt d liu, nn cn phi c tiu mi trng truyn trong gi bit gi d liu truyn trong ng hm theo phng thc no? Ethernet, ATM, Frame Relay hay kt ni PPP (ty thuc vo ISP)

H tr nhiu giao thc mng khc nhau: IP, IPX, NetBIOS, NetBEUI u s dng 2 loi ng hm: ng hm t nguyn, ng hm bt buc.u c th s dng cc IP cha ng k.

Bc gi PPTP/ GRE


Ti PPP

PPP

Mi trng

GRE

IP

**2.4. Giao thc L2TPL2TP v PPTPKhc nhau:3 thnh phn ca PPTP l: Client PPTP, NAS, Server PPTP3 thnh phn ca L2TP l: LAC, NAS, Server L2TP (LNS)PPTP s dng giao thc m ha: MPPE, s dng thm bao gi GREL2TP s dng MPPE, IPSec, ECP m ha d liu (mnh hn)PPTP s dng lung iu khin trn TCPL2TP s dng lung iu khin trn UDP. Xc thc L2TP cn c: IPSec


**2.4. Giao thc L2TP2.4.6. iu khin kt ni L2TPCc Frame qun tr v iu khin kt ni L2TP da trn UDPnh dng ca thng ip iu khin L2TP c m t nh trong hnh vGi d liu UDP trn thng ip iu khin L2TP l c s, l kh nng kt ni


**2.4. Giao thc L2TP2.4.6. iu khin kt ni L2TP

Data LinkHeaderIPHeaderIPSec ESPHeaderUDP HeaderL2TP MessageIPSec ESPTrailerIPSec ESPAuthenticationTrailerData LinkTrailer


**2.4. Giao thc L2TP2.4.6. Kim sot kt ni L2TPMt s thng ip duy tr v iu khin L2TP


**2.4.6. Kim sot kt ni L2TP2.4. Giao thc L2TP

TnM tStart-Control-Connection-RequestYu cu t Client L2TP thit lp iu khin kt niStart-Control-Connection-ReplyPhn hi t Server L2TP vi thng ip Start-Control-Connection-Request ca Client. Thng ip ny cng c gi nh mt tr li cho thng ip Outgoing-Call-Reply.Start-Control-Connection-ConnectedTr li t Client L2TP cho thng ip Start-Control-Connection-Reply ca LNS.Outgoing-Call-RequestYu cu t Client L2TP ti LNS to ng hm L2TP. Yu cu ny cha Call ID nh dang mt yu cu trong ng hm.Outgoing-Call-ReplyTr li t LNS L2TP cho thng ip Outgoing-Call-Request ca Client.


**2.4. Giao thc L2TP2.4.6. Kim sot kt ni L2TP

TnM tHelloThng ip Keep-alive gi bi LNS hoc Client. Nu thng ip ny khng c chp nhn bi thc th cui khc th ng hm b kt thc.Set-Link-InfoThng ip t pha khc thit lp cc tu chn PPP.Call-Disconnect-NotifyPhn hi t Server L2TP cho bit rng cuc gi trong ng hm L2TP c kt thc.WAN-Error-NotifyThng ip t Server L2TP (LNS) ti tt c cc Client L2TP c kt ni thng bo li trong giao din PPP ca Server.Stop-Control-Connection-RequestThng ip t Client hoc Server L2TP thng bo cho cc thc th cui khc v vic kt thc iu khin kt ni .


**2.4. Giao thc L2TP2.4.6. Kim sot kt ni L2TP->

TnM tStop-Control-Connection-ReplyPhn hi ngc li t thc th cui i vi thng ip StopControlConnection-Request.Stop-Control-Connection-NotificationPhn hi ngc li t thc th cui cho bit ng hm b kt thc.


**2.4. Giao thc L2TP2.4.7. u imL gii php chung, c lp vi nn, h tr nhiu cng ngh mngTrong sut vi ISP cng nh vi ngi dngCung cp kim sot lung Kt qu l cc gi d liu c th b loi b mt cch tu nu ng hm b y. iu ny lm cho cc giao dch L2TP nhanh hn cc giao dch da trn L2F (L2F khng c kim soat lung).

->


**2.4. Giao thc L2TP2.4.7. u imS dng a ch IP cha ng kNng cao tnh bo mt do m ha ng truyn ti da trn IPSEC (xc thc tng gi d liu)->


**2.4. Giao thc L2TP2.4.8. Nhc imChm hn so vi PPTP v L2F v n s dng IPSec cho xc thc tng gi d liu nhn c->


So snh PPTP, L2F, L2TP

FeaturePPTPL2FL2TPH tr nhiu giao thcYesYesYesH tr nhiu lin kt PPPNoYesYesH tr nhiu kt ni trn ng hmNoYesYesCc ch hot ng c h trIncoming & OutgoingIncomingIncomingCc ch ng hm c h trVoluntaryVoluntary & CompulsoryVoluntary & CompulsoryGiao thc CarrierIP/GREIP/UDP, IP/FR, IP/ATMIP/UDP, IP/FR, IP/ATMGiao thc kim sotTCP, Port: 1723UDP, Port: 1701UDP, Port: 1701Cc c ch xc thcMS-CHAP, PAPCHAP, PAP, SPAP, EAP, IPSec, RADIUS RADIUS & & TACACSCHAP, PAP, SPAP, EAP, IPSec, TACACSCc c ch m hoMPPEMPPE, IPSecMPPE, IPSec, ECP


LOGO

**Tng ktChng ny trnh by v cc giao thc VPN ti tng 2M hnh ng hmTin trnh to ng hmKhun dng gi d liu,

LOGO

**Mt s cu hi n tpNu cc u nhc im ca mi giao thc VPN ti tng 2?Nu nhng im khc bit gia m hnh ng hm L2TP bt buc v t nguyn?Tm hiu thm v cc tu chn xc thc v m ho trong cc giao thc VPN ti tng 2?Vn s dng IPSec kt hp vi L2TP?

LOGO

**The End!

Bi ging: An ton Mng ring o*Bi ging: An ton Mng ring oBi ging: An ton Mng ring o*Bi ging: An ton Mng ring oBi ging: An ton Mng ring o*Bi ging: An ton Mng ring oBi ging: An ton Mng ring o*Bi ging: An ton Mng ring oBi ging: An ton Mng ring o*Bi ging: An ton Mng ring oV khung PPP khng cn /c MAC, nn trng address khng s dng.Control: Trng ny cha chui nh phn l 00000011. N biu th rng, Frame ang mang d liu ngi dng l mt Frame khng tun t. di ca trng ny l 1 byte.Protocol: Trng ny xc nh giao thc m d liu c ng gi trong trng d liu ca Frame. Giao thc trong trng ny c ch r theo s gn trong RFC 3232. di ca trng ny l 2 byte. Tuy nhin, trng ny c th thng lng l 1 byte nu c hai ng .

*Bi ging: An ton Mng ring oBi ging: An ton Mng ring o*Bi ging: An ton Mng ring oGi PPP ng frame gi d liu ca tng 3, nn PPP cha c tng Network.*Bi ging: An ton Mng ring oGi PPP ng frame gi d liu ca tng 3, nn PPP cha c tng Network.*Bi ging: An ton Mng ring oGi PPP ng frame gi d liu ca tng 3, nn PPP cha c tng Network.*Bi ging: An ton Mng ring oGi PPP ng frame gi d liu ca tng 3, nn PPP cha c tng Network.*Bi ging: An ton Mng ring oGi PPP ng frame gi d liu ca tng 3, nn PPP cha c tng Network.*Bi ging: An ton Mng ring oGi PPP ng frame gi d liu ca tng 3, nn PPP cha c tng Network.*Bi ging: An ton Mng ring oGi PPP ng frame gi d liu ca tng 3, nn PPP cha c tng Network.*Bi ging: An ton Mng ring oGi PPP ng frame gi d liu ca tng 3, nn PPP cha c tng Network.*Bi ging: An ton Mng ring oGi PPP ng frame gi d liu ca tng 3, nn PPP cha c tng Network.*Bi ging: An ton Mng ring oGi PPP ng frame gi d liu ca tng 3, nn PPP cha c tng Network.*Bi ging: An ton Mng ring oRADIUS v TACACS cung cp mt trung tm xc thc vi ngi dng truy cp t xa. C 2 cng ngh lm vic theo cch tng t nhau. Mt Server truy cp t xa thc thi mt RADIUS hay TACACS Client chuyn tip cc yu cu xc thc ti mt Server trung tm, ni yu cu c x l v c cp quyn truy cp hoc t chi truy cp. RADIUS v TACACS cng cho php chuyn thng tin cu hnh t Client ti mt c s d liu trung tm. RADIUS c th c kt ni vo mt h thng xc thc trung tm khc nh Kerberos, DCE v RACFBi ging: An ton Mng ring oRADIUS v TACACS cung cp mt trung tm xc thc vi ngi dng truy cp t xa. C 2 cng ngh lm vic theo cch tng t nhau. Mt Server truy cp t xa thc thi mt RADIUS hay TACACS Client chuyn tip cc yu cu xc thc ti mt Server trung tm, ni yu cu c x l v c cp quyn truy cp hoc t chi truy cp. RADIUS v TACACS cng cho php chuyn thng tin cu hnh t Client ti mt c s d liu trung tm. RADIUS c th c kt ni vo mt h thng xc thc trung tm khc nh Kerberos, DCE v RACFBi ging: An ton Mng ring oRADIUS v TACACS cung cp mt trung tm xc thc vi ngi dng truy cp t xa. C 2 cng ngh lm vic theo cch tng t nhau. Mt Server truy cp t xa thc thi mt RADIUS hay TACACS Client chuyn tip cc yu cu xc thc ti mt Server trung tm, ni yu cu c x l v c cp quyn truy cp hoc t chi truy cp. RADIUS v TACACS cng cho php chuyn thng tin cu hnh t Client ti mt c s d liu trung tm. RADIUS c th c kt ni vo mt h thng xc thc trung tm khc nh Kerberos, DCE v RACFBi ging: An ton Mng ring oRADIUS v TACACS cung cp mt trung tm xc thc vi ngi dng truy cp t xa. C 2 cng ngh lm vic theo cch tng t nhau. Mt Server truy cp t xa thc thi mt RADIUS hay TACACS Client chuyn tip cc yu cu xc thc ti mt Server trung tm, ni yu cu c x l v c cp quyn truy cp hoc t chi truy cp. RADIUS v TACACS cng cho php chuyn thng tin cu hnh t Client ti mt c s d liu trung tm. RADIUS c th c kt ni vo mt h thng xc thc trung tm khc nh Kerberos, DCE v RACFBi ging: An ton Mng ring oBi ging: An ton Mng ring o*Bi ging: An ton Mng ring oBi ging: An ton Mng ring o*Bi ging: An ton Mng ring oBi ging: An ton Mng ring o*Bi ging: An ton Mng ring oBi ging: An ton Mng ring o*Bi ging: An ton Mng ring oBi ging: An ton Mng ring o*Bi ging: An ton Mng ring oBi ging: An ton Mng ring o*Bi ging: An ton Mng ring oBi ging: An ton Mng ring o*Bi ging: An ton Mng ring oBi ging: An ton Mng ring o*Bi ging: An ton Mng ring oBi ging: An ton Mng ring o*Bi ging: An ton Mng ring oBi ging: An ton Mng ring o*Lu : Trong hu ht chng ny, kt ni VPN c to ra nh ISP (khng phi ngi dng t to ra VPN), do cc thit b VPN l do ISP qun l.Bi ging: An ton Mng ring oBi ging: An ton Mng ring o*Nu nh cc thit b ca ISP h tr PPTP th khng cn phn cng hay phn mm no cho cc client, ch cn mt kt ni PPP chun. Nu nh cc thit b ca ISP khng h tr PPTP th mt client Win NT (hoc phn mm tng t) vn c th to kt ni bo mt bng cch: u tin quay s kt ni ti ISP bng PPP, sau quay s mt ln na thng qua cng PPTP o c thit lp client.Client PPTP c sn Win NT, Win 9x v cc h iu hnh sau ny. Khi chn client PPTP cn phi so snh cc chc nng ca n vi my ch PPTP c. Khng phi tt c cc phn mm client PPTP u h tr MS-CHAP, nu thiu cng c ny th khng th tn dng c u im m ho trong RRAS. Bi ging: An ton Mng ring oBi ging: An ton Mng ring o*My ch truy cp mng NAS cn c tn gi khc l My ch truy cp t xa (Remote Access Server) NAS cung cp kh nng truy cp ng dy da trn phn mm v c kh nng tnh cc v c kh nng chu ng li ti ISP POP. NAS ca ISP c thit k cho php mt s lng ln ngi dng c th quay s truy cp vo cng mt lc.Nu mt ISP cung cp dch v PPTP th cn phi ci mt NAS cho php PPTP, h tr cc client chy trn cc nn khc nhau nh Unix, Windows, Macintosh. Trong trung hp ny, my ch ISP ng vai tr nh mt client PPTP kt ni vi my ch PPTP ti mng ring v my ch ISP tr thnh mt im cui ca ng hm, im kt thc cn li l my ch ti u mng ring. Bi ging: An ton Mng ring oBi ging: An ton Mng ring o*Bi ging: An ton Mng ring oBi ging: An ton Mng ring o*Bi ging: An ton Mng ring oBi ging: An ton Mng ring o*Bi ging: An ton Mng ring oBi ging: An ton Mng ring o*Bi ging: An ton Mng ring oBi ging: An ton Mng ring o*Bi ging: An ton Mng ring oBi ging: An ton Mng ring o*Bi ging: An ton Mng ring oBi ging: An ton Mng ring o*Bi ging: An ton Mng ring oBi ging: An ton Mng ring o*Bi ging: An ton Mng ring oBi ging: An ton Mng ring o*Bi ging: An ton Mng ring oBi ging: An ton Mng ring o*Bi ging: An ton Mng ring oDo ng hm bt buc nh trc im kt thc v ngi dng khng th truy cp phn cn li ca Internet nn n iu khin truy nhp tt hn so vi ng hm t nguyn. Nu v tnh bo mt m khng cho ngi dng truy cp Internet cng cng th ng hm bt buc ngn khng cho h truy cp Internet cng cng nhng vn cho php h dng Internet truy cp VPN (ngha l ch cho truy cp v c cc site trong VPN m thi).Bi ging: An ton Mng ring oBi ging: An ton Mng ring o*Bi ging: An ton Mng ring oBi ging: An ton Mng ring o*Bi ging: An ton Mng ring oBi ging: An ton Mng ring o*Bi ging: An ton Mng ring oBi ging: An ton Mng ring o*Bi ging: An ton Mng ring oBi ging: An ton Mng ring o*Bi ging: An ton Mng ring oBi ging: An ton Mng ring o*Bi ging: An ton Mng ring oBi ging: An ton Mng ring o*Bi ging: An ton Mng ring oBi ging: An ton Mng ring o*Bi ging: An ton Mng ring oBi ging: An ton Mng ring o*Bi ging: An ton Mng ring oBi ging: An ton Mng ring o*PPTP h tr IP, IPX, NetBEUI, NetBIOS

Bi ging: An ton Mng ring oBi ging: An ton Mng ring o*Bi ging: An ton Mng ring oBi ging: An ton Mng ring o*Bi ging: An ton Mng ring oBi ging: An ton Mng ring o*Bi ging: An ton Mng ring oBi ging: An ton Mng ring o*Bi ging: An ton Mng ring oBi ging: An ton Mng ring o*PPTP h tr IP, IPX, NetBEUI, NetBIOS

Bi ging: An ton Mng ring oBi ging: An ton Mng ring o*Bi ging: An ton Mng ring oBi ging: An ton Mng ring o*Bi ging: An ton Mng ring oBi ging: An ton Mng ring o*Bi ging: An ton Mng ring oBi ging: An ton Mng ring o*Bi ging: An ton Mng ring oBi ging: An ton Mng ring o*Bi ging: An ton Mng ring oBi ging: An ton Mng ring o*Hai cng ty ny hp tc cng kt hp 2 giao thc li v ng k chun ho ti IETF.Bi ging: An ton Mng ring oBi ging: An ton Mng ring o*Bi ging: An ton Mng ring oBi ging: An ton Mng ring o*Bi ging: An ton Mng ring oBi ging: An ton Mng ring o*Bi ging: An ton Mng ring oBi ging: An ton Mng ring o*Bi ging: An ton Mng ring oBi ging: An ton Mng ring o*Tiu tng Datalink, th hin ng hm lm vic trong mi trng no, c th l: Ethernet, X.25, Frame Relay, ATM, hay PPP.Bi ging: An ton Mng ring oBi ging: An ton Mng ring o*Bi ging: An ton Mng ring oBi ging: An ton Mng ring o*Bi ging: An ton Mng ring oBi ging: An ton Mng ring o*Bi ging: An ton Mng ring oBi ging: An ton Mng ring o*Bi ging: An ton Mng ring oBi ging: An ton Mng ring o*Bi ging: An ton Mng ring oBi ging: An ton Mng ring o*Bi ging: An ton Mng ring oBi ging: An ton Mng ring o*Bi ging: An ton Mng ring oBi ging: An ton Mng ring o*Bi ging: An ton Mng ring oBi ging: An ton Mng ring o*Bi ging: An ton Mng ring oBi ging: An ton Mng ring o*Bi ging: An ton Mng ring oBi ging: An ton Mng ring o*Bi ging: An ton Mng ring oBi ging: An ton Mng ring o*Bi ging: An ton Mng ring oBi ging: An ton Mng ring o*Bi ging: An ton Mng ring oBi ging: An ton Mng ring o*Bi ging: An ton Mng ring oBi ging: An ton Mng ring o*Bi ging: An ton Mng ring oBi ging: An ton Mng ring o*Bi ging: An ton Mng ring oBi ging: An ton Mng ring o*Bi ging: An ton Mng ring oBi ging: An ton Mng ring o*Bi ging: An ton Mng ring oBi ging: An ton Mng ring o*Bi ging: An ton Mng ring oBi ging: An ton Mng ring o*Bi ging: An ton Mng ring oBi ging: An ton Mng ring o*L2TP cho php ngi dng t xa cha ng k a ch IP truy cp ti mt mng t xa qua mt mng cng cng. Bi ging: An ton Mng ring oBi ging: An ton Mng ring o*Bi ging: An ton Mng ring oBi ging: An ton Mng ring o*Bi ging: An ton Mng ring oBi ging: An ton Mng ring o*Bi ging: An ton Mng ring oBi ging: An ton Mng ring o*Bi ging: An ton Mng ring o

BÀI GIẢNG VPNChuong 2_2_cac Giao Thuc Tang 2

Documents

Transcript of BÀI GIẢNG VPNChuong 2_2_cac Giao Thuc Tang 2