Nếu bạn đã đọc thông qua các chương nói về truy cập từ xa, bạn sẽ thấy nhiều điểm tương đồng giữa việc triển khai các trang web trang web và truy cập từ xa, nhưng không thực hiện bất kỳ bước cho các cấp. Hãy chú ý đến các thủ tục trong chương này để bắt tất cả các sự khác biệt tinh tế. | 250 PART II VPN Deployment Domain Configuration All access to the network for any resource is authenticated by Active Directory which provides the consolidation control and reporting of all security for the corporation. For each employee who is allowed VPN remote access The remote access permission on the dial-in properties of the user account is set to Control Access Through Remote Access Policy. The user account is added to the VPN_Users Active Directory group. Remote Access Policy Configuration To define the authentication and encryption settings for remote access VPN clients the following common remote access policy is created Policy Name Remote Access VPN Connections Access Method VPN User Or Group Access Group with the EXAMPLE VPN_Users group selected Authentication Methods Extensible Authentication Protocol EAP with the Smart Card Or Other Certificate type Microsoft Encrypted Authentication Version 2 MS-CHAP v2 and Microsoft Encrypted Authentication MS-CHAP selected Policy Encryption Level Strong Encryption and Strongest Encryption selected PPTP-Based Remote Access Client Configuration On the Windows XP remote access client computers the New Connection Wizard is used to create a VPN connection with the following settings Network Connection Type Connect To The Network At My Workplace Network Connection Virtual Private Network Connection Connection Name Contoso LTD. VPN Server Selection Connection Availability Anyone s Use This option is available only on Windows XP clients that are members of a domain. L2TP IPSec-Based Remote Access Client Configuration The remote access computer logs on to the Contoso LTD. domain using a LAN connection to the Contoso LTD. intranet and receives a computer certificate through auto-enrollment. This needs to happen prior to the user trying to connect from home because it needs to happen over the local LAN. If you want to enable Chapter 10 A VPN Deployment Scenario 251 bootstrapping certificates for .