<?xml version="1.0" encoding="UTF-8"?><rss version="2.0"
	xmlns:content="http://purl.org/rss/1.0/modules/content/"
	xmlns:wfw="http://wellformedweb.org/CommentAPI/"
	xmlns:dc="http://purl.org/dc/elements/1.1/"
	xmlns:atom="http://www.w3.org/2005/Atom"
	xmlns:sy="http://purl.org/rss/1.0/modules/syndication/"
	xmlns:slash="http://purl.org/rss/1.0/modules/slash/"
	>

<channel>
	<title>Sophos XG Firewall : Cách áp dụng NAT trên 1 kết nối IPsec VPN Site-to-Site đối với hệ thống mạng bị trùng subnet &#8211; Thegioifirewall</title>
	<atom:link href="https://thegioifirewall.com/tag/sophos-xg-firewall-cach-ap-dung-nat-tren-1-ket-noi-ipsec-vpn-site-to-site-doi-voi-he-thong-mang-bi-trung-subnet/feed/" rel="self" type="application/rss+xml" />
	<link>https://thegioifirewall.com</link>
	<description>Tường lửa bảo vệ doanh nghiệp, trung tâm thông tin và giá cả</description>
	<lastBuildDate>Mon, 06 May 2019 09:06:16 +0000</lastBuildDate>
	<language>vi</language>
	<sy:updatePeriod>
	hourly	</sy:updatePeriod>
	<sy:updateFrequency>
	1	</sy:updateFrequency>
	<generator>https://wordpress.org/?v=7.0</generator>

<image>
	<url>https://thegioifirewall.com/wp-content/uploads/vacif_icon-150x150.png</url>
	<title>Sophos XG Firewall : Cách áp dụng NAT trên 1 kết nối IPsec VPN Site-to-Site đối với hệ thống mạng bị trùng subnet &#8211; Thegioifirewall</title>
	<link>https://thegioifirewall.com</link>
	<width>32</width>
	<height>32</height>
</image> 
	<item>
		<title>Sophos XG Firewall : Cách áp dụng NAT trên 1 kết nối IPsec VPN Site-to-Site đối với hệ thống mạng bị trùng subnet</title>
		<link>https://thegioifirewall.com/sophos-xg-firewall-cach-ap-dung-nat-tren-1-ket-noi-ipsec-vpn-site-to-site/</link>
					<comments>https://thegioifirewall.com/sophos-xg-firewall-cach-ap-dung-nat-tren-1-ket-noi-ipsec-vpn-site-to-site/#respond</comments>
		
		<dc:creator><![CDATA[TrungNghia]]></dc:creator>
		<pubDate>Mon, 06 May 2019 06:32:22 +0000</pubDate>
				<category><![CDATA[Hướng dẫn chung]]></category>
		<category><![CDATA[Sophos XG Firewall : Cách áp dụng NAT trên 1 kết nối IPsec VPN Site-to-Site đối với hệ thống mạng bị trùng subnet]]></category>
		<guid isPermaLink="false">http://www.thegioifirewall.com/?p=2928</guid>

					<description><![CDATA[Mục đích bài viết Bài viết này mô tả các bước để cấu hình NAT qua IPsec VPN để phân biệt giữa các mạng con cục bộ đằng sau mỗi thiết bị tường lửa Sophos XG khi các mạng con cục bộ này bị chồng chéo. Sơ đồ mạng và kịch bản cấu hình Như [&#8230;]]]></description>
										<content:encoded><![CDATA[
<h2 class="wp-block-heading">Mục đích bài viết</h2>



<ul class="wp-block-list"><li>Bài viết này mô tả các bước để cấu hình NAT qua IPsec VPN để phân biệt giữa các mạng con cục bộ đằng sau mỗi thiết bị tường lửa Sophos XG khi các mạng con cục bộ này bị chồng chéo.</li></ul>



<h2 class="wp-block-heading">Sơ đồ mạng và kịch bản cấu hình</h2>



<figure class="wp-block-image"><img fetchpriority="high" decoding="async" width="1024" height="428" src="https://thegioifirewall.com/wp-content/uploads/Diagram-1024x428.jpg" alt="" class="wp-image-2929" srcset="https://thegioifirewall.com/wp-content/uploads/Diagram-1024x428.jpg 1024w, https://thegioifirewall.com/wp-content/uploads/Diagram-300x125.jpg 300w, https://thegioifirewall.com/wp-content/uploads/Diagram-768x321.jpg 768w, https://thegioifirewall.com/wp-content/uploads/Diagram.jpg 1212w" sizes="(max-width: 1024px) 100vw, 1024px" /></figure>



<ul class="wp-block-list"><li>Như sơ đồ mạng, chúng ta sẽ cấu hình kết nối <strong>IPsec VPN Site-to-Site</strong> giữa <strong>Sophos Firewall 1</strong> và <strong>Sophos Firewall 2</strong>.</li><li>Nhưng có một vấn đề xảy ra nếu chúng ta tạo kết nối đó là cả hai lớp mạng <strong>LAN</strong> phía sau thiết bị <strong>bị trùng subnet</strong>.</li><li>Để giải quyết được vấn đề đó chúng ta sẽ <strong>thực hiện NAT</strong> trong lúc cấu hình thiết lập kết nối IPsec cho 2 thiết bị.</li></ul>



<h2 class="wp-block-heading">Cấu hình trên Sophos Firewall 1</h2>



<h4 class="wp-block-heading">Thêm local và remote LAN</h4>



<ul class="wp-block-list"><li>Nhấn <strong>Hosts and Service > IP Host</strong> và chọn <strong>Add</strong> để tạo <strong>local LAN</strong>.</li></ul>



<figure class="wp-block-image"><img decoding="async" width="856" height="215" src="https://thegioifirewall.com/wp-content/uploads/1-35.jpg" alt="" class="wp-image-2931" srcset="https://thegioifirewall.com/wp-content/uploads/1-35.jpg 856w, https://thegioifirewall.com/wp-content/uploads/1-35-300x75.jpg 300w, https://thegioifirewall.com/wp-content/uploads/1-35-768x193.jpg 768w" sizes="(max-width: 856px) 100vw, 856px" /></figure>



<ul class="wp-block-list"><li>Nhấn <strong>Hosts and Service > IP Host</strong> và chọn <strong>Add</strong> để tạo <strong>local NATed LAN</strong>.</li></ul>



<figure class="wp-block-image"><img decoding="async" width="856" height="215" src="https://thegioifirewall.com/wp-content/uploads/2-32.jpg" alt="" class="wp-image-2932" srcset="https://thegioifirewall.com/wp-content/uploads/2-32.jpg 856w, https://thegioifirewall.com/wp-content/uploads/2-32-300x75.jpg 300w, https://thegioifirewall.com/wp-content/uploads/2-32-768x193.jpg 768w" sizes="(max-width: 856px) 100vw, 856px" /></figure>



<ul class="wp-block-list"><li>Nhấn <strong>Hosts and Service > IP Host</strong> và chọn <strong>Add</strong> để tạo <strong>remote NATed LAN</strong>.</li></ul>



<figure class="wp-block-image"><img loading="lazy" decoding="async" width="856" height="215" src="https://thegioifirewall.com/wp-content/uploads/3-31.jpg" alt="" class="wp-image-2933" srcset="https://thegioifirewall.com/wp-content/uploads/3-31.jpg 856w, https://thegioifirewall.com/wp-content/uploads/3-31-300x75.jpg 300w, https://thegioifirewall.com/wp-content/uploads/3-31-768x193.jpg 768w" sizes="auto, (max-width: 856px) 100vw, 856px" /></figure>



<h4 class="wp-block-heading">Tạo kết nối IPsec VPN Site-to-Site</h4>



<ul class="wp-block-list"><li>Nhấn <strong>VPN > IPsec Connections</strong> và nhấn <strong>Add</strong>. Tạo kết nối bằng các thông số như sau. </li></ul>



<figure class="wp-block-image"><img loading="lazy" decoding="async" width="856" height="473" src="https://thegioifirewall.com/wp-content/uploads/4-26.jpg" alt="" class="wp-image-2934" srcset="https://thegioifirewall.com/wp-content/uploads/4-26.jpg 856w, https://thegioifirewall.com/wp-content/uploads/4-26-300x166.jpg 300w, https://thegioifirewall.com/wp-content/uploads/4-26-768x424.jpg 768w" sizes="auto, (max-width: 856px) 100vw, 856px" /></figure>



<div class="wp-block-image"><figure class="aligncenter"><img loading="lazy" decoding="async" width="856" height="461" src="https://thegioifirewall.com/wp-content/uploads/5-23.jpg" alt="" class="wp-image-2935" srcset="https://thegioifirewall.com/wp-content/uploads/5-23.jpg 856w, https://thegioifirewall.com/wp-content/uploads/5-23-300x162.jpg 300w, https://thegioifirewall.com/wp-content/uploads/5-23-768x414.jpg 768w" sizes="auto, (max-width: 856px) 100vw, 856px" /></figure></div>



<ul class="wp-block-list"><li>Nhấn <strong>Save</strong> và màn hình sau sẽ hiển kết nối vừa được tạo ở phía trên.</li></ul>



<figure class="wp-block-image"><img loading="lazy" decoding="async" width="857" height="188" src="https://thegioifirewall.com/wp-content/uploads/6-22.jpg" alt="" class="wp-image-2936" srcset="https://thegioifirewall.com/wp-content/uploads/6-22.jpg 857w, https://thegioifirewall.com/wp-content/uploads/6-22-300x66.jpg 300w, https://thegioifirewall.com/wp-content/uploads/6-22-768x168.jpg 768w" sizes="auto, (max-width: 857px) 100vw, 857px" /></figure>



<ul class="wp-block-list"><li>Nhấn vào icon tròn màu đỏ dưới cột <strong>Active</strong> để mở kết nối.</li></ul>



<figure class="wp-block-image"><img loading="lazy" decoding="async" width="856" height="188" src="https://thegioifirewall.com/wp-content/uploads/7-14.jpg" alt="" class="wp-image-2937" srcset="https://thegioifirewall.com/wp-content/uploads/7-14.jpg 856w, https://thegioifirewall.com/wp-content/uploads/7-14-300x66.jpg 300w, https://thegioifirewall.com/wp-content/uploads/7-14-768x169.jpg 768w" sizes="auto, (max-width: 856px) 100vw, 856px" /></figure>



<h4 class="wp-block-heading">Tạo 2 firewall rule cho phép các lưu lượng VPN</h4>



<ul class="wp-block-list"><li>Nhấn <strong>Firewall > +Add Firewall Rule</strong>. Tạo 2 firewall rule như hình sau.</li></ul>



<figure class="wp-block-image"><img loading="lazy" decoding="async" width="847" height="468" src="https://thegioifirewall.com/wp-content/uploads/8-12.jpg" alt="" class="wp-image-2938" srcset="https://thegioifirewall.com/wp-content/uploads/8-12.jpg 847w, https://thegioifirewall.com/wp-content/uploads/8-12-300x166.jpg 300w, https://thegioifirewall.com/wp-content/uploads/8-12-768x424.jpg 768w" sizes="auto, (max-width: 847px) 100vw, 847px" /></figure>



<figure class="wp-block-image"><img loading="lazy" decoding="async" width="847" height="468" src="https://thegioifirewall.com/wp-content/uploads/9-11.jpg" alt="" class="wp-image-2939" srcset="https://thegioifirewall.com/wp-content/uploads/9-11.jpg 847w, https://thegioifirewall.com/wp-content/uploads/9-11-300x166.jpg 300w, https://thegioifirewall.com/wp-content/uploads/9-11-768x424.jpg 768w" sizes="auto, (max-width: 847px) 100vw, 847px" /></figure>



<h2 class="wp-block-heading">Cấu hình trên Sophos Firewall 2</h2>



<h4 class="wp-block-heading">Thêm local và remote LAN</h4>



<ul class="wp-block-list"><li>Nhấn <strong>Hosts and Services > IP Host</strong> và chọn <strong>Add</strong> để tạo <strong>local LAN</strong>.</li></ul>



<figure class="wp-block-image"><img loading="lazy" decoding="async" width="1024" height="263" src="https://thegioifirewall.com/wp-content/uploads/10-9-1024x263.jpg" alt="" class="wp-image-2940" srcset="https://thegioifirewall.com/wp-content/uploads/10-9-1024x263.jpg 1024w, https://thegioifirewall.com/wp-content/uploads/10-9-300x77.jpg 300w, https://thegioifirewall.com/wp-content/uploads/10-9-768x197.jpg 768w, https://thegioifirewall.com/wp-content/uploads/10-9.jpg 1070w" sizes="auto, (max-width: 1024px) 100vw, 1024px" /></figure>



<ul class="wp-block-list"><li>Nhấn <strong>Hosts and Services > IP Host</strong> và chọn <strong>Add</strong> để tạo <strong>local NATed LAN</strong>.</li></ul>



<figure class="wp-block-image"><img loading="lazy" decoding="async" width="1024" height="263" src="https://thegioifirewall.com/wp-content/uploads/11-7-1024x263.jpg" alt="" class="wp-image-2941" srcset="https://thegioifirewall.com/wp-content/uploads/11-7-1024x263.jpg 1024w, https://thegioifirewall.com/wp-content/uploads/11-7-300x77.jpg 300w, https://thegioifirewall.com/wp-content/uploads/11-7-768x197.jpg 768w, https://thegioifirewall.com/wp-content/uploads/11-7.jpg 1071w" sizes="auto, (max-width: 1024px) 100vw, 1024px" /></figure>



<ul class="wp-block-list"><li>Nhấn <strong>Hosts and Services > IP Host</strong> và chọn <strong>Add</strong> để tạo <strong>remote NATed LAN</strong>.</li></ul>



<div class="wp-block-image"><figure class="aligncenter"><img loading="lazy" decoding="async" width="1024" height="263" src="https://thegioifirewall.com/wp-content/uploads/12-6-1024x263.jpg" alt="" class="wp-image-2942" srcset="https://thegioifirewall.com/wp-content/uploads/12-6-1024x263.jpg 1024w, https://thegioifirewall.com/wp-content/uploads/12-6-300x77.jpg 300w, https://thegioifirewall.com/wp-content/uploads/12-6-768x197.jpg 768w, https://thegioifirewall.com/wp-content/uploads/12-6.jpg 1070w" sizes="auto, (max-width: 1024px) 100vw, 1024px" /></figure></div>



<h4 class="wp-block-heading">Tạo kết nối IPsec VPN Site-to-Site</h4>



<ul class="wp-block-list"><li>Nhấn <strong>VPN > IPsec Connections</strong> và nhấn <strong>Add</strong>. Tạo kết nối bằng các thông số như sau.</li></ul>



<div class="wp-block-image"><figure class="aligncenter"><img loading="lazy" decoding="async" width="857" height="470" src="https://thegioifirewall.com/wp-content/uploads/13-3.jpg" alt="" class="wp-image-2943" srcset="https://thegioifirewall.com/wp-content/uploads/13-3.jpg 857w, https://thegioifirewall.com/wp-content/uploads/13-3-300x165.jpg 300w, https://thegioifirewall.com/wp-content/uploads/13-3-768x421.jpg 768w" sizes="auto, (max-width: 857px) 100vw, 857px" /></figure></div>



<figure class="wp-block-image"><img loading="lazy" decoding="async" width="857" height="459" src="https://thegioifirewall.com/wp-content/uploads/14-5.jpg" alt="" class="wp-image-2944" srcset="https://thegioifirewall.com/wp-content/uploads/14-5.jpg 857w, https://thegioifirewall.com/wp-content/uploads/14-5-300x161.jpg 300w, https://thegioifirewall.com/wp-content/uploads/14-5-768x411.jpg 768w" sizes="auto, (max-width: 857px) 100vw, 857px" /></figure>



<ul class="wp-block-list"><li>Nhấn <strong>Save</strong> và màn hình sau sẽ hiển kết nối vừa được tạo ở phía trên.</li></ul>



<figure class="wp-block-image"><img loading="lazy" decoding="async" width="857" height="191" src="https://thegioifirewall.com/wp-content/uploads/15-4.jpg" alt="" class="wp-image-2945" srcset="https://thegioifirewall.com/wp-content/uploads/15-4.jpg 857w, https://thegioifirewall.com/wp-content/uploads/15-4-300x67.jpg 300w, https://thegioifirewall.com/wp-content/uploads/15-4-768x171.jpg 768w" sizes="auto, (max-width: 857px) 100vw, 857px" /></figure>



<ul class="wp-block-list"><li>Nhấn vào icon tròn màu đỏ dưới cột <strong>Active</strong> để bật kết nối.</li></ul>



<figure class="wp-block-image"><img loading="lazy" decoding="async" width="856" height="192" src="https://thegioifirewall.com/wp-content/uploads/16-5.jpg" alt="" class="wp-image-2946" srcset="https://thegioifirewall.com/wp-content/uploads/16-5.jpg 856w, https://thegioifirewall.com/wp-content/uploads/16-5-300x67.jpg 300w, https://thegioifirewall.com/wp-content/uploads/16-5-768x172.jpg 768w" sizes="auto, (max-width: 856px) 100vw, 856px" /></figure>



<h4 class="wp-block-heading">Tạo firewall rule cho phép các lưu lượng VPN</h4>



<ul class="wp-block-list"><li>Nhấn <strong>Firewall > +Add Firewall Rule</strong>. Tạo 2 firewall rule như hình sau.</li></ul>



<figure class="wp-block-image"><img loading="lazy" decoding="async" width="847" height="468" src="https://thegioifirewall.com/wp-content/uploads/17-5.jpg" alt="" class="wp-image-2947" srcset="https://thegioifirewall.com/wp-content/uploads/17-5.jpg 847w, https://thegioifirewall.com/wp-content/uploads/17-5-300x166.jpg 300w, https://thegioifirewall.com/wp-content/uploads/17-5-768x424.jpg 768w" sizes="auto, (max-width: 847px) 100vw, 847px" /></figure>



<figure class="wp-block-image"><img loading="lazy" decoding="async" width="847" height="468" src="https://thegioifirewall.com/wp-content/uploads/18-5.jpg" alt="" class="wp-image-2948" srcset="https://thegioifirewall.com/wp-content/uploads/18-5.jpg 847w, https://thegioifirewall.com/wp-content/uploads/18-5-300x166.jpg 300w, https://thegioifirewall.com/wp-content/uploads/18-5-768x424.jpg 768w" sizes="auto, (max-width: 847px) 100vw, 847px" /></figure>



<h2 class="wp-block-heading">Thiết lập kết nối giữa hai thiết bị</h2>



<ul class="wp-block-list"><li>Khi cả hai thiết bị Sophos Firewall 1 và Sophos Firewall 2 đều đã được cấu hình, hãy thiết lập kết nối IPsec giữa chúng. </li><li>Đi tới <strong>VPN > IPsec Connections</strong> và nhấp vào icon tròn bên dưới cột <strong>Status (Connection)</strong>.</li><li>Khi đó icon sẽ <strong>chuyển sang màu xanh</strong> và hai thiết bị đã kết nối VPN thành công.</li></ul>



<figure class="wp-block-image"><img loading="lazy" decoding="async" width="856" height="192" src="https://thegioifirewall.com/wp-content/uploads/16-6.jpg" alt="" class="wp-image-2951" srcset="https://thegioifirewall.com/wp-content/uploads/16-6.jpg 856w, https://thegioifirewall.com/wp-content/uploads/16-6-300x67.jpg 300w, https://thegioifirewall.com/wp-content/uploads/16-6-768x172.jpg 768w" sizes="auto, (max-width: 856px) 100vw, 856px" /></figure>



<figure class="wp-block-image"><img loading="lazy" decoding="async" width="857" height="191" src="https://thegioifirewall.com/wp-content/uploads/19-5.jpg" alt="" class="wp-image-2949" srcset="https://thegioifirewall.com/wp-content/uploads/19-5.jpg 857w, https://thegioifirewall.com/wp-content/uploads/19-5-300x67.jpg 300w, https://thegioifirewall.com/wp-content/uploads/19-5-768x171.jpg 768w" sizes="auto, (max-width: 857px) 100vw, 857px" /></figure>



<h2 class="wp-block-heading">Kết quả</h2>



<ul class="wp-block-list"><li>Tạo một số lưu lượng truy cập.</li><li>Ở đây chúng ta sẽ thực hiện ping giữa hai máy phía sau lớp mạng LAN của hai thiết bị với nhau.</li><li> Máy tính tên <strong>PC1</strong> phía sau Sophos Firewall 1 có địa chỉ IP là <strong>172.16.16.100</strong> sau khi <strong>thực hiện NAT</strong> trên kết nối VPN thì địa chỉ IP của nó mà chúng ta dùng để ping sẽ là <strong>172.16.17.100</strong>.</li><li>Thực hiện ping đến máy PC1 và có kết quả như hình sau.</li></ul>



<div class="wp-block-image"><figure class="aligncenter"><img loading="lazy" decoding="async" width="491" height="127" src="https://thegioifirewall.com/wp-content/uploads/24-2.jpg" alt="" class="wp-image-2955" srcset="https://thegioifirewall.com/wp-content/uploads/24-2.jpg 491w, https://thegioifirewall.com/wp-content/uploads/24-2-300x78.jpg 300w" sizes="auto, (max-width: 491px) 100vw, 491px" /></figure></div>



<ul class="wp-block-list"><li>Tương tự chúng ta có máy tính tên <strong>WIN-1IPUCKVKUMF</strong> nằm trong lớp mạng LAN phía sau Sophos Firewall 2 có địa chị IP là <strong>172.16.16.200</strong> sau khi <strong>thực hiện NAT</strong> trên kết nối VPN thì địa chỉ IP của nó mà chúng ta dùng để ping sẽ là <strong>172.16.18.200</strong>.</li><li>Dùng máy PC1 ping đến nó và có kết quả như sau.</li></ul>



<div class="wp-block-image"><figure class="aligncenter"><img loading="lazy" decoding="async" width="518" height="126" src="https://thegioifirewall.com/wp-content/uploads/23-4.jpg" alt="" class="wp-image-2956" srcset="https://thegioifirewall.com/wp-content/uploads/23-4.jpg 518w, https://thegioifirewall.com/wp-content/uploads/23-4-300x73.jpg 300w" sizes="auto, (max-width: 518px) 100vw, 518px" /></figure></div>



<ul class="wp-block-list"><li>Đi đến <strong>Firewall</strong> để xác minh rằng các quy tắc VPN cho phép nhập và xuất dữ liệu. </li></ul>



<figure class="wp-block-image"><img loading="lazy" decoding="async" width="855" height="80" src="https://thegioifirewall.com/wp-content/uploads/20-5.jpg" alt="" class="wp-image-2952" srcset="https://thegioifirewall.com/wp-content/uploads/20-5.jpg 855w, https://thegioifirewall.com/wp-content/uploads/20-5-300x28.jpg 300w, https://thegioifirewall.com/wp-content/uploads/20-5-768x72.jpg 768w" sizes="auto, (max-width: 855px) 100vw, 855px" /></figure>



<ul class="wp-block-list"><li>Chuyển đến <strong>Report > VPN</strong> và xác minh việc sử dụng IPsec.</li></ul>



<figure class="wp-block-image"><img loading="lazy" decoding="async" width="902" height="436" src="https://thegioifirewall.com/wp-content/uploads/21-4.jpg" alt="" class="wp-image-2953" srcset="https://thegioifirewall.com/wp-content/uploads/21-4.jpg 902w, https://thegioifirewall.com/wp-content/uploads/21-4-300x145.jpg 300w, https://thegioifirewall.com/wp-content/uploads/21-4-768x371.jpg 768w" sizes="auto, (max-width: 902px) 100vw, 902px" /></figure>



<figure class="wp-block-image"><img loading="lazy" decoding="async" width="906" height="496" src="https://thegioifirewall.com/wp-content/uploads/22-4.jpg" alt="" class="wp-image-2954" srcset="https://thegioifirewall.com/wp-content/uploads/22-4.jpg 906w, https://thegioifirewall.com/wp-content/uploads/22-4-300x164.jpg 300w, https://thegioifirewall.com/wp-content/uploads/22-4-768x420.jpg 768w" sizes="auto, (max-width: 906px) 100vw, 906px" /></figure>
]]></content:encoded>
					
					<wfw:commentRss>https://thegioifirewall.com/sophos-xg-firewall-cach-ap-dung-nat-tren-1-ket-noi-ipsec-vpn-site-to-site/feed/</wfw:commentRss>
			<slash:comments>0</slash:comments>
		
		
			</item>
	</channel>
</rss>
