Eicon Networks S92 Uživatelský manuál stáhnout pdf (Strana 126)

YuChakTinMichael‘sGIACGCFWProjectAssignment

Page 126

ConfiguretheVPNportsandthestatic route:

Bydefault,RRASallocates5portsforPPTPand5portsforL2TP.ForGIACwewill

useonlyPPTP,andwillconfigureatotalof11portsforit.Theseportsare mappedto

theaddresseswedefinedforallocatingtotheVPNclients.

ThefinalstepistoensurethattheseexternalclientscanaccesstheCritical_Resources

subnet.Microsoftsuggeststhatweuseastaticrouteforthispurpose. Inthiscase,

gateway192.168.16.6isusedtoreachthedestinationsubnetof192.168.21.0. Since

RRASisrunning,staticroutetoCritical_ResourcesshouldbeaddedviatheRRAS

MMCconsole.Usingtherouteaddcommandwiththe–pswitchwillnotmakethe

entrypermanent.

ConfigureInputFilters:

“APPTPbasedVPNservertypicallyhastwophysicalinterfaces:oneinterfaceon

thesharedorpublicnetworkliketheInternet,andanotherontheprivateintranet.It

alsohasavirtualinterfaceconnectingtoallVPNclients.FortheVPNserverto

forwardtrafficbetweenVPNclients, IPforwardingmustbeenabledonallinterfaces.

However,enablingforwardingbetweenthetwophysicalinterfacescausestheVPN

servertorouteallIPtrafficfromthesharedorpublicnetwor ktotheintranet.To

protecttheintranetfromalltrafficnotsentbyaVPNclient,PPTPpacketfiltering

mustbeconfiguredsothattheVPNserveronlyperformsroutingbetweenVPNclients

andtheintranet andnotbetweenpotentiallymalicioususersonthesharedorpublic

networkandtheintranet.”(from MicrosoftTechnet

29

)

29

http://www.microsoft.com/WINDOWS2000/techinfo/reskit/samplechapters/inbe/inbe_vpn_hueq.asp

1 2 ... 121 122 123 124 125 126 127 128 129 130 131 ... 208 209

Žádné komentáře

Eicon Networks S92 Uživatelský manuál Strana 126