The microsoft Windows 2000 vpn server that is we can configure by the Routing and Remote Access Services feature is install with a default set of Input and Output filters. These services support Point-to-Point Tunneling Protocol , Layer 2 Tunneling Protocol , and IP Security Protocol connectivity. The filters are generic and can be modified to tighten security on a VPN server. This topic we describes modifications that we can make to these filters to increase security. All filter configurations mentioned in this topic should be tested prior to being deployed in a production environment.
The RRAS feature install creates a set of default Input and Output Filters on the external adapter on the VPN server. these are make high security. To display and edit these filters:
1. Start the Routing and Remote Access snap-in in Microsoft Management Console (MMC).
2. Expand the IP Routing node in the left pane.
3. Click General in the left pane.
4. Right-click the external adapter listed in the right pane, and then click Properties.
5. You can view and edit the Inbound and Outbound filters on the General tab.
These are the default filters that are configured.
More security can be provide these services. by editing each of these services and further restricting the flow of PPTP and/or L2TP/IPSec packets. we must edit the Input and Output filters. The result is that inbond PPTP, L2TP/IPSec traffic will be restricted to the IP address of the external adapter and only PPTP, L2TP/IPSec traffic will be allowed to pass out through the external adapter from the internal network or the VPN server it self.
Input and Output filters services are edit personaly by selecting the filter and then clicking Edit button. The Edit IP Filter dialog box allows we can modify each filter setting. example: like that the external adapter has an IP address of 192.0.0.40 with a subnet mask of 255.255.255.0. After modifying the Input filters.
The default filter service settings that installe by using the RRAS Setup. which was allow for VPN connections only. The information in this topic is provide for those who want increased security.
Source: http://support.microsoft.com/kb/255784/
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment