222.You are the administrator of your company’s network, which consists of a single Windows 2000 domain.
The network has a persistent connection to the Internet. The relevant partition of its configuration is
shown in the exhibit. (Click the Exhibit button).
Your company employs mobile salespeople who use portable computers running Windows 98. To enable
these users to access internal resources you place a virtual private network (VPN) server named VPN1
outside your firewall. This server is a stand-alone Windows 2000 Server computer running Routing and
Remote Access. The firewall is configured to allow inbound access from VPN1 only.
You configure PPTP ports on VPN1. Now you must configure packet filters. VPN1 must allow only VPN
traffic on the Internet interface, and it must prevent non-VPN users from accessing internal resources.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A. Using the PPTP ports as the destination ports, create an input filter on VPN1.
As the destination IP address, use the IP address of the external interface of VPN1.
B. Using the PPTP ports as the source ports, create an input filter on VPN1.
As the source IP address, use the IP address of the external interface of VPN1.
C. Using the PPTP ports as the destination ports, create an input filter on VPN1.
As the destination IP address, use the IP address of the internal interface of VPN1.
D. Using the PPTP ports as the source ports, create an output filter on VPN1.
As the source IP address, use the IP address of the external interface of VPN1.
E. Using the PPTP ports as the destination ports, create an output filter on VPN1.
As the destination IP address, use the IP address of the external interface of VPN1.
F. Using the PPTP ports as the source ports, create an output filter on VPN1.
As the source IP address, use the IP address of the internal interface of VPN1.
Answer: A, F
Explanation:
A: The only inbound traffic allowed is traffic to the external interface on the VPN1 server.
F: The only outbound traffic allowed is traffic originating from the internal interface of VPN1.
My question: for the output filter, shouldn't the source IP address be the IP address of the internal interface of the VPN server ?
The network has a persistent connection to the Internet. The relevant partition of its configuration is
shown in the exhibit. (Click the Exhibit button).
Your company employs mobile salespeople who use portable computers running Windows 98. To enable
these users to access internal resources you place a virtual private network (VPN) server named VPN1
outside your firewall. This server is a stand-alone Windows 2000 Server computer running Routing and
Remote Access. The firewall is configured to allow inbound access from VPN1 only.
You configure PPTP ports on VPN1. Now you must configure packet filters. VPN1 must allow only VPN
traffic on the Internet interface, and it must prevent non-VPN users from accessing internal resources.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A. Using the PPTP ports as the destination ports, create an input filter on VPN1.
As the destination IP address, use the IP address of the external interface of VPN1.
B. Using the PPTP ports as the source ports, create an input filter on VPN1.
As the source IP address, use the IP address of the external interface of VPN1.
C. Using the PPTP ports as the destination ports, create an input filter on VPN1.
As the destination IP address, use the IP address of the internal interface of VPN1.
D. Using the PPTP ports as the source ports, create an output filter on VPN1.
As the source IP address, use the IP address of the external interface of VPN1.
E. Using the PPTP ports as the destination ports, create an output filter on VPN1.
As the destination IP address, use the IP address of the external interface of VPN1.
F. Using the PPTP ports as the source ports, create an output filter on VPN1.
As the source IP address, use the IP address of the internal interface of VPN1.
Answer: A, F
Explanation:
A: The only inbound traffic allowed is traffic to the external interface on the VPN1 server.
F: The only outbound traffic allowed is traffic originating from the internal interface of VPN1.
My question: for the output filter, shouldn't the source IP address be the IP address of the internal interface of the VPN server ?