174.You are the administrator of your company’s network, which consists of a single Windows 2000 domain. The network has a persistent connection to the Internet. The relevant partition of its configuration is shown in the exhibit. (Click the Exhibit button).
intranet <-------> firewall <------> VPN1 <------> internet
Your company employs mobile salespeople who use portable computers running Windows 2000 Professional. To enable these users to access internal resources you place a virtual private network (VPN) server named VPN1 outside your firewall. This server is a stand-alone Windows 2000 Server computer running Routing and Remote Access. The firewall is configured to allow inbound access from VPN1 only.
You configure L2TP ports on VPN1. Now you must configure additional output and input filters for the external network adapter on VPN1. You must ensure that VPN1 allows only VPN traffic on the Internet interface, and prevents non-VPN users from accessing internal resources.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A. Create an input filter on VPN1 that allows L2TP ports as destination ports.
As the destination IP address, use the IP address of the external interface of VPN1.
B. Create an input filter on VPN1 that allows L2TP ports as source ports.
As the source IP address, use the IP address of the external interface of VPN1.
C. Create an input filter on VPN1 that allows L2TP ports as destination ports.
As the destination IP address, use the IP address of the internal interface of VPN1.
D. Create an output filter on VPN1 that allows L2TP ports as source ports.
As the source IP address, use the IP address of the external interface of VPN1.
E. Create an output filter on VPN1 that allows L2TP ports as destination ports.
As the destination IP address, use the IP address of the external interface of VPN1.
F. Create an output filter on VPN1 that allows L2TP ports as source ports.
As the source IP address, use the IP address of the internal interface of VPN1.
Answer: A, F
Explanation:
A: The only inbound traffic allowed is traffic to the external interface on the VPN1 server.
F: The only outbound traffic allowed is traffic originating from the internal interface of VPN1.
Should the answer be A and D ? Since the outbound traffic originates from the external interface of VPN1 ? Outbound traffic is not possible to have a source address of the internal interface since the internal interface's addess is private.
intranet <-------> firewall <------> VPN1 <------> internet
Your company employs mobile salespeople who use portable computers running Windows 2000 Professional. To enable these users to access internal resources you place a virtual private network (VPN) server named VPN1 outside your firewall. This server is a stand-alone Windows 2000 Server computer running Routing and Remote Access. The firewall is configured to allow inbound access from VPN1 only.
You configure L2TP ports on VPN1. Now you must configure additional output and input filters for the external network adapter on VPN1. You must ensure that VPN1 allows only VPN traffic on the Internet interface, and prevents non-VPN users from accessing internal resources.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A. Create an input filter on VPN1 that allows L2TP ports as destination ports.
As the destination IP address, use the IP address of the external interface of VPN1.
B. Create an input filter on VPN1 that allows L2TP ports as source ports.
As the source IP address, use the IP address of the external interface of VPN1.
C. Create an input filter on VPN1 that allows L2TP ports as destination ports.
As the destination IP address, use the IP address of the internal interface of VPN1.
D. Create an output filter on VPN1 that allows L2TP ports as source ports.
As the source IP address, use the IP address of the external interface of VPN1.
E. Create an output filter on VPN1 that allows L2TP ports as destination ports.
As the destination IP address, use the IP address of the external interface of VPN1.
F. Create an output filter on VPN1 that allows L2TP ports as source ports.
As the source IP address, use the IP address of the internal interface of VPN1.
Answer: A, F
Explanation:
A: The only inbound traffic allowed is traffic to the external interface on the VPN1 server.
F: The only outbound traffic allowed is traffic originating from the internal interface of VPN1.
Should the answer be A and D ? Since the outbound traffic originates from the external interface of VPN1 ? Outbound traffic is not possible to have a source address of the internal interface since the internal interface's addess is private.