Question no: 159
You are The Administrator of Testking's Network, Which Consists of A Single Windows 2000 Domain. The
Network Has a Persistent Connection to the Internet. The Relevant Portion of ITS Configuration IS Shown in
The exhibit.
Your Company Employs Mobile Salespeople Who Use Portable Computes, Which Run Either Windows 98 OR
Windows 2000 Professional. To Enable, You Place A Virtual Private
Network server named vpn1 outside your firewall. VPN1 IS A Stand-Alone Windows 2000 Server
Computer Running Routing and Remote Access. The FireWall Performs Network Address Translation, And IT
IS configured to allow inbound access from vpn1only.
You NEED TO USE THE MOST Secure VPN Connection Possible for Each Connection. You Configure AppropriTe
VPN Ports on VPN1.
VPN1 Must Now Be configured to allow only appropriate Traffic THROUGH THE FIREWALL ON THE Internal
Interface. Which Output and INPUT FILTERS SHOULD You Configure for THE INTERNAL NETWORK ADAPTER?
TO ANSWER CLICK The Select and Place Button and The Drag The Correct Filter Configuration To the appropriate
Filter Type. You might NEED TO USE Some Filter configurations more than once. Use the minimum number of
Necessary filters.
SELECT and PLACE
Answer:
Output filters
Source: FireWall External Address, TCP Port 1723
Source: FireWall External Address, IP Protocol ID 47
Input filters
Destination: FireWall External Address, TCP Port 1723
Destination: FireWall External Address, IP Protocol ID 47
Explanation:
THE FIREWALL Performs Network Address Translations. The VPN Must Use PPTP, IT Cannot Use L2TP / IPSec Due T
NetWork Address Translation. Both IPsec and Nat Changes The IP Headers and They Cannot Both Be Used on Aconnection.
THE VPN Server Is Attached Directly To The Internet and The FireWall Is Between The VPN Server and The intranet.
In this Configuration, THE VPN Server Must Be configured with packet filters That Onlyow VPN Traffic In and
OUT OF ITS Internet Interface.
PPTP Use TCP Port 1723 for tunnel maintenance traffic. For a filter to pass PPTP Data IT Must Allow IP Protocol
ID 47.
The Source and Destinations Addresses That Are Usually Used to Allow VPN Traffic Is The IP Address of The VPN
Server. in this case the firewall performs, the firewall external address is used
INSTEAD.
INCORRECT ANSWERS:
PPTP DOES NOT USE UDP Port 500, IT Uses TCP Port 1723.
PPTP DOES NOT USE TCP Port 1701, IT Uses TCP Port1723.
PPTP Does Not Use IP Protocol ID 50, IT Uses IP Protocol ID 47.
Only the PPTP Port and The PPTP IP Protocol ID Traffic SHOULD BE Allowed, Not Any Protocol.
The FireWall Provides Network Address Translation. The FireWalls External IP Address Must Be Used, Not The
INTERNAL SUBNET Address. There is no internal subnet address.
