该博客围绕TestKing公司Windows 2000网络中VPN服务器配置展开。公司为移动销售人员使用的Windows 2000专业版便携电脑,在防火墙外设置VPN服务器VPN1。需为其外部网络适配器配置输入和输出过滤器,确保仅允许VPN流量,防止非VPN用户访问内部资源,并给出了正确配置选项及解释。
QUESTION NO: 174
You are the administrator of TestKing’s network, which consists of a single Windows 2000 domain. The
network has a persistent connection to the Internet. The relevant partition of its configuration is shown in
the exhibit. (Click the Exhibit button).
Your company employs mobile salespeople who use portable computers running Windows 2000
Professional. To enable these users to access internal resources you place a virtual private network (VPN)
server named VPN1 outside your firewall. This server is a stand-alone Windows 2000 Server computer
running Routing and Remote Access. The firewall is configured to allow inbound access from VPN1 only.
You configure L2TP ports on VPN1. Now you must configure additional output and input filters for the
external network adapter on VPN1. You must ensure that VPN1 allows only VPN traffic on the Internet
interface, and prevents non-VPN users from accessing internal resources.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A. Create an input filter on VPN1 that allows L2TP ports as destination ports.
As the destination IP address, use the IP address of the external interface of VPN1.
B. Create an input filter on VPN1 that allows L2TP ports as source ports.
As the source IP address, use the IP address of the external interface of VPN1.
C. Create an input filter on VPN1 that allows L2TP ports as destination ports.
As the destination IP address, use the IP address of the internal interface of VPN1.
D. Create an output filter on VPN1 that allows L2TP ports as source ports.
As the source IP address, use the IP address of the external interface of VPN1.
E. Create an output filter on VPN1 that allows L2TP ports as destination ports.
As the destination IP address, use the IP address of the external interface of VPN1.
F. Create an output filter on VPN1 that allows L2TP ports as source ports.
As the source IP address, use the IP address of the internal interface of VPN1.
Answer: A, F
Explanation:
A: The only inbound traffic allowed is traffic to the external interface on the VPN1 server.
F: The only outbound traffic allowed is traffic originating from the internal interface of VPN1.
Incorrect Answers:
B: Input filters must use the L2TP ports as destination ports, not source ports.
C: The only destination address allowed is the address of the external, not internal, VPN interface.
D: The source of an output filter must the IP address of the internal interface of VPN1.
E: In an output filter the L2TP ports must be used as a source ports.
You are the administrator of TestKing’s network, which consists of a single Windows 2000 domain. The
network has a persistent connection to the Internet. The relevant partition of its configuration is shown in
the exhibit. (Click the Exhibit button).
Your company employs mobile salespeople who use portable computers running Windows 2000
Professional. To enable these users to access internal resources you place a virtual private network (VPN)
server named VPN1 outside your firewall. This server is a stand-alone Windows 2000 Server computer
running Routing and Remote Access. The firewall is configured to allow inbound access from VPN1 only.
You configure L2TP ports on VPN1. Now you must configure additional output and input filters for the
external network adapter on VPN1. You must ensure that VPN1 allows only VPN traffic on the Internet
interface, and prevents non-VPN users from accessing internal resources.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A. Create an input filter on VPN1 that allows L2TP ports as destination ports.
As the destination IP address, use the IP address of the external interface of VPN1.
B. Create an input filter on VPN1 that allows L2TP ports as source ports.
As the source IP address, use the IP address of the external interface of VPN1.
C. Create an input filter on VPN1 that allows L2TP ports as destination ports.
As the destination IP address, use the IP address of the internal interface of VPN1.
D. Create an output filter on VPN1 that allows L2TP ports as source ports.
As the source IP address, use the IP address of the external interface of VPN1.
E. Create an output filter on VPN1 that allows L2TP ports as destination ports.
As the destination IP address, use the IP address of the external interface of VPN1.
F. Create an output filter on VPN1 that allows L2TP ports as source ports.
As the source IP address, use the IP address of the internal interface of VPN1.
Answer: A, F
Explanation:
A: The only inbound traffic allowed is traffic to the external interface on the VPN1 server.
F: The only outbound traffic allowed is traffic originating from the internal interface of VPN1.
Incorrect Answers:
B: Input filters must use the L2TP ports as destination ports, not source ports.
C: The only destination address allowed is the address of the external, not internal, VPN interface.
D: The source of an output filter must the IP address of the internal interface of VPN1.
E: In an output filter the L2TP ports must be used as a source ports.
扫一扫
790
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
