EXERCISE 12.01.E XERCISE 12.03R EQUESTING A C ERTIFICATE FROM A W EB S...

11. You have set up an isolated, secure subnet with only an RRAS server running onWindows Server 2003 connecting the two parts of your internal network.You are pro-tecting your internal network against unauthorized access with your firewall, and autho-rized users on the intranet establish VPN tunnels to your secure subnet through theRRAS server.You do have a problem, however. It seems that remote VPN clients cannotaccess the secure subnet through your configuration. How should you reconfigure thesystem to allow remote VPN clients access to the secure subnet?A. Ask your ISP to create the necessary filters to allow IPSec traffic to pass.B. Create filters on the RRAS server to allow only VPN traffic to pass.C. Define filters on the firewall to allow the VPN traffic to pass.D. Configure the router in front of the firewall to allow IPSec traffic to pass.C.The most likely reason that VPN traffic is unable to access the secure subnet throughthe RRAS server is that the firewall isn’t configured to allow VPN traffic to pass fromthe Internet. Correct the problem by configuring filters on the firewall to allow thistraffic to pass.A, B, D. Data packet transmission is transparent to all hosts between the source and therecipient.This includes all routers on the ISP’s network and any router you might havein front of the firewall. As a result, Answer A, asking your ISP to create the necessary fil-ters to allow IPSec traffic to pass, isn’t correct because your ISP’s routers are betweenthe source and the destination and therefore transparent. Because internal VPN traffic isoccurring, you know that filters are already created on the RRAS server allowing theVPN traffic to pass.This means Answer B, create filters on the RRAS server to allowonly VPN traffic to pass, is incorrect also. Finally, Answer D, configure the router infront of the firewall to allow the VPN traffic to pass, is incorrect because the traffic istransparent between the source and the recipient.