AT THE SAME TIME, YOU WILL WANT TO CONFIGURE AN OUTPUT FILTER FOR...

80. - MCSE EXAM 70 293 PLANNING AND MAINTAINING A WINDOWS SERVER 2003 NETWORK INFRASTRUCTURE PHẦN 3 PPSX 80. - MCSE EXAM 70 293 PLANNING AND MAINTAINING A WINDOWS SERVER 2003 NETWORK INFRASTRUCTURE PHẦN 3 PPSX
MCSE EXAM 70 293 PLANNING AND MAINTAINING A WINDOWS SERVER 2003 NETWORK INFRASTRUCTURE PHẦN 3 PPSX
80. At the same time, you will want to configure an output filter for the source IP addressof the Web server and the TCP source port 80. If these two filters are the only two filtersoperational on this server, the only traffic that will be allowed across the interface is TCPtraffic to and from the Web server service on your Windows Server 2003 machine.You need to be careful about how you implement these filters, so that you don’t makethem too restrictive, which would impair the functionality of the other protocols operatingon the server. For instance, given our example of a Web server, we can’t use PING or anyother basic IP troubleshooting tool on that computer now, because we’ve restricted it toonly Web traffic on port 80.We’ll talk more about troubleshooting shortly.

T

EST

D

AY

T

IPKnow how to set up both inbound and outbound TCP/IP packet filters. Understandthat you can accept all but those IP addresses you want to reject, or you can denyall except those IP addresses you wish to accept.It’s a good idea to use packet filtering to block unwanted traffic from your VPNservers.There are two basic sets of rules for this process: PPTP packet filters and L2TPpacket filters.For PPTP, there are at least two filters that are required to block non-PPTP traffic.Youneed to allow Generic Routing Encapsulation (GRE) packets to pass.You also need toallow inbound traffic on TCP port 1723. If the PPTP server is also acting as a PPTP client,you can add a third filter to allow outbound traffic on TCP port 1723 also. After thesepackets are established, choose the Drop All Packets Except Those That Meet TheCriteria Below radio button.Then close the dialog box. Repeat the process on the outputside.For L2TP packet filters, you will need four filters: two for input and two for output, asfollows:

A filter with the VPN interface address and a network mask of 255.255.255.255,filtering the User Datagram Protocol (UDP) with a source and destination port of500

An input filter with a destination of the VPN address and a network mask of