Guidelines For Designing Secure Vpn Connectivity

By Author: Shirley Green
Total Articles: 129
Comment this article

Many VPN connectivity design decisions are limited by the existing 70-291 Exam network infrastructure, existing clients that must remotely access the network, and a lack of management support for sound security practices. But a secure VPN infrastructure can be devel?oped. Use the guidelines in the following sections to do so.
Guidelines for Installation
Follow these guidelines for installation:
Rename the external interface, naming it Internet, External, or something that will identify it as the interface configured for the Internet. Doing this will prevent you from making configuration mistakes. Configuration mistakes can weaken security on the server.
Use the Remote Access Server Setup Wizard, and choose the Remote Access (Dial-up or VPN) selection instead of choosing Secure Connection Between Two Private
Networks. The former setting prompts you to make several important security configurations; the latter does not. (With the latter setting, default settings are used.) Settings made by selecting VPN are as follows:
You are prompted to choose whether ...
... VPN, dial-up, or both types of access are needed. You should always select only what will be used on this computer.
LJ You can choose to have packet filters for the interface allow only PPTP-related and L2TP-related traffic. If you do this, all other traffic will be dropped. This approach greatly enhances the microsoft exams of the computer by ensuring only the VPN traffic can make a connection.

You are prompted to decide whether to use an internal Dynamic Host Con-figuration Protocol (DHCP) server to assign addresses for the VPN routers that connect, or whether you want to define a range in the interface.You are prompted to decide whether to use RADIUS or Windows authen-tication.
Firewall configuration is important. Without proper configuration, one or both of two problems will exist. First, the VPN traffic, other required traffic, or both will not be able to pass through the firewall. Second, too much access will be granted to your network, thus making you more vulnerable to attack. It is not the designer's job to configure the firewall. Instead, the designer should supply the firewall administrator with the infor?mation necessary to provide secure remote access.
Tables 7-2 and 7-3 list the appropriate ports required to permit free Cisco practice questions. Remember to consider both incoming and outgoing traffic and apply filters that meet the requirements appropriately.