Implementing a Site-to-Site VPN Design
You will need two servers for this MCSE Exams exercise, each of which has two network interface cards. Successful completion of the exercise involves administratively requiring the two servers to connect and demonstrating that they have connected.
1.On each server, one network interface should be configured as the external interface and one as the internal interface. Both external interfaces should be connected to a hub. This setup will simulate an internet connection. Although there is no router, both interfaces can be configured to be on the same subnet a configuration that isn’t a real-world scenario but will allow a connection to be made.
2.Log on to the Wingtip Toys computer, and select the MCSE Certification Routing And Remote Access Service from the Administrative Tools menu.
3.When prompted, select Configure And Enable Routing And Remote Access Serviceand click Next.
4.Select the Remote Access (Dial-Up Or VPN) option, as in Figure 7-12, and then click Next.
EAP/TLS also requires both machine and user certificates. Although the number of certificates is small in a single demand-dial scenario, the number can get quickly out of hand if multiple sites must connect. You must weigh the increased security against the efforts required in correctly implementing, managing, and protecting a public key infrastructure.
Do not use operating systems as VPN routers that cannot use at least MS-CHAPv2 authentication.
Where possible, separate VPN purposes use one computer for a demand-dial VPN router and another for remote access VPNs. This separation is espe?cially important if you must support remote access clients that cannot use the authentication and encryption protocols that meet the security level required for VPN routers. If you must mix remote access clients with demand-dial connections, you might have to reduce the security.
Processing your request, Please wait....
