For an on-demand VPN connection, you can specify IP packet filters and demand-dial filters.
Use the following procedures to accomplish these tasks:
- Configure IP packet filters on the Internet interface
- Match IP demand-dial filters to IP packet filters on the demand-dial interface
Configure IP Packet Filters on the Internet Interface
You can configure PPTP or L2TP/IPSec input and output filters on the Internet-connected interface of a VPN router to allow only PPTP or only L2TP/IPSec traffic to travel between the two sites.
How you configure firewall filters and filters on the VPN router depends on the relative position of the VPN router and firewall. For information about configuring filters for a VPN site-to-site server, see "Deploying Dial-up and VPN Remote Access Servers" in this book, and see "VPN servers and firewall configuration," Add PPTP Filters, and Add L2TP over IPSec Filters in Help and Support Center for Windows Server 2003.
Configure IP Demand-Dial Filters and Match Them to IP Packet Filters on the Demand-Dial Interface
You can configure demand-dial filters to specify which types of traffic are allowed to create a site-to-site connection. By matching demand-dial filters to the IP packet filters, you can also prevent a calling router from establishing a demand-dial connection for traffic that IP packet filters are configured to discard.
For information about how to configure demand-dial filters and to match them to IP packet filters, see Configure demand-dial filters and Demand-dial routing design considerations in Help and Support Center for Windows Server 2003.
No comments:
Post a Comment