Re: Security over VPN
From: Steven L Umbach (n9rou_at_n0-spam-for-me-comcast.net)
Date: 07/03/04
- Next message: Hareth: "VPN-> After a client logs on...."
- Previous message: Steven L Umbach: "Re: RRAS with multiple NICs"
- In reply to: Jeff Li: "Security over VPN"
- Next in thread: Bill Grant: "Re: Security over VPN"
- Messages sorted by: [ date ] [ thread ]
Date: Sat, 03 Jul 2004 23:30:18 GMT
I am not familiar with the devices that you use but check their configuration to see
if they can restrict access of the vpn tunnel to only certain IP addresses on the
lan. If you are using the W2K server as the vpn server, you can configure packet
filters on the IP interface in rras or in Remote Access Policy. Another alternative
is to configure ipsec policy with either negotiation for ESP/AH protection which uses
kerberos machine authentication in the forest or ipsec filtering to limit access to
what IP addresses can access a computer via permit and block filter actions. ---
Steve
http://support.microsoft.com/default.aspx?scid=kb;en-us;310111 --- shows about
packet filtering.
http://www.securityfocus.com/infocus/1559 --- ipsec filtering
"Jeff Li" <anonymous@discussions.microsoft.com> wrote in message
news:2597701c460ae$a17398a0$a401280a@phx.gbl...
> Hi all,
>
> I built up a VPN b/w head office and branch office by a
> pair of VPN devices (zyxel). Both-end are Windows 2000
> Server. The VPN's objective is that I want the branch
> office access the Web application in headoffice's server
> only. The headoffice's server is also file server and
> domain controller. What can I do so that the branch
> office cannot browse computer(headoffice) and shared
> folder in headoffice?
>
> Regards
>
> Jeff Li
- Next message: Hareth: "VPN-> After a client logs on...."
- Previous message: Steven L Umbach: "Re: RRAS with multiple NICs"
- In reply to: Jeff Li: "Security over VPN"
- Next in thread: Bill Grant: "Re: Security over VPN"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
