Activity: Designing Remote Access Policy

This activity examines troubleshooting a remote access policy configuration that isn't working as expected. You will determine which setting is incorrect and modify the settings to allow connectivity.

Providing VPN Access

Your organization plans to allow remote users to connect to the network only by using VPNs. The following configuration has been performed at the remote access server:

• The VPN server is configured with a single remote access policy named "VPN Client Access."
• The VPN server is a perimeter server for the network with network interfaces attached both to the internal network and to the Internet, as shown in Figure 13.11.

  

  Figure 13.11 VPN server placement for your organization

• The VPN Client Access remote access policy is configured with a condition to accept only PPTP connections.
• The VPN server is assigned a computer certificate from the internal network's issuing Certificate Authority (CA) for machine authentication purposes.

The network connection on the VPN client computer is configured to automatically select a VPN protocol when connecting to the VPN server. The VPN client computer is a laptop running Windows 2000 Professional. The laptop has a computer certificate installed for the purpose of machine authentication.

It appears that the current remote access policy configuration has a flaw. Connections to the remote access server are consistently failing.

Answer the following questions about this situation. Answers to the questions can be found in the appendix.

1. Why is the connection to the remote access server failing?
   
   
   
2. What could you do at the VPN client to allow the connection to succeed?
   
   
   
3. What could you do at the VPN server to allow the connection to succeed?
   
   
   
4. Without modifying the existing remote access policy or the network connection object at the client computer, how can you ensure that the connection attempt uses PPTP as the tunneling protocol?

Answers