Using IPSec through a Windows 2003 VPN

December 29, 2010 at 10:31:05
Specs: Windows 2003
I do not understand the explanation of this Windows 2003 RAS question.

Your company has offices in Atlanta and Tokyo. Windows XP computers exist in Atlanta and Windows Xp and NT 4.0 computers exist in Tokyo.

Atlanta has a Windows 2003 computer named AtlSrvr and Tokyo has a Windows 2003 computer named TokSrvr. Both the servers are remote access servers connected by a VPN over the internet.

You want to protect the highly sensitive data on AtlSrvr and TokSrvr using encryption.
The tunnel between the 2 networks must be secure. You want both servers to implement the strongest level of encryption possible.

What should you do? (choose 4 out 9 options). I will only list the 4 correct answers.

The correct answers are:

1. Enable L2PT over IPSec on both AtlSrvr and TokSrvr

2. On TokSrvr, enable the Server (Request Security) option

3. On AtlSrvr, enable the Secure Server (Require Security) option

4. On both servers, enable all transmissions to use IPSec Triple Data Encryption Standard (TripleDES).

The Explanation for these answers is:

To secure the tunnel between the two offices, you should implement L2PT over IPSec. AltSrvr should have the Secure Server (Require Security) enabled because this will require all connections to Atlsrvr to use L2PT/IPSe.
TokSrvr should have the Server (Request Security) enabled so that if a client such as NT 4.0 tries to use L2PT/IPSec and can't is can use PPTP.

I am confused why this is so because the explanation says that Toksrvr should have Server (Request Security) enabled and Altsrvr should have Secure Server (Require Security) enabled. Isn't that backwards? The NT 4.0 workstations are located in Tokyo and would be connecting to Atlanta, so shouldn't the Server (Request Security) be enabled on Toksrvr? And because Atlanta has only XP clients connecting to Tokyo, shouldn't Toksrvr have Secure Server (Require Security) enabled?

Can someone please explain?

Thanks,

Bob


See More: Using IPSec through a Windows 2003 VPN

Report •

#1
December 29, 2010 at 12:15:31
I am not sure but I think you can not use L2PT over IPSec out side of the United States because you can not use 256 bit encryption out side of the United States.

*edit*

Never mind that can't be it because you could change the algorithm and even with 3DES I think it is only 128bit. Not really sure why you got this one wrong. Did any tell why this was the correct answer or where they just using an answer key?


Report •
Related Solutions


Ask Question