Ports Affecting the VPN Connectivity
Frequently, RAS servers operating as VPN servers have two network cards, one of which is plugged into the external network or DMZ. This is simpler, because there are usually few restrictions on communicating with that external-facing interface. The RAS server is firewalled and the external-facing interface is hardened as a matter of best practice to mitigate the potential risks. In fact, this is a requirement for DirectAccess servers.
However, even with mitigation steps, this external-facing interface can present an unacceptable level of risk to some organizations. In those cases, the VPN infrastructure must remain entirely within the internal network. In that configuration, the firewall must be configured ...
Get Windows Server® 2012 Unleashed now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
