Scenario

To allow VPN access, you propose implementing a VPN server, running Windows Server 2003, Enterprise Edition, at each of the major offices, as shown in Figure 19-4.

VPN Server

Winnipeg

VPN Server

Frankfurt

Winnipeg

Frankfurt

Kuala Lumpur

Kuala Lumpur

VPN Server

VPN Server

VPN Server

Figure 19-4 VPN Server Placement for Lucerne Publishing

To facilitate the issuance of certificates, Lucerne Publishing has implemented a two-tier CA hierarchy, as shown in Figure 19-5.

Figure 19-5 The Lucerne Publishing CA hierarchy

The following design requirements have been identified for VPN deployment:

■ The VPN servers are configured with two network interfaces, one attached to the corporate network and one attached to the Internet, allowing connections to the VPN server. The VPN servers are configured so that the servers will only accept L2TP/IPSec connections from the VPN clients. Any attempts to commu nicate with the VPN servers with protocols other than L2TP/IPSec will fail.

■ Lucerne Publishing employees will use a mix of Windows 98, Windows 2000, and Windows XP computers when they connect to the corporate network.

■ Lucerne Publishing plans to use L2TP/IPSec for all VPN communications between the remote employees and the corporate network.

■ In addition, all authentication initially will be performed by the users typing their user account and password. In the future, Lucerne Publishing plans to change the authentication to require smart cards.

■ All connections between the VPN clients and the VPN servers must enforce mutual authentication.

■ To prevent access to the network if a virus attack occurs, management wants the ability to immediately shut down all VPN access to the network at any given time.

■ Many of the acquisition editors' computers are not members of the forest. Methods must be developed to provide certificates for the VPN connection to these editors.

Was this article helpful?

0 0

Post a comment