Filters and Remote Access Configurations
Applies To: Windows Server 2008
For the common Routing and Remote Access scenarios, you should consider securing traffic to and from the server running Routing and Remote Access and the network behind the server. Network traffic can be secured using IP packet filtering, Windows Firewall, or both. For more information, see Common Remote Access Configurations.
The following table describes the possible security methods for each scenario.
| Scenario | Security Location and Method | ||
|---|---|---|---|
Virtual private network (VPN) |
Network interface that connects to the Internet
Important Although you can configure both static filters and Windows Firewall on the same interface, this is not recommended for performance reasons. You must configure the same filter settings in both methods.
Network interface that connects to the LAN Static filters. Configure on private, public, and demand-dial interfaces. |
||
Network address translation (NAT) |
Network interface that connects to the Internet Windows Firewall. Network interface that connects to the LAN Static filters can be added to the private interface to protect against threats from internal clients. |
||
VPN and NAT |
Network interface that connects to the Internet Windows Firewall. The filters to allow only VPN packets can be automatically added while using the Routing and Remote Access Setup Wizard. Network interface that connects to the LAN Static filters can be added to the private interface to protect against threats from internal clients. |
||
Secure connection between two private networks (demand-dial, inbound) |
Same as VPN scenario. |
||
Secure connection between two private networks (demand-dial, inbound, and outbound) |
Same as NAT scenario. |
.gif)
Note