Creating a Site-to-Site VPN
11/01/2010

Tailspin Toys and Wingtip Toys want to ensure that communications between the researchers in each company are secured. To accomplish this, they have decided to set up demand-dial routing between their companies.

Online PR News – 01-November-2010 – – In this practice, you will design and create a site-to-site VPN. Using the brief 70-291 Exam(http://www.mcsa-70-291.com) scenario in Exercise 1, answer the questions to indicate the design choices you have made. If you are unable to answer a question, review the lesson materials and try the question again. You can find answers to the questions in the "Questions and Answers" section at the end of the chapter. Then, in Exercises 2 and 3, implement the design. You might have to make modifications to the steps in these exercises to make your site-to-site VPN match your design.

Tailspin Toys and Wingtip Toys want to ensure that communications between the researchers in each company are secured. To accomplish this, they have decided to set up demand-dial routing between their companies. You work for Tailspin Toys and have been assigned the responsibility for providing this service. You have been pro?vided the budget to set up the demand-dial routing, but you must have it operational by tomorrow morning at 9 a.m. You will have to configure your side of the connection, and an associate at Wingtip Toys will assist you by following your configuration instructions. The name of the Wingtip Toys computer is WT1; the name of the Tailspin MCSA Certification(http://www.mcsa-70-291.com) Toys computer is TT1. The IP address available to you at Wingtip Toys is 207.209.68.50. At Tailspin Toys, it is 208.147.66.50. The internal network of Tailspin Toys uses 192.168.7.0/24, and Wingtip Toys uses 192.168.5.0/24.

Use a local account for the user credentials (which is the default), and use a long, strong password. Schedule a periodic manual change of the password, and coordinate this with the administrator of the other VPN router.
Where possible, use EAP for the authentication mechanism.
EAP/MS-CHAPv2 does not require client computers to have a computer certificate. (Users use passwords as usual.) However, VPN servers still require a computer certificate. This requirement can provide a solution Network+ certification(http://www.certtopper.com) that is more secure and is also achievable in a network where certificate services are not available.