RRAS 2003 default policies - what are they good for ????

[Armin Linder]

After I have installed the RRAS server, I find two predefined policies:

"Connection to Microsoft Routing and Remote Access server"

Ok, great description, really. This means that I may use this server by
crossing it and accessing my LAN, or does it mean that I may access this
server (for admin purposes, for instance ...)?

Looking into the policy, it contains a deny rule, condition:
MS-RAS_VENDOR="^311$"

I found no documentations anywhere about MS-RAS-VENDOR, or the quite
strange format of the number.

Looking deeper into the policy, in the IP tab, I find an input packet
filter (user IP/user mask -- any), but no output packet filter. Strange...

"Connections to other access servers"

What the heck are "other access servers" (assuming I have only one
server running RRAs)?

Again, looking into the policy, I find a deny rule
"Day-and-time-restrictions", value is "Mo -- So, 00:00-00:00). So I'd
read that as deny anyone access any time.

Doesn't make any sense either, does it? And this time, on the IP tab,
there are no input or output filters.

Who can clarify, what the default policies are about?

Thanks, Armin

 

[Bill Grant]

Default policies are usually pretty basic. From my experience, the
default remote access policy lets a Microsoft client connect. It does all I
need it to do in a simple test setup. If you want to apply restrictions, you
need to set up your own policies. See

http://www.microsoft.com/technet/pr...elp/fc353fbb-4df4-4b36-b14a-20cbbad43494.mspx