DISABLE ROUTING FOR INCOMING CONNECTIONS ON A REMOTE ACCESS
While remote access is vital for mobile and remote users, it poses
some potential security risks. Organizations must be able to recognize
these potential risks and take steps to mitigate them.
For example, if your company's remote users only need access to the
remote access server, consider disabling routing to the LAN to help
prevent unauthorized remote users from accessing the LAN. Follow these
1. If you're using the Incoming Connections option in the Network
And Dial-Up Connections folder to provide dial-in access to the server,
open the folder, right-click Incoming Connections, and choose Properties.
2. In the Incoming Connection Properties dialog box, select the Networking
3. Double-click Internet Protocol (TCP/IP), deselect the Allow Callers
To Access My Local Area Network option, and click OK.
4. Check for any other enabled protocols displayed in the Network
Components list, and disable the same option for those protocols.
When you're finished, click OK.
If you've configured your remote access server through Routing And
Remote Access (RRAS), you must take a different approach to prevent
routing for incoming connections. Follow these steps:
1. Open the RRAS console in the Administrative Tools folder, right-click
the server, and choose Properties.
2. On the General tab, deselect the Router option.
3. Leave the Remote Access Server option enabled.
4. Click OK, and allow Windows 2000 to restart RRAS for the change
to take effect.