Exam Objectives Frequently Asked Questions | MCSE Planning and Maintaining a Windows Server 2003 Network Infrastructure: Exam 70-293 Study Guide and DVD Training System

The following Frequently Asked Questions, answered by the authors of this book, are designed to both measure your understanding of the Exam Objectives presented in this chapter, and to assist you with real-life implementation of these concepts. You will also gain access to thousands of other FAQs at ITFAQnet.com.

1.	Do I need to choose one VPN protocol or the other?
2.	What are the limitations of ICS as compared to NAT?
3.	Can a single RRAS server provide multiple functions, such as NAT and VPN access?
4.	Can a single Windows Server 2003 computer act as both RRAS server and IAS server?
5.	What other options are included in a service profile for CMAK?
6.	Are there alternatives to RRAS for forming VPN connections?
7.	Some routers support NAT. Is this the same translation feature supported by Windows Server 2003?
8.	Can a client computer connect to two VPNs at the same time?
9.	If I have ICS running for network translation, is there an easy way to upgrade to NAT?
10.	What is the difference between authentication and authorization?
11.	Is there any way to restrict connections to certain client operating systems?

Answers

1.	No, you can configure the VPN server to support both PPTP and L2TP, and clients can connect using the most secure protocol that is supported on their computers.
2.	ICS supports a single LAN and a single Internet connection. It also lacks some of the configuration options of the full NAT service. For example, you cannot configure IP address assignment options. You also cannot use ICS on a network that has a DNS and/or DHCP server; NAT should be used in that case.
3.	Yes, an RRAS server can support any of the features of RRAS simultaneously, although this will require you to customize the configuration.
4.	Yes, you can install IAS on a computer that is already running RRAS, and you can configure RRAS to use the local IAS server for authentication.
5.	Along with the options the Wizard guides you through, profiles include a number of options for dealing with passwords, dialing options, VPN settings, username settings, and advanced options. Search Microsoft’s TechNet site at www.microsoft.com/technet for a complete list of the configuration options CMAK supports.
6.	Yes, a number of hardware VPN devices are available. While they require additional expense, they provide a convenient “out-of-the-box” solution and may be a more robust solution than using a software VPN.
7.	The Internet NAT standard defines a general process for address translation. The exact implementation varies between devices, but the functionality is the same.
8.	Yes, all this requires is a separate network connection entry for each VPN. You can connect to both using a single Internet connection.
9.	No, you will need to configure NAT manually. Any custom service entries you have defined in ICS will need to be reconfigured in NAT.
10.	Authentication refers to the methods RRAS or IAS use to determine a user’s identity and verify that he or she is a legitimate user. Passwords, smart cards, and challenge-response systems provide authentication. Authorization is the process of determining what a client is allowed to do on the network after authentication.
11.	A new Windows Server 2003 feature, Network Access Quarantine Control, allows you to create a script that must be run before a client is allowed access, and the script can check the client operating system or other factors. This feature is discussed in Chapter 7.