Exam Objectives Frequently Asked Questions
|
|
The following Frequently Asked Questions, answered by the authors of this book, are designed to both measure your understanding of the Exam Objectives presented in this chapter, and to assist you with real-life implementation of these concepts.
| I have done the exercises with the Connection Manager Administration Kit, and although I understand the tool, when would I use it? | ||
| A. | There are three common uses for the CMAK. First, if you are an ISP and you want to distribute the phone numbers for your POP to your users and automatically update the phone books as numbers change, you could use the CMAK. Second, if you use an ISP for a large number of users and want to develop a custom dialer for that service, you would use the CMAK You would use the ISP's phone book information and could customize the client with your help desk number, company logo, and so on. Finally, if you have a large RAS environment, you could use the CMAK tool to create a dialer and distribute it to your users so they wouldn't have to manually configure their dial-up connections. | |
| I just set up my first Windows 2000 VPN server, but as soon as I finished running the wizard, I lost access to the Internet. | ||
| A. | This common issue is caused by the default filters applied to the Internet side of the VPN. They are there to protect your system from unwanted users. Review the filters and see which ones you need and which can be deleted. That should address the issue for you. | |
| My manager just asked me to roll out smartcards to our field sales staff so that they can connect to the VPN securely, but I don't even know where to start to figure this out. | ||
| A. | First, you need to start by enabling the EAP-TLS protocol. Next, you need to do some research. Start at the Microsoft Web site by searching on smartcards and EAP, and then go to your smartcard vendor and get as much information on integration with Windows 2000 RRAS as you can. It's easy to buy smartcards, but implementing them will take a lot of hard work. | |
| I have my Windows 2000 server configured as an RAS server, but now I want to add VPN users. How do I do this without rerunning the Routing and Remote Access wizard? | ||
| A. | Actually, you have five PPTP and five L2TP ports configured already. If you will have more concurrent users, you will need to add ports, which is pretty simple-just up the number of maximum connections in the Port Properties. Then you need to create your VPN remote access policy, and you're ready for connections. | |
| I read the section of this chapter on remote access policy administrative models, but I don't know which one I should use in my environment. Which is the best model to use? | ||
| A. | There is no "best" model for administration of remote access, because it varies from implementation to implementation. Much of the decision will be driven by the domain model you are using (mixed-mode or native-mode), but the rest is dependent on your environment. Generally, for larger implementations in a native-mode domain, the access by policy model is the best. The extra complexity of managing the profiles is offset by the large number of users that need to be configured individually. | |
| I have my VPN working, but now I need to know how to encrypt the traffic between the VPN server and our internal servers. How can I do this? | ||
| A. | You need to configure the LAN connection for the internal network to use IP Security by default. This option is located in the Advanced Options of the TCP/IP Properties, under IP Security. Select either Secure Server (Require Security) to make all traffic secure, or Select Server (Request Security) if you want only specific servers to utilize the security. This security would use the Kerberos trust. |
|
|
EAN: 2147483647
Pages: 162