Chapter 6. Implementing, Managing, and Troubleshooting Network Access


It is difficult to work in today's network environment without encountering some form of remote access. Whether it's dialing in from a hotel room while on a business trip or using a virtual private network (VPN) to connect to the office from home, or even connecting a branch office by using the Internet and a VPN to connect a branch office, companies rely on remote access. With Windows Server 2003, Microsoft provides an extensive suite of remote access capabilities. This chapter covers the remote access portion of the "Implementing, Managing, and Maintaining Routing and Remote Access" objectives for Exam 70-291, "Implementing, Managing, and Maintaining a Microsoft Windows Server 2003 Network Infrastructure."

Microsoft lists the following objectives for the remote access portion of the "Implementing, Managing, and Maintaining Routing and Remote Access" section of Exam 70-291:

Objectives

Configure Routing and Remote Access user authentication.

  • Configure remote access authentication protocols.

  • Configure Internet Authentication Service (IAS) to provide authentication for Routing and Remote Access clients.

  • Configure Routing and Remote Access policies to permit or deny access.

  • If you are going to install and configure a remote access server, you need to understand the Windows Server 2003 remote access authentication process, including the remote access protocols used and how to leverage centralized authentication and the associated Routing and Remote Access Service (RRAS) policies. You need to know how to configure policies in conjunction with the authentication protocols to control your remote access environment. You also need a thorough understanding of IAS, which allows you to provide centralized authentication for RRAS.

Manage remote access.

  • Manage packet filters.

  • Manage Routing and Remote Access routing interfaces.

  • Manage devices and ports.

  • Manage routing protocols.

  • Manage Routing and Remote Access clients.

  • After you have installed a Windows Server 2003 remote access server, you need to understand how to manage the remote access environment, from the implementation of packet filters to the configuration and management of remote access clients. With the tremendous focus on secure remote access in the corporate world, a thorough understanding of all the facets of remote access management is required not only for the exam but also for the administration of a Windows Server 2003 environment.

Implement secure access between private networks.

  • Windows Server 2003 helps you establish network-to-network VPN connections for connecting private networks (such as a branch office and a headquarters building) by using a public network such as the Internet. Due to the comparatively low cost of this solution, it is becoming increasingly popular as an inexpensive way to connect locations. This objective requires that you understand how to configure two Windows Server 2003 servers to permit network-to-network connections.

Troubleshoot user access to remote access services.

  • Diagnose and resolve issues related to remote access VPNs.

  • Diagnose and resolve issues related to establishing a remote access connection.

  • Diagnose and resolve user access to resources beyond the remote access server.

  • In a production remote access implementation, the ability to identify, diagnose, and resolve problems is critical. For this objective, Microsoft requires that you understand how to resolve problems with VPN access, dial-in access, and access to resources on the network after you have successfully connected.

Troubleshoot Routing and Remote Access routing.

  • Troubleshoot demand-dial routing.

  • Troubleshoot router-to-router VPNs.

  • Because Windows Server 2003 can be used to connect remote networks, either via demand-dial routing or a router-to-router VPN, the ability to identify, diagnose, and resolve issues with these connections is very important. For this objective, Microsoft requires that you understand how to resolve problems with demand-dial routing and router-to-router VPNs.

Outline

  

Introduction

363

Configuring RRAS User Authentication

363

Configuring Remote Access Authentication Protocols

364

Configuring IAS to Provide Authentication for RRAS Clients

371

Configuring RRAS Policies to Permit or Deny Access

379

Remote Access Profiles

392

The Dial-in Constraints Tab

392

The IP Tab

394

The Multilink Tab

395

The Authentication Tab

396

The Encryption Tab

397

The Advanced Tab

397

Managing Remote Access

398

Managing Packet Filters

398

Managing RRAS Routing Interfaces

401

Managing Devices and Ports

405

Managing Routing Protocols

408

Managing RRAS Clients

411

Implementing Secure Access Between Private Networks

416

Windows Server 2003 VPNs

416

Supported VPN Protocols

417

Configuring a VPN Connection

420

Demand-Dial Routing

426

Types of Demand-Dial Connections

429

Autostatic Updates

431

Troubleshooting User Access to Remote Access Services

433

Troubleshooting 101

433

Diagnosing and Resolving Problems Related to Remote Access VPNs

435

Unable to Connect to the VPN Server

435

Unable to Authenticate to the VPN Server

436

Diagnosing and Resolving Problems Related to Establishing a Remote Access Connection

437

Unable to Connect to the Remote Access Server

438

Unable to Authenticate to the Remote Access Server

438

Diagnosing and Resolving Problems with User Access to Resources Beyond the Remote Access Server

439

Troubleshooting RRAS Routing

440

Troubleshooting Demand-Dial Routing

440

Troubleshooting Router-to-Router VPNs

441

Troubleshooting Tools

442

ping

442

tracert

442

pathping

443

ipconfig

443

Event Viewer

443

Network Monitor

443

netsh

443

Performance Console

444

Advanced Network Access Configuration: The Network Access Quarantine Control

445

Chapter Summary

447

Key Terms

447

Apply Your Knowledge

448

Exercises

448

Exam Questions

450

Answers to Exam Questions

453

Suggested Readings and Resources

455


Study Strategies

  • Understand the features and functions of Windows Server 2003 RRAS-supported authentication protocols.

  • Understand the VPN protocols supported by Windows Server 2003 RRAS.

  • Understand the security capabilities of all the different remote access mechanisms. With the focus on security in the industry today, Microsoft considers security to be one of the cornerstones of the Windows Server 2003 operating system.

  • Review the different types of encryption available for authenticating and securing your information through remote access.

  • Understand the capabilities of remote access policies, especially in conjunction with IAS. Windows Server 2003 includes a number of policy-based management capabilities, and understanding the policies associated with remote access is important for this exam.

  • Be sure to complete the exercises at the end of the chapter. Microsoft continues to strive to make certification exams more rigorous. Familiarity with the theory and also with the hands-on portion of the configuration and troubleshooting of remote access is important for this exam.

  • Take the next step: Experiment with the system. The exercises in this chapter provide good guidelines, but you should see what happens when you select other settings, delete entries or entire servers, and try anything else you can think of. If you have an Internet connection and a lab setup in your house, see if you can set up a VPN connection that you (or a friend) can access remotely. It is better to make mistakes in a lab environment than in a live one, and it helps you prepare for the exam.




MCSA(s)MCSE 70-291(c) Implementing, Managing, and Maintaining a Microsoft Windows Server 2003 Network Infrastructure
MCSA/MCSE 70-291: Implementing, Managing, and Maintaining a Microsoft Windows Server 2003 Network Infrastructure (Exam Prep)
ISBN: 0789736497
EAN: 2147483647
Year: 2006
Pages: 196
Authors: Will Schmied

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net