It is difficult to work in today's network environment without encountering some form of remote access. Whether it's dialing in from a hotel room while on a business trip or using a virtual private network (VPN) to connect to the office from home, or even connecting a branch office by using the Internet and a VPN to connect a branch office, companies rely on remote access. With Windows Server 2003, Microsoft provides an extensive suite of remote access capabilities. This chapter covers the remote access portion of the "Implementing, Managing, and Maintaining Routing and Remote Access" objectives for Exam 70-291, "Implementing, Managing, and Maintaining a Microsoft Windows Server 2003 Network Infrastructure." Microsoft lists the following objectives for the remote access portion of the "Implementing, Managing, and Maintaining Routing and Remote Access" section of Exam 70-291: Objectives Configure Routing and Remote Access user authentication. Configure remote access authentication protocols. Configure Internet Authentication Service (IAS) to provide authentication for Routing and Remote Access clients. Configure Routing and Remote Access policies to permit or deny access. If you are going to install and configure a remote access server, you need to understand the Windows Server 2003 remote access authentication process, including the remote access protocols used and how to leverage centralized authentication and the associated Routing and Remote Access Service (RRAS) policies. You need to know how to configure policies in conjunction with the authentication protocols to control your remote access environment. You also need a thorough understanding of IAS, which allows you to provide centralized authentication for RRAS. Manage remote access. Manage packet filters. Manage Routing and Remote Access routing interfaces. Manage devices and ports. Manage routing protocols. Manage Routing and Remote Access clients. After you have installed a Windows Server 2003 remote access server, you need to understand how to manage the remote access environment, from the implementation of packet filters to the configuration and management of remote access clients. With the tremendous focus on secure remote access in the corporate world, a thorough understanding of all the facets of remote access management is required not only for the exam but also for the administration of a Windows Server 2003 environment. Implement secure access between private networks. Windows Server 2003 helps you establish network-to-network VPN connections for connecting private networks (such as a branch office and a headquarters building) by using a public network such as the Internet. Due to the comparatively low cost of this solution, it is becoming increasingly popular as an inexpensive way to connect locations. This objective requires that you understand how to configure two Windows Server 2003 servers to permit network-to-network connections. Troubleshoot user access to remote access services. Diagnose and resolve issues related to remote access VPNs. Diagnose and resolve issues related to establishing a remote access connection. Diagnose and resolve user access to resources beyond the remote access server. In a production remote access implementation, the ability to identify, diagnose, and resolve problems is critical. For this objective, Microsoft requires that you understand how to resolve problems with VPN access, dial-in access, and access to resources on the network after you have successfully connected. Troubleshoot Routing and Remote Access routing. Troubleshoot demand-dial routing. Troubleshoot router-to-router VPNs. Because Windows Server 2003 can be used to connect remote networks, either via demand-dial routing or a router-to-router VPN, the ability to identify, diagnose, and resolve issues with these connections is very important. For this objective, Microsoft requires that you understand how to resolve problems with demand-dial routing and router-to-router VPNs. Outline | |
---|
Introduction | 363 | Configuring RRAS User Authentication | 363 | Configuring Remote Access Authentication Protocols
| 364 | Configuring IAS to Provide Authentication for RRAS Clients
| 371 | Configuring RRAS Policies to Permit or Deny Access
| 379 | Remote Access Profiles
| 392 | The Dial-in Constraints Tab
| 392 | The IP Tab
| 394 | The Multilink Tab
| 395 | The Authentication Tab
| 396 | The Encryption Tab
| 397 | The Advanced Tab
| 397 | Managing Remote Access | 398 | Managing Packet Filters
| 398 | Managing RRAS Routing Interfaces
| 401 | Managing Devices and Ports
| 405 | Managing Routing Protocols
| 408 | Managing RRAS Clients
| 411 | Implementing Secure Access Between Private Networks | 416 | Windows Server 2003 VPNs
| 416 | Supported VPN Protocols
| 417 | Configuring a VPN Connection
| 420 | Demand-Dial Routing
| 426 | Types of Demand-Dial Connections
| 429 | Autostatic Updates
| 431 | Troubleshooting User Access to Remote Access Services | 433 | Troubleshooting 101
| 433 | Diagnosing and Resolving Problems Related to Remote Access VPNs
| 435 | Unable to Connect to the VPN Server
| 435 | Unable to Authenticate to the VPN Server
| 436 | Diagnosing and Resolving Problems Related to Establishing a Remote Access Connection
| 437 | Unable to Connect to the Remote Access Server
| 438 | Unable to Authenticate to the Remote Access Server
| 438 | Diagnosing and Resolving Problems with User Access to Resources Beyond the Remote Access Server
| 439 | Troubleshooting RRAS Routing | 440 | Troubleshooting Demand-Dial Routing
| 440 | Troubleshooting Router-to-Router VPNs
| 441 | Troubleshooting Tools
| 442 | ping
| 442 | tracert
| 442 | pathping
| 443 | ipconfig
| 443 | Event Viewer
| 443 | Network Monitor
| 443 | netsh
| 443 | Performance Console
| 444 | Advanced Network Access Configuration: The Network Access Quarantine Control | 445 | Chapter Summary | 447 | Key Terms | 447 | Apply Your Knowledge | 448 | Exercises
| 448 | Exam Questions
| 450 | Answers to Exam Questions
| 453 | Suggested Readings and Resources | 455 |
Study Strategies Understand the features and functions of Windows Server 2003 RRAS-supported authentication protocols. Understand the VPN protocols supported by Windows Server 2003 RRAS. Understand the security capabilities of all the different remote access mechanisms. With the focus on security in the industry today, Microsoft considers security to be one of the cornerstones of the Windows Server 2003 operating system. Review the different types of encryption available for authenticating and securing your information through remote access. Understand the capabilities of remote access policies, especially in conjunction with IAS. Windows Server 2003 includes a number of policy-based management capabilities, and understanding the policies associated with remote access is important for this exam. Be sure to complete the exercises at the end of the chapter. Microsoft continues to strive to make certification exams more rigorous. Familiarity with the theory and also with the hands-on portion of the configuration and troubleshooting of remote access is important for this exam. Take the next step: Experiment with the system. The exercises in this chapter provide good guidelines, but you should see what happens when you select other settings, delete entries or entire servers, and try anything else you can think of. If you have an Internet connection and a lab setup in your house, see if you can set up a VPN connection that you (or a friend) can access remotely. It is better to make mistakes in a lab environment than in a live one, and it helps you prepare for the exam. |