CA (certification authority)
installing single-tier for WLAN test environments 582
installing three-tier for WLAN test environments 592
cache mode, ISA Server 218–219
cache pollution protection, DNS 160
callback options 498
caller ID options 498
capacity planning
ISA Server 226–229
VPN 384
Certificate Request Wizard 584
certificate-based EAP-TLS 488–489
certificates
computer-level authentication for remote site connectivity 491
deploying for remote site-to-site connections 522
distributing through autoenrollment for wireless LANs 576
distributing using Connection Manager 449
EAP-TLS support for wireless access 558
infrastructure for WLAN test environments 582–587
installing computer certificates on IAS servers 583–584
installing computer certificates on wireless clients 584–586
installing for IAS access clients 359
installing for IAS servers 359
installing for remote site-to-site connections 527
installing for VPN connections 420–421
installing L2TP/IPSec for remote site-to-site connections 526
installing single-tier CA for WLAN test environments 582
installing three-tier CA for WLAN test environments 592
installing user certificates on wireless clients 584–587
integrating with IAS infrastructure 357–359
PEAP-MS CHAP v2 support for wireless access 558
public key IPSec authentication 286
VPN client authentication 396–397
certification authority See CA (certification authority)
CHAP (Challenge Handshake Authentication Protocol) 356
CIDR (classless interdomain routing) 22–23
circuit gateways 32
Class A, B, C, D, and E addresses 16
classes, DHCP 90
classless interdomain routing (CIDR) 22–23
classless IP addressing 16–18
classless routing 18–20
Client (Respond Only) IPSec policy 275
client resolver, DNS 118
clients, DHCP
BOOTP support 99–101
configuration overview 98
remote access support 99
reserved clients 89
clients, DNS 154–155, 173
clients, ISA Server 220–221
clients, RADIUS
configuring 371
described 321
optimizing for IAS 341
planning for IAS 327
clients, remote access
See also deploying Connection Manager
authentication methods 433
background overview 431
branding Connection Manager 444
Connection Manager products 432
connection methods 432
deployment example See Connection Manager implementation example
IAS authorization 346
native connection capabilities and limitations 431
clients, TCP/IP network 42
clients, VPN
certificates for authentication 396–397
configuring routing 418–419
determining routing 387–388
remote access policies for IAS 352
client-side scripts, Network Access Quarantine Control 416
clustering
DHCP 79–80
WINS 185–188
CMAK (Connection Manager Administration Kit)
advanced customization 445–447
Advanced tab 447
branding clients 444
custom actions 442–444
customizing service profiles 438–440
described 432
general network properties 441
graphics 444
Help 444
ICF (Internet Connection Firewall) 447
icons 444
ICS (Internet Connection Sharing) 446
license agreement 444
merging service profiles 441
network settings 441
routing table updates 442
Save Password option 446
security settings 441
TCP/IP settings 441
CMAK wizard
advanced customization 445–447
Advanced tab 447
branding clients 444
Connection Manager implementation example 453–463
custom actions 442–444
customizing service profiles 438–440
general network properties 441
graphics 444
Help 444
ICF (Internet Connection Firewall) 447
icons 444
ICS (Internet Connection Sharing) 446
license agreement 444
mergingservice profiles 441
network settings 441
Preparation for Running the CMAK Wizard worksheet 453–463
required information 439
Save Password option 446
security settings 441
TCP/IP settings 441
common policy for remote access 500
compression, remote site connectivity 515
computer authentication 491
computer certificates
See also certificates
computer-level authentication for remote site connectivity 491
distributing through autoenrollment for wireless LANs 576
installing for IAS access clients 359
installing for IAS servers 359
installing for remote site-to-site connections 527
installing L2TP/IPSec for remote site-to-site connections 526
installing on IAS servers 583–584
installing on wireless clients 584–586
computer-level authentication 491
conditional forwarding
configuring for DNS implementation 171
described 117–118
designing DNS servers 144–146
designing DNS zones 149
configuring Connection Manager 441
configuring DHCP
classes 90
clients 98–101
information options 92
MADCAP scopes 95
multicast scopes 94–95
New Scope Wizard 89
option parameters 91
options overview 88
reserved clients 89
scope-level options 89
user-defined classes 91
vendor-defined classes 91
Windows Server 2003 protocol options 92
configuring dial-up remote access servers
configuring connections to clients 425
configuring connections to intranet 425–426
configuring ports for remote access 425–426
configuring TCP/IP on LAN adapter 425
overview 424–425
configuring DNS
aging 171
conditional forwarding 171
DNS clients 154–155
dynamic updates for servers 171
name resolution for disjointed namespaces 128
replication scope 172
scavenging 171
server lists for clients 155
suffix search lists 155
zone transfers 172
configuring firewalls for IPSec 281
configuring IAS as RADIUS proxy
clients 371
filters on Internet interfaces 369
firewalls to support Internet traffic 369
overview 367
primary proxy in perimeter networks 368
secondary proxy in perimeter networks 368
configuring IAS as RADIUS server
authentication and accounting on access servers 366
overview 363
primary IAS server on domain controller 365
secondary IAS server on domain controller 366
user accounts and groups 364
WLAN test environments 587–589
configuring IAS for third-party compatibility 371–372
configuring ISA Server in arrays 230–231
configuring remote access policies for IAS
applying policies to users and groups 351
client-specific policies 352
common vs. custom policies 349–351
conditions 350
Network Access Quarantine Control 348
overview 347
permissions 350
profile properties 350
Quarantine Remote Access Policy 352
restrictions 351
specifications for common policies 349
specifications for custom policies 349
switch access clients 352
VPN clients 352
wireless access clients 352
configuring remote site connectivity
authentication providers for routers 495
router user accounts 493–499
routing groups 499
site-to-site connections See configuring remote site-to-site connections
configuring remote site-to-site connections
Active Directory user accounts and groups 523–524
authentication methods 543
authentication providers 543
auto-static updates 539
demand-dial filters 546
demand-dial interfaces 527–533
dial-out or dial-in hours 545
disconnect intervals 537
Internet access through calling routers 540–541
intranet connections 525
IP multicasting 542
IP packet filters 546
performance for Internet traffic 541
persistent connections 537
ports 544
remote access policies 534–536
replication 547–549
Routing and Remote Access 527–533
routing protocols 540
security for Internet traffic 540
static routes 537–539
WAN adapters 524
configuring routing for VPN
configuring for clients 418–419
configuring on VPN servers 417–418
dynamic routers 418
overview 417
static routes 418
configuring TCP/IP networks
client computers 42
configuring IGMP 40
Internet configuration for VPN 408
intranet interface for VPN 409
IP multicast scopes 41
IPv6/IPv4 coexistence with DNS 62–63
perimeter network interface for VPN 408
configuring VPN remote access servers
Configure Your Server Wizard 407
configuring account lockout 422
configuring encryption 421
configuring filters for servers behind firewalls 409
configuring filters for servers in front of firewalls 413
configuring routing 417–419
configuring TCP/IP 407–409
firewalls 409–415
installing certificates for connections 420–421
Internet configuration for TCP/IP 408
intranet interface for TCP/IP 409
L2TP/IPSec connections for servers behind firewalls 411
L2TP/IPSec connections for servers in front of firewalls 415
L2TP/IPSec Internet interface of firewalls 412
L2TP/IPSec perimeter network interface of firewalls 412
name resolution 409
Network Access Quarantine Control 416–417
packet filters 409–415
perimeter network interface for TCP/IP 408
PPTP connections for servers behind firewalls 409
PPTP connections for servers in front of firewalls 414
PPTP Internet interface of firewalls 410
PPTP perimeter network interface of firewalls 411
routing for clients 418–419
security implementation 420–422
tasks 407
configuring wireless LANs
Active Directory 580
DNS and DHCP 582
groups for wireless users and computers 581
registering IAS server in Active Directory 581
remote access permissions 580
wireless adapter on wireless clients 589
wireless APs 580
connecting remote sites
Active Directory integration 510–512
additional resources 549–550
background 471–474
compression 515
connection types 475–483
data throughput 515
deploying site-to-site connections See implementing remote site-to-site connections
designing routing infrastructure 502–506
dial-up connections 476
integrating connections into networks 501–512
IP address assignments 507–510
IPSec offload cards 515
migrating routers from Windows NT 4.0 or Windows 2000 513–515
name resolution 507–510
on-demand connections 481–482
one-way initiated connections 483
overview 469–470
persistent connections 481–482
process 471
security See security for remote site connectivity
server capacity 515
server configurations 512–517
server deployments 516–517
two-way initiated connections 483
VPN connections 477–480
Connection Manager
additional resources 466–467
advanced customization 445–447
authentication methods 433
branding clients 444
clients background information 431–434
clients described 432
Connection Manager Administration Kit See CMAK (Connection Manager Administration Kit)
connection methods 432–433
Connection Point Services See CPS (Connection Point Services)
creating phone books 436
custom actions 442–444
customizing 438–447
deployment overview for remote access clients 429–430
deployment process 430
direct dial 433
distributing certificates 449
distributing service profiles 451
hosting phone books on PBS servers 438
implementation example See Connection Manager implementation example
implementing deployments 448–451
installing PBA 436
Internet enrollments 449
intranet enrollments 450
native connection capabilities and limitations 431
network settings 441
outsourcing phone books 437
phone book support 434–438
POPs (Points of Presence) 436
products 432
publishing phone books 436
regions in phone books 436
security education for users 450
security settings 441
service profiles 438–441
testing deployments 449
top-level profile 441
updating phone books 437
VPN 433
Connection Manager Administration Kit See CMAK (Connection Manager Administration Kit)
Connection Manager implementation example
CMAK wizard 453–463
component profiles 454–455
creating service profiles 453–463
distributing service profiles 464–465
overview 452
Preparation for Running the CMAK Wizard worksheet 453–463
preparing phone books 453
routing table updates 462
testing deployments 464
top-level profile 455–463
connection methods 432–433
Connection Point Services See CPS (Connection Point Services)
connection request policies for IAS 330, 348
convergence for link state routing protocols 13
convergence time 195
core tier 9
coverage areas for wireless users 563
CPS (Connection Point Services)
creating phone books 436
described 432
hosting phone books on PBS servers 438
installing PBA 436
outsourcing phone books 437
PBA described 432
PBS described 432
phone book support 434–438
POPs (Points of Presence) 436
publishing phone books 436
regions in phone books 436
updating phone books 437
CPU requirements, VPN 384
creating
DHCP reservations 92
DHCP scopes 86
DHCP server design See designing DHCP servers
DHCP superscopes 93–94
DNS computer names 133–135
DNS domain names 131–133
DNS subdomains 137
IAS remote access policies See creating IAS remote access policies
phone books using Connection Manager 436
creating IAS remote access policies
applying policies to users and groups 351
client authorization 346
client-specific policies 352
common vs. custom policies 349–351
conditions for policies 350
configuring policies 347–352
groups 346
Network Access Quarantine Control 348
overview 345
permissions for policies 350
profile properties for policies 350
Quarantine Remote Access Policy 352
restrictions 351
specifications for common policies 349
specifications for custom policies 349
switch access clients 352
user accounts 347
VPN clients 352
wireless access clients 352
cryptography, IPSec 250
custom policy for remote access 500
customizing Connection Manager
advanced customization 445–447
Advanced tab 447
branding clients 444
custom actions 442–444
general network properties 441
graphics 444
Help 444
ICF (Internet Connection Firewall) 447
icons 444
ICS (Internet Connection Sharing) 446
license agreement 444
merging service profiles 441
network settings 441
Save Password option 446
security settings 441
service profiles 438–440
TCP/IP settings 441
top-level profile 441