sample worksheet, Preparation for Running the CMAK Wizard 453–463
scalability, ISA Server 230
scaling IAS servers 338
scheduled replication for remote site connectivity 511
scope-level options, DHCP 89
scopes
DHCP exclusion ranges 86
DHCP lease duration 87–88
DHCP multicast scopes 94–95
DHCP options 88–92
DHCP reservations 92
DHCP split-scope configurations 78
DHCPsuperscopes 93–94
DHCP, creating 86
DHCP, defining 84
DHCP, removing 95
DNS replication 172
IP multicasting 41
MADCAP 95
New Scope Wizard 89
VPN encryption 394–396
screened subnets See perimeter networks
secondary DNS server 119
secondary IAS proxy 368
secondary IAS server 366
secondary TCP/IP network paths 34
secondary DNS zones 148
secrets, RADIUS 359, 361
secure dynamic updates
DHCP 82–83
DNS 162, 171
Secure Server (Require Security) IPSec policy 275
SecureNAT clients, ISA Server 220
security
Connection Manager settings 441
Connection Manager user education 450
DNS 122, 155–163
IAS access server vulnerabilities 361
IAS authentication protocols 354–357
IAS RADIUS servers and proxies 359–361
IAS remote access overview 353
integrating IAS with certificate infrastructure 357–359
IPSec See IPSec (Internet Protocol security)
ISA Server 232–236
MADCAP 38
perimeter networks See perimeter networks
remote site connectivity See security for remote site connectivity
TCP/IP networks 28–32
VPN split tunneling 388
VPN, implementing 420–422
VPN, planning See planning VPN security
WINS 203–204
wireless LANs 570–571
security for remote site connectivity
authentication methods 488–491
authentication providers 486–487
computer-level authentication 491
integrating VPN servers into perimeter networks 485–486
IPSec encryption 491–492
MPPE encryption 491–492
overview 484
planning physical and administrative security 517
policy types 500–501
router user accounts and groups 493–499
user-level authentication 488–490
Windows authentication 486
Server (Request Security) IPSec policy 275
server configurations for connecting remote sites
compression 515
data throughput 515
disabling unused services 516
IPSec offload cards 515
migrating routers from Windows NT 4.0 or Windows 2000 513–515
overview 512
security, physical and administrative 517
server capacity 515
server deployments 516–517
server requirements 516
service profiles, Connection Manager
customizing 438–440
distributing 451
merging 441
top-level profile 441
shared secrets, RADIUS 359, 361
shortest path first (SPF) algorithm 14
signature attribute, RADIUS 360
simulation tools for TCP/IP networks 66
single-tier CA (certification authority) 582
site-to-site connections
Active Directory deployments 521
Active Directory user accounts and groups 523–524
authentication methods 543
authentication providers 543
auto-static updates 539
certificate deployments 522
demand-dial filters 546
deployment overview 518
deployment tasks 520
dial-out or dial-in hours 545
disconnect intervals 537
EAP-TLS computer and user certificates 527
IAS server deployments for RADIUS authentication 522
initiating connections 546
Internet access through calling router 540–541
intranet connections 525
IP packet filters 546
joining routers to domains 526
L2TP/IPSec computer certificates 526
multicast connectivity between sites 542
performance for Internet traffic 541
persistent connections 537
ports 544
remote access policies 534–536
replication 547–549
routers in perimeter networks 526
Routing and Remote Access 527–533
routing protocols 540
security for Internet traffic 540
static routes 537–539
test deployments in test labs 518–519
testing connectivity 547
WAN adapters 524
software-based routers 11
SPF (shortest path first) algorithm 14
split tunneling options, VPN 388
split-scope configurations, DHCP 78
SQL Server logging 365
standby servers, DHCP 80
static IP addresses 498, 508
static routes
compared to dynamic routing 11–14
remote site connectivity 502–504, 537–539
VPN servers 418
structured IP address assignment model
aggregation 20–21
CIDR (classless interdomain routing) 22–23
classless IP addressing 16–18
classless routing 18–20
overview 16
route summarization 20–21
supernetting 22–23
VLSM (variable length subnet mask) 21–22
stub zones, DNS 119, 148–149
subdomains, DNS namespace 137
subnets
classless IP addressing 17–18
classless routing 19–20
DHCP 75–76
WINS 189
wireless LANs 559–561
supernetting 22–23
superscopes, DHCP 93–94
switch access, IAS
designing support 336
remote access policies 352
securing 336