|< Day Day Up >|| |
In this exercise, you will read a scenario about a company’s remote access challenge and then answer the questions that follow. The questions are intended to reinforce key information presented in this chapter. If you are unable to answer a question, review the lessons and try the question again. You can find answers to the questions in the “Questions and Answers” section at the end of this chapter.
You are an administrator at Fabrikam, Inc., an enterprise services company with approximately 2,000 employees. Approximately 250 of those employees are consultants who are required to travel almost constantly with mobile computers running Windows XP. They need to stay in touch with the rest of Fabrikam, Inc., while they travel, so your management decided to forward POP3 requests at the NAT server that separates the public and private networks in order to allow consultants to retrieve their e-mail from the computer that runs Microsoft Exchange Server.
There’s a problem, though. The consultants have asked to access other resources on the internal network: file servers, intranet servers, and databases. You can’t forward all of this traffic through your Windows Server 2003–based NAT server. Even if you could, you would not want to allow the communications to travel across the Internet unencrypted. In fact, your IT group has done everything they can to reduce unencrypted communications on the internal network, and they have deployed IPSec with a public key infrastructure (PKI) to provide authentication.
Your manager has asked you to provide a way to allow traveling consultants to access the resources on the internal network while minimizing the risks.
Which of the following solutions will you recommend?
Deploy dial-up servers running Windows Server 2003. Configure the clients to dial directly in to the Fabrikam, Inc., headquarters and authenticate to the remote access servers by using MS-CHAP v2 authentication.
Deploy dial-up servers running Windows Server 2003. Configure the clients to dial directly in to the Fabrikam, Inc., headquarters and authenticate to the remote access servers by using EAP authentication with public key certificates.
Configure the Windows Server 2003–based NAT server with VPN services. Configure the clients to connect directly to the VPN server and authenticate by using MS-CHAP v2 authentication.
Configure the Windows Server 2003–based NAT server with VPN services. Configure the clients to connect directly to the VPN server and authenticate by using EAP authentication with public key certificates.
Will you recommend using a PPTP or L2TP/IPSec VPN?
How will you configure the network connections on the client computers?
Should you recommend using a RADIUS server?
|< Day Day Up >|| |