Remote Access and Network Access Protection
Routing and Remote Access provide for
* VPN remote Access Server
* Dial-up remote access server
to install the routing and remote access role you need to install
Network Policy and Access Services
if you have installed and configured RRAS before, you need to reset the configuration to get RRAS to perform other functions, to reset RRAS you run.....
netsh ras set confstate=disabled
when you configure a remote access server, what happen to network traffic
network traffic to that server will be limited to VPN traffic
after you identify the external interface, what is the next step
the next step is configure how the RAS will distribute the clients IP Address
RAS can distribute IP address to clients in 3 ways
1. DHCP server
2. RAS ip generated
3. manually specified the block of address
DHCP server have a predefines user class of IP Address for RAS call
default routing and remote access class
after the IP address has been selected, the last step is
to decide the authentication mode
Extensible Authentication Protocol - Transport Level Security
what protocol is should be used if the user is able to authenticate through smart and digital certificates?
what is a server requirement for VPN to use EAP-TLS?
Server has to be part of AD DS
Microsoft-Challenge Authentication Protocol
is a protocol that provides mutual authentication and allows for the encryption of data and connection data
what a VPN authentication method that provide authentication using MD5 hashing?
CHAP (challenge Handshake Authentication Protocol)
what happen when PAP is used?
with PAP authentication data is not encrypted and it passes across the network in plain text.
PPTP uses what for encryption
PPTP provides data confidentiality but no
data integrity or data origin authentication
what is the biggest benefit of using PPTP in 2k8 over other VPN protocols
PPTP does not require certificates to be installed in the client making the connection
PPTP can be use with certificate if you use ______________ for authentication
Layer 2 Tunneling Protocol over IPsec
* data authentication
* data anti-replay
* data origin
SSTP VPN tunnel allows traffic ....
allows traffic to pass across firewall that block traditional VPN traffic by encapsulating traffic over SSL channel of the HTTPS
SSTP can support which OS
2k8, 2k8 R2, win 7, Vista sp1
can SSTP work through a proxy that requires authentication
what VPN protocol supports a VPN reconnect feature and IPv6
an always on, IPv6,VPN connection
which version of Win 7 can participate in DirectAccess
Win 7 enterprise and ultimate
list requirements needed before installing DirectAccess
* 2k8 R2 installed in a Domain server
* two NIC
* Digital Certificate to support server authentication
this command adds the direct access management console to the system
DirectAccess is a feature or a role
DirectAccess is feature
by deploying ISATAP you
allow intranet servers and applications to be reached by tunneling IPv6 traffic over an IPv4 intranet
a NAT-PT device allows what>?
allow host that support IPv4 only addresses to be accessible to directaccess clients using IPv6
which two rules in the firewall need to be allow for the DirectAccess clients to connect to directAccess applications
allow ICMPv6 traffic by allowing:
echo request -ICMPv6 in
echo request -ICMPv6 out
UDP port 3544
IPv4 protocol 41
enables 6to4 traffic
ICMPv6 and IPv4 protocol 50 is require when..
remote desktop client have IPv6 addresses
RADIUS clients are
network access servers such as VPN servers, wireless access point and 802.1x authentication switches
what is used to configure a RADIUS client
Network Policy Server Console
RADIUS proxy route RADIUS messages between remote access server configure as RADIUS clients and the RADIUS server that performed all the authentication.
Three reasons to deploy a RADIUS proxy
1. when serving a high number of clie