CREATING A REMOTE ACCESS POLICY FOR DOMAIN ADMINISTRATORS IN THIS PROC...
4.
Which of the following is not a component of a remote access policy?
a.
Authentication protocol
b.
Conditions
c.
Remote access profile
d.
Remote access permission
Lesson Summary
■
To determine the security requirements you need for your remote access server,
determine which users need remote access to the network, what type of access
they need, and whether different users require different degrees of access.
■
RRAS supports several authentication protocols, including EAP, MS-CHAP (ver
sions 1 and 2), CHAP, SPAP, and PAP.
■
Remote access policies are sets of conditions that remote clients attempting to con
nect to the Routing and Remote Access server must meet. You can use policies to
control remote access based on group membership and other criteria.
Lesson 3 Securing Remote Access
5
-
39
■
RRAS matches each connection attempt against the list of remote access policies
you create on the server. The server grants access only when a connection meets
all the conditions in one of the policies.
■
Remote access profiles are sets of attributes that RRAS applies to connections after
successfully authenticating and authorizing them. You can use profiles to control
when clients can connect to the network, what types of IP traffic you permit them
to use, and what authentication protocols and encryption algorithms they must use.
Lesson 4: Troubleshooting TCP/IP Routing
The Routing and Remote Access service is one of the more complex components in
Windows Server 2003. Because RRAS can perform so many functions, it has a large num
ber of configurable settings. Even a minor misconfiguration can prevent the server from
routing traffic properly. The TCP/IP implementation in Windows Server 2003 includes a
variety of tools that you can use to troubleshoot RRAS and its various functions.
After this lesson, you will be able to
■
Use TCP/IP tools to isolate a router problem
■
Check an RRAS installation for configuration problems
■
Troubleshoot static and dynamic routing problems
Estimated lesson time:
2
0 minutes
Isolating Router Problems
In most cases, administrators discover router problems when communications fail
between computers on the network. However, once the troubleshooter suspects that
there might be a routing problem, the next step is to determine which router is mal
functioning. Some of the TCP/IP tools in the Windows operating system that can help
you in this respect are discussed in the following sections.
Using Ping.exe
PING is the standard TCP/IP tool for testing connectivity; virtually every TCP/IP client
includes a PING implementation. In the Windows operating systems, PING takes the
form of a command line program called Ping.exe. By typing ping followed by an IP
address on the command line, you can test any TCP/IP system’s connectivity with any
other system.
Note
PING functions by transmitting a series of Echo Request messages containing a sam
ple of random data to the destination you specify, using the Internet Control Message Proto
col (ICMP). The system that receives the Echo Request messages is required to generate an
Echo Reply message for each request that contains the same data sample and return the
messages to the sender.
Compared to other tools, PING has limited utility when you are trying to locate a mal
functioning router. You might be able to ping a router’s IP address successfully even
when it is not routing traffic properly. However, as part of your initial troubleshooting
efforts, you can use PING to test a routed network connection in the following manner:
Lesson 4 Troubleshooting TCP/IP Routing
5
-
41