Question 3) Internet Security and Acceleration

Posted on
Like what you see? Share it.Share on Google+Share on LinkedInShare on FacebookShare on RedditTweet about this on TwitterEmail this to someone

Objective: Configuring and Managing Remote Network Connectivity
SubObjective: Configure ISA Server 2004 for site-to-site VPNs

Multiple Answer Multiple Choice

You are the network administrator of the branch office of a publishing company. The network contains Windows Server 2003 computers and Windows XP Professional client computers. A Windows Server 2003 computer is configured as an ISA Server 2004 named ISABranch. Another Windows Server 2003 computer is configured as a DNS server named DNS1.

You configure ISABranch as a VPN server to enable a site-to-site PPTP VPN connection with the head office ISA Server 2004 VPN server named ISAMain. The head office contains a Dynamic Host Configuration Protocol (DHCP) server named DHCPMain running on a Windows Server 2003 computer.

Users in the head office report their inability to connect to the branch office resources by using the site-to-site VPN connection. You check the Event Viewer on ISAMain and note the following error message:

“Unable to contact a DHCP server. The Automatic Private IP Address 169.254.160.130 will be assigned to dial-in clients. Clients may be unable to access resources on the network.”

You are required to ensure that the VPN clients from the head office are able to connect to the branch office network by using a site-to-site VPN connection. Which two activities can you perform to achieve the desired goal? (Choose two. Each answer presents a complete solution)

A. Install and configure a DHCP server at the branch office.
B. Configure ISABranch to use DHCPMain as the DHCP server.
C. Configure DHCPMain to include an IP address pool for the branch office.
D. Configure ISABranch with a static pool of IP addresses to assign to the VPN clients.

Answer:
A. Install and configure a DHCP server at the branch office.
D. Configure ISABranch with a static pool of IP addresses to assign to the VPN clients.

Tutorial:
You can achieve the desired goal either by installing and configuring a DHCP server in the branch office or by configuring ISABranch with a static pool of IP addresses to assign to the VPN clients. When you use a site-to-site VPN connection, the ISA Server provides a connection to the network to which the ISA Server computer is attached. ISA Server 2004 supports three VPN protocols for site-to-site VPN connections, IPSec tunnel mode, PPTP, and Layer Two Tunneling Protocol over Internet Protocols Security (L2TP/IPSec). When IPSec is used in tunnel mode, IPSec itself provides encapsulation for IP traffic only. PPTP uses the Microsoft Point-to-Point Encryption (MPPE) protocol to protect data moving through the PPTP virtual networking connection. The L2TP/IPSec VPN protocol uses IPSec to encrypt data moving through the L2TP virtual network. L2TP/IPSec requires either a certificate or a pre-shared key to authenticate the client computer. The VPN clients must be assigned an IP address configuration when they connect to the VPN server. This IP address configuration enables the clients to access the resources on the internal network or on other networks. You can configure the ISA Server to use either a DHCP server to assign IP addresses or a static pool of IP addresses to assign to VPN clients. When you configure ISA Server to use a DHCP server, you are not required to create special routing table entries to support the VPN clients. In this scenario, neither is a DHCP server set up in the Branch office, nor is ISABranch configured to use a static pool of addresses to assign to VPN clients. Therefore, when the users in the head office attempt to connect to ISABranch, they are not assigned a valid IP address but an IP address from the Automatic Private IP Address (APIPA) range of 169.254.0.0 to 169.254.255.255. You should either install and configure a DHCP server at the branch office or use a static pool of IP addresses to assign to VPN clients when they connect to ISABranch.

You should not configure DHCPMain to include an IP address pool for the branch office and configure ISABranch to use DHCPMain as the DHCP server. ISABranch and DHCPMain are located on different network segments. ISA Server 2004 allows you to use a DHCP server that is located only on the Internal or External networks, not remote networks. You cannot configure ISABranch to use DHCPMain as the DHCP server. Therefore, configuring DHCPMain to include an IP address pool for the branch office and ISABranch to use DHCPMain as the DHCP server will not enable the VPN clients from the head office to connect to the branch office network by using a site-to-site VPN connection.

Reference:
Self-Paced Training Kit, Implementing Microsoft Internet Security and Acceleration Server 2004, Chapter 10, How to Configure VPN Address Assignment, p. 10-20.

TechNet, Search, “Site-to-Site VPN in ISA Server 2004″

Self-Paced Training Kit, Implementing Microsoft Internet Security and Acceleration Server 2004, Chapter 10, Site-to-Site VPN Protocol Options, p. 10-35.

These questions are derived from the Self Test Software Practice Test for Microsoft exam 70-350 – Implementing Microsoft Internet Security and Acceleration (ISA) Server 2004

Like what you see? Share it.Share on Google+Share on LinkedInShare on FacebookShare on RedditTweet about this on TwitterEmail this to someone
cmadmin

ABOUT THE AUTHOR

Posted in Archive|

Comment: