Lab Exercise 10: RRAS (Part 1) Student Name: __________________________________________ Remote Access Q.1. A Microsoft Windows 2000 remote access server accepts dial-up connections by remote access clients and forwards packets between a RADIUS server and the network to which the remote access server is attached. T F Q.2. In Microsoft Windows 2000, remote access connections are accepted based on the dial-up properties of a user account or based on the remote access policies. T F Q.3. Which two remote access connection methods are not provided by a Microsoft Windows 2000 remote access server? (Circle all correct answers) a. b. c. d. Demand-dial Dial-up RADIUS VPN Q.4. Which types of remote access clients can connect to a Microsoft Windows 2000 remote access server? (Choose all answers that are correct.) a. b. c. d. Windows NT 3.1 Windows 98 Windows XP MS-DOS Q.5. What types of telecommunications equipments are used by a remote access client to communicate with a remote access server? a. b. c. d. e. Public Switched Telephone Network (PSTN) ISDN Serial connection ATM over ADSL All of the above Q.6. What types of remote access protocols are supported by Microsoft Windows 2000 remote access? a. b. c. d. Point-to-Point Protocol (PPP) Serial Line Internet Protocol (SLIP) Asynchronous NetBEUI All of the above CIS3700 Local Area Networks 1 Q.7. In Microsoft Windows 2000, the combined features of Routing and Remote Access Service allow a computer running Microsoft Windows 2000 Server to fulfill several roles. Which roles the server cannot fulfill? (Choose all answers that are correct.) a. b. c. d. Multiprotocol router Demand-dial router WINS proxy agent Remote access server Q.8. How do you install Routing and Remote Access Service on a computer running Microsoft Windows 2000 Server? a. You do not install Routing and Remote Access Service. The service is automatically installed when you install Microsoft Windows 2000. b. By using the Routing And Remote Access snap-in. c. By using the Computer Management snap-in. d. By using the Add/Remove Programs utility in Control Panel. Q.9. What are the differences between authentication and authorization in Routing and Remote Access Service? a) Authentication is the verification of the credentials of the connection attempt, whereas Authorization is the verification that the connection attempt is allowed. b) Authentication is the verification that the connection attempt is allowed, whereas Authorization is verification of the credentials of the connection attempt. c) There is no difference between Authorization and Authentication. Q.10. What is demand-dial routing? (Circle all correct answers) a) It refers to the routing of packets over point-to-point links such as analog telephone lines and ISDN. b) It allows you to connect to the Internet c) It allows you to implement router-to-router VPN connections d) None of the above Virtual Private Networks Q.11. Which two actions are part of the tunneling process? a. b. c. d. Broadcast Routing Encapsulation Transmission Q.12. Which types of tunnels are supported in Microsoft Windows 2000 VPNs? a. b. c. d. Dedicated Voluntary Compulsory Dial-up CIS3700 Local Area Networks 2 Q13. What are the primary protocols used by Microsoft Windows 2000 for VPN access? a. b. c. d. Point-to-Point Tunneling Protocol (PPTP) Layer 2 Tunneling Protocol (L2TP) IP Security (IPSec) None of the above Q.14. A VPN allows data to be transferred between two computers across a network, such as the Internet or a local area network. CIS3700 Local Area Networks T F 3 Lab Exercise 10: RRAS (Part 2) Student Name: __________________________________________ Exercise 1: Modifying a Remote Access Policy In this exercise, you will modify the Srvdcxx Remote Access Policy created in the RRAS hands-on exercise in order to add the following policies: 1) Point-to-Point Protocol (PPP) frames and X.25 frames should be the only types of frame to be accepted by the RAS server. 2) Point-to-Point Tunneling Protocol and Layer Two Tunneling Protocol should be the only tunneling protocols to be used for connecting the RAS server. 3) With caller-id software installed, the RAS server must be able to check the phone number from which Remote Access Clients are calling, and then call back that number. Use phone number 5556666 for the purpose of this exercise. 4) Since the DHCP server experiences some problems, you should modify the RRAS configuration so that the RAS server assigns static IP addresses to Remote Access Clients. You should use the following pool of addresses: 192.67.0.75 to 192.67.0.87. Exercise 2: Modifying a user account to specify dial-in properties In this exercise, you will modify on of the user accounts you created earlier during the semester in YourLastNameOU organizational unit in order: 1) to grant that user the permission to dial into the RAS server. 2) to specify that the user must use Callback. For security reason, after the user is authenticated, the RAS server should callback the user at the specific phone number provided by the user. Note: you can type in any phone number of your choice. Note: Mention the following information about the user account you configured in this exercise: First name: ____________________________ Last name: ____________________________ User name (login name): __________________________ Password: ____________________________ RRAS Management Question 1: Your company has a Routing and Remote Access server at its main office. One of the company’s branch offices also runs Routing and Remote Access on a server that has one modem. The server is configured to use demand-dial routing to connect to the main office. The server is part of company’s Active Directory domain. CIS3700 Local Area Networks 4 Some employees at this branch office use the branch office server to access their files from home. The manager of the branch office reports that sometimes none of the users in the office can connect to the main office. When you examine the event log on the branch office server, you find that users have been connecting to the server during working hours. The manager wants users to be able to dial in to the server only between 6:00 p.m and 8:00 a.m. However, the manager still wants users to be able to log on at any time when connected directly to the LAN. What should you do to limit only dial-in access to these times? A. Set the remote access policy to deny connections between 8:00a.m and 6:00p.m. B. Change the logon hours for users’ accounts to deny logons between 8:00a.m and 6:00 p.m. C. Create one batch file to start Remote Access Connection Manager service, and create another batch file to stop it. Then, schedule the stop batch file to run at 8:00a.m every day and start batch file to run at 6:00p.m every day. D. Create two user accounts, for each user. Grant dial-in permissions to one account, and deny dial-in permissions to the second account. Change the logon hours for the dial-in accounts to deny logon between 8:00a.m to 6:00p.m. RRAS Management Question 2: Your network has two domains with approximately 1,000 users in each domain. Both domains are Active Directory domains. Some of the users have portable computers and access the network by using remote access. The managers at your company are concerned that remote access might pose a security risk. They want to see a list that shows which users are allowed to use remote access. How should you configure the remote access? A. Create a group named RAS_USERS. Add users who are allowed to dial in to the network. Set the remote access permission for this group to Allow Access. To show who has access to the remote access server, display the members of the group. B. Create a group named RAS_USERS. Add users who are permitted to dial in to the network. Create a remote access policy that allows only this group to use the remote access server. To show who has access to the remote access server, display the members of the group. C. Write a script for the Windows Scripting Host. In the script, iterate through the members of the users container. Display the name of any user who has the remote access permission set to Allow access. D. Use the default remote access policy to view users and groups who have been granted remote access permission. CIS3700 Local Area Networks 5