Configure virtual private network (VPN) and routing Flashcards
RAS
Remote Access Server
A RAS enables users to connect remotely to a network using various protocols and connection types. By connecting to the RAS over the Internet, users can connect to their organization’s network so that they can access data files, read e-mail, and access other applications just as if they were sitting at work.
RRAS
Routing and Remote Access
RAS that also can manage routing.
5 options for configuring a RRAS
Remote access (dial-up or VPN): Sets up the server to accept incoming remote access connections (dial-up or VPN).
• Network address translation (NAT): Sets up the server to provide NAT services to clients on the private network that need to access the Internet.
• Virtual private network (VPN) access and NAT: Sets up the server to support incoming VPN connections and to provide NAT services.
• Secure connection between two private networks: Sets up a demand-dial or persistent connection between two private networks.
• Custom configuration: Enables you to choose individual services, including NAT, LAN routing, and VPN access (see Figure 10-4).
Add-RemoteAccessLoadBalancerNode
Adds a server to the load balancing cluster.
Add-VpnS2SInterface
Creates a site-to-site interface with the specified parameters.
Clear-VpnS2SInterfaceStatistics
Clears statistics for a site-to-site interface.
Connect-VpnS2SInterface
Connects a site-to-site interface that is currently not connected.
Disconnect-VpnS2SInterface
Disconnects a site-to-site interface that is currently connecte
Disconnect-VpnUser
Disconnects a VPN connection originated by a specific user or originating
from a specific client computer.
Get-RemoteAccess
Displays the configuration of DirectAccess and VPN (both Remote Access VPN
and site-to-site VPN
Get-RemoteAccessConnectionStatistics
Displays the statistics of real-time, currently active
DirectAccess and VPN connections and the statistics of DirectAccess and VPN historical connections for a
specified time duration
Get-RemoteAccessConnectionStatisticsSummary
Displays the summary statistics of
real-time, currently active DirectAccess and VPN connections and the summary statistics of DirectAccess
and VPN historical connections for a specified time duration.
Get-RemoteAccessHealth
Obtains the current health of a Remote Access deployment.
Get-RemoteAccessLoadBalancer
Displays load balanced cluster settings
Get-RemoteAccessUserActivity
Displays the resources accessed over the active
DirectAccess and VPN connections and the resources accessed over historical DirectAccess and VPN
connections.
Get-VpnAuthProtocol
Retrieves authentication parameters configured on a VPN server.
Get-VpnS2SInterface
Retrieves configuration details for a site-to-site interface.
Get-VpnS2SInterfaceStatistics
Retrieves statistics of a site-to-site interface.
Get-VpnServerIPsecConfiguration
Gets IPsec parameters configured on the VPN server.
Install-RemoteAccess
Performs prerequisite checks for DirectAccess to ensure that it can be
installed, installs DirectAcccess for remote access (includes management of remote clients) or for
management of remote clients only, and installs VPN (both Remote Access VPN and site-to-site VPN).
Remove-RemoteAccessLoadBalancerNode
Removes a server from the network load balancing
(NLB) cluster
Remove-VpnIPAddressRange
emoves an existing IPv4 address range from the pool for IP address assignment
• Remove-VpnS2SInterface
Removes a specified site-to-site interface.
Set-RemoteAccess
Modifies the configuration that is common to both DirectAccess and VPN, such
as SSL certificate, Internal interface, and Internet interface.
Set-RemoteAccessLoadBalancer
Configures load balancing on the Remote Access server or the
cluster server.
Set-VpnAuthProtocol
Sets the authentication method for incoming site-to-site VPN interfaces on
a Routing and Remote Access server.
Set-VpnAuthType
Sets the authentication type to be used for connecting to a VPN.
Set-VpnIPAddressAssignment
Configures the IPv4 address assignment method or the IPv6
prefix for IPv6 address assignment.
Set-VpnS2SInterface
Modifies parameters for a site-to-site interface.
Set-VpnServerIPsecConfiguration
Sets the IPsec parameters for a site-to-site server.
Uninstall-RemoteAccess
Uninstalls DirectAccess and VPN, both remote access VPN and
site-to-site VPN.
Add-VpnIPAddressRange
Adds a new IPv4 address range from which IPv4 addresses can be
assigned to VPN clients
VPN
Virtual private networks (VPNs) link two computers or network devices through a wide- area network (WAN) such as the Internet. Because the Internet is a public network and is considered insecure, the data sent between the two computers or devices is encapsulated and encrypted.
VPN connections provide
Encapsulation
Authentication
Data Encryption
Data Integrity
VPN provides: Authentication
Proves the identity of the user or computer that tries to connection.
VPN provides: Encapsulation
Private data is encapsulated or placed in a packet with a header containing routing information that allows the data to traverse the transit network such as the Internet.
VPN provides: Data integrity
• Data integrity: Verifies that the data sent over the VPN connection has not been modified in transit. This is usually done with a cryptographic checksum that is based on an encryption key that is known only to the sender and receiver.
types of security protocols used with MS RAS/VPN
PPTP (Point-to-Point Tunneling Protocol)
L2TP (Layer 2 Tunneling Protocol)
IKEv2 (Internet Key Exchange v2)
SSTP (Secure Socket Tunneling Protocol)
