Tài liệu hạn chế xem trước, để xem đầy đủ mời bạn chọn Tải xuống
1
/ 50 trang
THÔNG TIN TÀI LIỆU
Thông tin cơ bản
Định dạng
Số trang
50
Dung lượng
1,91 MB
Nội dung
Module 8: Routing as a Solution for Private Network Connectivity Contents Overview Introducing Routing Designing a Functional Routing Solution Discussion: Designing Routing Solutions 20 Securing Private Network Connections 22 Enhancing a Routing Design for Availability and Performance 30 Discussion: Enhancing Routing Solutions 31 Lab A: Designing a Routing Solution 33 Review 42 Information in this document is subject to change without notice The names of companies, products, people, characters, and/or data mentioned herein are fictitious and are in no way intended to represent any real individual, company, product, or event, unless otherwise noted Complying with all applicable copyright laws is the responsibility of the user No part of this document may be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without the express written permission of Microsoft Corporation If, however, your only means of access is electronic, permission to print one copy is hereby granted Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property 2000 Microsoft Corporation All rights reserved Microsoft, Active Directory, ActiveX, BackOffice, FrontPage, JScript, MS-DOS, NetMeeting, PowerPoint, Visual Basic, Visual C++, Visual Studio, Win32, Windows, Windows Media, Windows NT, are either registered trademarks or trademarks of Microsoft Corporation in the U.S.A and/or other countries/regions Project Lead: Don Thompson (Volt Technical) Instructional Designers: Patrice Lewis (S&T OnSite), Renu Bhatt NIIT (USA) Inc Instructional Design Consultants: Paul Howard, Susan Greenberg Program Managers: Jack Creasey, Doug Steen (Independent Contractor) Technical Contributors: Thomas Lee, Bernie Kilshaw, Joe Davies Graphic Artist: Kirsten Larson (S&T OnSite) Editing Manager: Lynette Skinner Editor: Kristen Heller (Wasser) Copy Editor: Kaarin Dolliver (S&T Consulting) Online Program Manager: Debbi Conger Online Publications Manager: Arlo Emerson (Aditi) Online Support: Eric Brandt (S&T Consulting) Multimedia Development: Kelly Renner (Entex) Test Leads: Sid Benevente, Keith Cotton Test Developer: Greg Stemp (S&T OnSite) Production Support: Lori Walker (S&T Consulting) Manufacturing Manager: Rick Terek (S&T OnSite) Manufacturing Support: Laura King (S&T OnSite) Lead Product Manager, Development Services: Bo Galford Lead Product Manager: Ken Rosen Group Product Manager: Robert Stewart Other product and company names mentioned herein may be the trademarks of their respective owners Module 8: Routing as a Solution for Private Network Connectivity iii Instructor Notes Presentation: 90 Minutes Lab: 60 Minutes This module provides students with the information and decision-making experiences needed to design connectivity solutions between private networks by using Routing and Remote Access Students will evaluate and create routing solutions to support the private network connectivity requirements of an organization At the end of this module, students will be able to: Recognize routing as a solution for connectivity between private networks Evaluate and create a functional routing design Select appropriate strategies to secure a private network connection Select appropriate strategies to enhance the availability and performance of a routing solution Upon completion of the lab, students will be able to design a routing solution that supports the private network connectivity requirements of an organization Course Materials and Preparation This section provides you with the materials and preparation needed to teach this module Required Materials To teach this module, you need the following materials: Microsoft® PowerPoint® file 1562B_08.ppt Preparation Tasks To prepare for this module: Review the contents of this module Read any relevant information in the Microsoft Windows® 2000 Help files, Windows 2000 Resource Kit, or in documents provided on the Instructor CD Read the relevant RFCs in the Windows 2000 Help files Review the discussion material and be prepared to lead class discussions on the topics Complete the lab and be prepared to elaborate beyond the solutions found there Read the review questions and be prepared to elaborate beyond the answers provided in the text iv Module 8: Routing as a Solution for Private Network Connectivity Module Strategy Use the following strategy to present this module Introducing Routing Routing, as provided by the Routing and Remote Access feature of Windows 2000, supports secured communication over private and public networks In this section: • Emphasize that the network designer needs to determine the number of locations and hosts, the routing protocols supported by the design, and the security requirements of the network This information provides the basic decisions for designing a routing solution • Explain that isolating a secure and private network, restricting Internet and private network traffic, supporting multiple protocols, and integrating with existing network designs are some of the main features of Routing and Remote Access • Point out that, to provide Resource Reservation Protocol (RSVP) support, reduce undesired traffic, and provide router authentication and encryption of data, the router integrates with other Windows 2000 networking services Designing a Functional Routing Solution Designing a functional routing solution includes selecting and placing the routers within a network, and including various protocols in the design In this section: • Emphasize that the routers must be placed within the private network or at the edge of the private network to localize traffic and maintain security • Emphasize that the selection of interface address and subnet mask, interface data rate and persistence, and interface security is essential to integrating the router into the existing network • Point out that static routing is included in the Routing and Remote Access design so that routers can forward packets to their respective destinations • Point out that Routing Information Protocol (RIP)-for-Internet Protocol (IP) is included in the design so that routers can automatically update routing table information This is done to automatically update the routing table information • Point out that Open Shortest Path First (OSPF) routing protocol must be included in the network design so that routers can automatically update routing information for unicast packets • Explain that Internet Group Management Protocol (IGMP) is added to the routing design so that the router can pass IGMP Membership Report packets from a single-router private network to a multicast-capable portion of the Internet Module 8: Routing as a Solution for Private Network Connectivity v • Explain that the DHCP Relay Agent must be included in the design so that routers can forward DHCP traffic from DHCP clients to DHCP servers • Ensure that students understand the scenario description and directions for the Discussion Direct them to read through the scenario and answer the questions Be prepared to clarify if necessary Lead a class discussion on the students’ responses Securing Private Network Connections The security of an IP routing design is measured by the ability of the design to prevent unauthorized access to data transmissions Routing and Remote Access enhances IP routing security by encrypting data and mutual authentication of remote routers In this section: • Emphasize that, to ensure a secure network, undesired network traffic must be restricted by using Routing and Remote Access filters, and all traffic must be filtered based on the IP address and the protocol number of the packets to be filtered • Explain that Internet Protocol Security (IPSec) offers a variety of authentication and data encryption algorithms Selecting IPSec tunnel mode, and specifying the IPSec authentication protocol and encryption algorithm, are a few of the authentication methods • Point out that virtual private network (VPN) tunnels can also be used to encrypt data and prevent the unauthorized viewing of confidential data that is transmitted across public networks • Explain that RIP-for-IP or OSPF passwords, demand-dial authentication, and IPSec machine certificates are a few methods of authenticating routers to prevent the unauthorized viewing of confidential data • Explain that routers can be placed within the private network to create screened subnets or to integrate into existing screened subnets Screened subnets isolate the private network from the Internet while allowing private network traffic to be routed between locations Enhancing a Routing Design for Availability and Performance By dedicating a computer to routing, selecting persistent wide area network (WAN) connections, and providing multiple routers or multiple WAN connections, the availability and performance of routing solutions can be enhanced Make sure students understand the scenario description and directions for the Discussion Direct them to read through the scenario and answer the questions Be prepared to clarify if necessary Lead a class discussion on the students’ responses vi Module 8: Routing as a Solution for Private Network Connectivity Lab Strategy Use the following strategy to present this lab Lab A: Designing a Routing Solution In the design lab, students will design a routing solution based on the specific requirements outlined in the given scenario Students will review the scenario and the design requirements and read any supporting materials They will use this information, and the knowledge gained from the module, to develop a detailed design that uses routing as a solution To conduct the lab: Read through the lab carefully, paying close attention to the instructions and to the details of the scenario Consider dividing the class into teams of two or more students Present the lab, and make sure students understand the instructions and the purpose of the lab Remind students to consider any functionality, security, availability, and performance criteria provided in the scenario, and how they will incorporate strategies to meet these criteria in their design Allow some time to discuss the solutions after the lab is completed A solution is provided in your materials to assist you in reviewing the lab results Use the worksheet provided in the Instructors Handbook to record inputs for the possible solutions Encourage students to critique each other’s solutions and to discuss any ideas for improving their designs Module 8: Routing as a Solution for Private Network Connectivity Overview Slide Objective To provide an overview of the module topics and objectives Lead-in In this module, you will evaluate and design connectivity solutions between private networks by using Routing and Remote Access Introducing Routing Designing a Functional Routing Solution Discussion: Designing Routing Solutions Securing Private Network Connections Enhancing a Routing Design for Availability and Performance Discussion: Enhancing Routing Solutions Explain to the students that in this module, routing always refers to the routing provided by Routing and Remote Access and that router always refers to a Routing and Remote Access–based router, unless otherwise specified To share data and resources, geographically distributed private networks require connectivity between multiple locations These locations can be connected by using dedicated, private connections, or over shared, public networks such as the Internet Routing, as provided by the Routing and Remote Access feature of Microsoft® Windows® 2000, supports secured communication over private and public networks At the end of this module, you will be able to: Recognize routing as a solution for connectivity between private networks Evaluate and create a functional routing design Select appropriate strategies to secure a private network connection Select appropriate strategies to enhance the availability and performance of a routing solution Module 8: Routing as a Solution for Private Network Connectivity Introducing Routing Slide Objective To introduce routing as a solution for private network connectivity in a Windows 2000 network Lead-in Routing and Remote Access is a Windows 2000 feature that connects private networks while protecting the private network resources Design Decisions for a Routing Solution Routing and Remote Access Features Integration Benefits Routing is provided by the Routing and Remote Access feature of Windows 2000 Routing and Remote Access supports multiple protocols and connects private networks while protecting the private network resources Routing and Remote Access addresses the essential requirements of any solution for connectivity between private networks To design a routing solution based on Routing and Remote Access, you must: Identify the design decisions that influence a routing solution Identify how the features provided by Routing and Remote Access support the design requirements for connectivity between private locations Identify the benefits of integrating Routing and Remote Access with other networking services Module 8: Routing as a Solution for Private Network Connectivity Design Decisions for a Routing Solution Slide Objective To describe the design decisions that influence the design of a Routing and Remote Access solution Lead-in While designing a network that connects private networks, you need to consider the number of locations to be connected, the number of hosts at each location, the routing protocols supported, and the security requirements Screened Subnet Internet Web Server Branch Office Router Router Central Office Screened Subnet Branch Office Demand-Dial Number of Locations? Router Number of Hosts at Each Location? Routing Protocols Supported? Secured Connectivity Between Private Networks? Discuss the bulleted points with students Tell them that these are the questions they need to answer before designing a routing solution Explain the relevance of these decisions with reference to the illustration Routing designs that connect private networks are based on a number of design decisions like the number of locations to be connected, the number of hosts at each location, the routing protocols supported, and the security requirements Routing is an appropriate solution if the private network: Is spread across multiple geographic locations Includes any number of users Supports industry standard routing protocols, such as Routing Information Protocol (RIP), Open Shortest Path First (OSPF), or Internet Group Management Protocol (IGMP) Connects networks requiring router authentication and data encryption Module 8: Routing as a Solution for Private Network Connectivity Routing and Remote Access Features Slide Objective To describe the features of Routing and Remote Access Lead-in When designing a Routing and Remote Access solution, you must understand the features that are available to support connectivity between private networks Isolating and Securing the Private Network Integrating with Existing Network Designs Restricting Internet and Private Network Traffic Supporting Multiple Protocols When designing a routing solution, you need to identify the features of Routing and Remote Access that fulfill the design requirements Typically, these features enhance the security, availability, or performance of your routing solution Isolating and Securing the Private Network Routing and Remote Access enhances the security of a network design by: Isolating the private network from the Internet Acting as an intermediary in the exchange of traffic between the Internet and the private network Providing data encryption if the data transferred between locations is confidential Supporting mutual authentication of routers to prevent an unauthorized router from receiving confidential data Integrating with Existing Network Designs After integrating with the existing network designs, Routing and Remote Access supports: Internet Protocol (IP) and Internetwork Packet Exchange/Sequenced Packet Exchange (IPX/SPX) routing protocols, thereby allowing the Routing and Remote Access-based routers to exchange routing table information with the existing routers IP and IPX/SPX transport protocols on private networks, thereby allowing IP and IPX/SPX-based clients to access the private network through the remote access server Various interface types, such as dial-up modems, Integrated Services Digital Network (ISDN), asymmetric digital subscriber line (ADSL), T1, T3, or Synchronous Optical Network (SONET) 30 Module 8: Routing as a Solution for Private Network Connectivity Enhancing a Routing Design for Availability and Performance LAN Interface Slide Objective Internet To describe the strategies for improving the availability and performance of a routing solution Private Network Demand-Dial Interface Router Lead-in You can enhance the availability and performance of routing by dedicating a computer to routing, selecting persistent WAN connections, and providing multiple routers or multiple WAN connections Router Internet LAN Interfaces Private Network Router Dedicating a Computer Selecting Persistent Connections Providing Multiple Connections and Routers You can enhance the availability and performance of routing solutions by dedicating a computer to routing, selecting persistent wide area network (WAN) connections, and providing multiple routers or multiple WAN connections The following table describes the strategies used to enhance the availability and performance of a routing solution Use this strategy To enhance availability by To optimize performance by Dedicating a computer to routing Preventing unstable applications from restarting the computer Preventing other applications running on the same computer from consuming system resources and impacting routing performance Persistent WAN connections Preventing problems in establishing the connection Eliminating the time required to establish a nonpersistent connection Multiple WAN connections Providing redundant connections to the WAN if one of the connections fails Distributing the traffic across the multiple connections Multiple routers Providing redundant routers in the event of one of the routers failing Distributing the traffic across the multiple routers Module 8: Routing as a Solution for Private Network Connectivity 31 Discussion: Enhancing Routing Solutions Slide Objective To discuss the strategies for enhancing the security, availability, and performance of a routing solution Seattle Winnipeg Montreal Toronto New York Lead-in You are now revisiting the design that you initially created for the market research company Washington DC Kansas City Los Angeles Atlanta Dallas Delivery Tip Read the scenario to the students and review the questions as a group Give the students time to consider their answers, and then lead a discussion based on their responses Remind the students that there can be more than one possible solution to the scenario After you have provided a basic routing design, you need to examine the security, availability, and performance requirements for the solution During the discussion, note any ideas presented by other students in the class that are relevant to the routing solution The following scenario describes the requirements for enhancing the routing design of a telemarketing company Read the scenario and answer the questions Be prepared to discuss your answers with the class Scenario A few months after you created the solution for the telemarketing research company, the company decides to connect all of the regional research locations over the Internet to reduce leased line costs Each location will receive a connection data rate to the Internet that is the same data rate as the original leased line, T1 or T3, respectively Questions What recommendations would you make for securing the confidential data transmitted over the Internet? You could make the following recommendations: • Specify each router to connect to other locations by using IPSec or VPN tunnels • Encrypt all data between locations by using either MPPE 128-bit encryption for PPTP tunnels or IPSec 3DES encryption for L2TP tunnels and IPSec tunnel mode • Specify routing filters for each location that accept only incoming packets from the other locations • Specify MS-CHAP v2 mutual authentication if using PPTP or L2TP tunnels 32 Module 8: Routing as a Solution for Private Network Connectivity The market research company is now expanding to include a new profit center for inbound telesales Customer service agents collect orders from television commercials During the period of time between 7:00 P.M and 9:30 P.M., 85 percent of all sales occur What precautions can you incorporate into your design to ensure that customers can place orders during those critical hours of operation? You could specify redundant routers at each location to ensure continued operation in the event of a router failure You could also recommend redundant T1 or T3 connections to the Internet for maximum protection You would connect both routers at each location to their own T1 or T3 connection to ensure continued operation regardless of the failure With the addition of the new inbound telesales group, the increase in network traffic is severely degrading the performance of the connections between locations What strategies could you use to improve the performance of the router design? You could specify multiple routers at each location to provide load balancing across the router when the routers are saturated You could specify multiple T1 or T3 connections to distribute traffic between the connections If the routers are not saturated, you could install an additional T1 or T3 connection in the router to connect to the additional connection If the routers are saturated, you need to specify multiple routers and connect each router to their respective T1 or T3 connection Module 8: Routing as a Solution for Private Network Connectivity Lab A: Designing a Routing Solution Slide Objective To introduce the lab Lead-in In this lab, you will design a routing solution for an engineering firm Objectives After completing this lab, you will be able to: Evaluate an existing scenario to determine the requirements that affect a routing design Design a routing solution for the given scenario Prerequisites Before working on this lab, you must have: Knowledge of the design decisions required to create a router design Knowledge of routing strategies to enhance the security, availability, and performance Estimated time to complete this lab: 60 minutes 33 34 Module 8: Routing as a Solution for Private Network Connectivity Exercise Designing a Router Solution In this exercise, you are presented with the task of designing a routing solution for an engineering firm This engineering firm has a headquarters, four field offices, and customer offices where the field engineers work Your instructor will assign you to design the headquarters or a field office You will work in teams to design a routing solution that supports an organization’s requirements You will design your solution for your assigned location by using a white board, flip chart, or other presentation medium Review the scenario, the design requirements, and the diagram for the assigned location Follow the instructions to complete the exercise At the end of the exercise, be prepared to provide a justification for your design decisions and to provide feedback to the other teams Circle the section of the design assigned to you by your instructor: a Central Office b Field Office You will not be providing a solution for the customer offices because the engineering firm has no control over the customers’ routing solution Scenario An engineering firm that designs cooling towers for nuclear power plants is preparing to connect their offices over the Internet The engineering firm is headquartered in Paris where the administration and billing for all projects within the firm occurs The engineering firm has field offices in Brussels, Sydney, Hong Kong, and New Delhi Within the field offices, project management and human resources management occurs for the field engineers that work from the respective field offices When assigned to a project, the field engineers work on-site at the project location While there, the field engineers are assigned temporary offices within the customer’s facilities Design Limitations and Requirements By examining existing documentation, and conducting interviews with the engineering firm personnel, you have established the design requirements that must be achieved Make sure your solution meets or exceeds these requirements Module 8: Routing as a Solution for Private Network Connectivity 35 Applications The engineering firm uses a number of applications to conduct the day-to-day operations To create a solution for the engineering firm, your design must provide: Support for a mission-critical Web-based application that provides project management and project time billing for field engineers Private network access to all shared folders and Web-based applications at the central office and regional offices Internet access from the field offices Active Directory as the directory services for the engineering firm Router response times such that the application response time is not reduced Pilot tests on approved computers indicate that each router can support no more than 350 hosts while providing performance within the given application response times Support for all mission-critical applications to be available 24-hours-a-day, 7-days-a-week Connectivity The applications used by the engineering firm require connectivity between the central office, field offices, and the onsite engineers When creating the router design for the engineering firm, remember that your design must provide: Support for the field offices to connect to the central office by using dedicated connections over the Internet Support for the onsite field engineers to connect to the respective field office by using dedicated or dial-up connections over the Internet supplied by the customer Support for customers’ existing routing design The customers cannot upgrade or change their existing routers The customers’ routers support: • OSPF routing protocol • RIP-for-IP routing protocol • Static routing • VPN tunneling by using PPTP Isolation of the central office and the field offices from the Internet 36 Module 8: Routing as a Solution for Private Network Connectivity Instructions You will complete this exercise as a team To complete this exercise, you need to: Examine the networking environment presented in the scenario, the network diagrams, and the Design Limitations and Requirements On a white board, flip chart, or other presentation medium, design your routing solution Ensure that your design fulfills the requirements of the scenario by including the: • Placement of routers within the network • Routing protocols to support on each router • Required methods of improving the security, availability, and performance Note For your routing solution, you can eliminate or replace existing networking devices or network segments Be prepared to discuss your routing solution and provide a justification for the design decisions that you made Module 8: Routing as a Solution for Private Network Connectivity This is the high-level network diagram of the existing engineering firm network Additional detail for the central offices and field offices is shown in subsequent diagrams 37 Module 8: Routing as a Solution for Private Network Connectivity This is the existing network at the central office in Paris 38 Module 8: Routing as a Solution for Private Network Connectivity 39 This is the existing network at all of the field offices All field offices have the same network configuration 40 Router Design Worksheet – Central Office Router placement Router options Reason for specifying option To route traffic between the central office and the firewall Specify a demand-dial VPN connection to each field office To replace existing routers because a single router is easier to manage, and the router platform can handle the existing traffic RRARTR1 Between Subnets A, B, C, and E Reason for placing router Specify a static route entry that forwards e-mail messages to the field offices over the VPN connection To authenticate the routers and encrypt the data between the central office and the field offices To force all traffic between the central office and field locations to be encrypted Specify RIP-for-IP version routing protocols on the router Specify auto-static routing with updates once a day at midnight To provide a redundant router in the event that RRARTR1 fails To automatically update the routing information at a regular interval Specify router RIP-for-IP version passwords RRARTR2 Between Subnets A, B, C, and E The number of subnets and hosts can be easily managed by RIP-for-IP version To authenticate routers when exchanging routing information Specify a demand-dial VPN connection to each field office To authenticate the routers and encrypt the data between the central office and the field offices Specify a static route entry that forwards e-mail messages to the field offices over the VPN connection To force all traffic between the central office and field locations to be encrypted Specify RIP-for-IP version routing protocols on the router The number of subnets and hosts can be easily managed by RIP-for-IP version Specify auto-static routing with updates once a day at midnight To automatically update the routing information at a regular interval Specify router RIP-for-IP version passwords To authenticate routers when exchanging routing information Specify a higher routing cost between RRARTR2 and the field offices than between RRARTR1 and the field offices To force RRARTR2 to be used only when RRARTR1 is down Module 8: Routing as a Solution for Private Network Connectivity Router name Router Design Worksheet – Field Office Router name Router placement Router options Reason for specifying option To route traffic between the central office and the firewall Specify a demand-dial VPN connection to each field office To replace existing routers because a single router is easier to manage and the router platform can handle the existing traffic RRARTR3 Between Subnets F and H Reason for placing router Specify a static route entry that forwards e-mail messages to the field offices over the VPN connection To authenticate the routers and encrypt the data between the central office and the field offices To force all traffic between the central office and field locations to be encrypted Specify auto-static routing with updates once a day at midnight To provide a redundant router in the event that RRARTR3 fails To automatically update the routing information at a regular interval Specify router RIP-for-IP version passwords RRARTR4 Between Subnets F and H The number of subnets and hosts can be easily managed by RIP-for-IP version To authenticate routers when exchanging routing information Specify a demand-dial VPN connection to each field office To authenticate the routers and encrypt the data between the central office and the field offices Specify a static route entry that forwards e-mail messages to the field offices over the VPN connection To force all traffic between the central office and field locations to be encrypted Specify RIP-for-IP version routing protocols on the router The number of subnets and hosts can be easily managed by RIP-for-IP version Specify auto-static routing with updates once a day at midnight To automatically update the routing information at a regular interval Specify router RIP-for-IP version passwords To authenticate routers when exchanging routing information Specify a higher routing cost between RRARTR4 and the field offices than between RRARTR3 and the field offices To force RRARTR2 to be used only when RRARTR1 is down Module 8: Routing as a Solution for Private Network Connectivity Specify RIP-for-IP version routing protocols on the router 41 42 Module 8: Routing as a Solution for Private Network Connectivity Review Slide Objective To reinforce module objectives by reviewing key points Lead-in The review questions cover some of the key concepts taught in the module Introducing Routing Designing a Functional Routing Solution Discussion: Designing Routing Solutions Securing Private Network Connections Enhancing a Routing Design for Availability and Performance Discussion: Enhancing Routing Solutions An organization is creating a design that includes six Routing and Remote Access–based routers that run RIP-for-IP When drafting the specifications in the design, which networking services found in Windows 2000 are required to support these routers? Routing and Remote Access is required to support the routers An organization is adding three locations to an existing IP-routed network that is based on OSFP routers What would you evaluate in the existing network to create the specifications for the design? You would evaluate the existing OSPF Autonomous System, OSPF areas, and OSPF networks An organization is considering a network upgrade to enable full multicastcapable routing What specifications would you include in the design for Routing and Remote Access–based routers? You would specify that all Routing and Remote Access–based routers: • Include IGMP • Include an IGMP Router Mode interface directly connected to the same network segment as the IGMP clients • Are used in situations in which no multicast-enabled routers are attached to the IGMP Router Mode Interface • Include an IGMP Proxy Mode interface connected to the Internet or to network segments that are serviced by full multicast-capable routers Module 8: Routing as a Solution for Private Network Connectivity 43 Explain the difference between one-way and two-way authentication With one-way authentication, the calling router provides a user ID and password to the calling system With two-way authentication, both routers provide credentials for the other to validate In each case, if the credentials are correct, the link is established Thus, two-way authentication is more secure, but is more difficult to set up and maintain than one-way authentication For what purpose would you include auto-static route entries in your Routing and Remote Access design? Auto-static route entries allow you to update the routing table either manually or on a schedule so that the router has up-to-date routing tables, without the overhead of running a dynamic routing protocol across the demand-dial connection Describe how a VPN enhances access security in a Routing and Remote Access solution A VPN minimally provides user account authentication for routers Optionally, a VPN can provide data encryption, depending on the authentication protocol or VPN protocol (PPTP versus L2TP) What would you need to include in your design specifications to ensure that Routing and Remote Access–based routers can encrypt data over the Internet by using VPN tunnels? When using PPTP, MS-CHAP, MS-CHAP v2, or EAP-TLS, user authentication protocols are required for data encryption When using L2TP, encryption is provided by IPSec in Windows 2000 A network has an existing routing solution that is based on Routing and Remote Access-based routers found in Windows NT 4.0 What specifications you need to include in the design to integrate Routing and Remote Access–based routers found in Windows 2000 so that you can encrypt data between the routers? All of the operating systems support PPTP-based VPN tunnels to encrypt data Only the Routing and Remote Access-based routers found in Windows 2000 support IPSec, so IPSec and L2TP tunnels are not an appropriate solution 44 Module 8: Routing as a Solution for Private Network Connectivity In a recent acquisition, an organization merged with a national distribution channel As a result of the acquisition, 147 remote stores need to have access to the organization’s order entry system How might Routing and Remote Access–based routers be used to solve the connectivity needs described? The 147 remote stores can be connected to the organization through the Internet Routing and Remote Access–based routers at each location can establish a connection to the central organization by using VPN tunnels You would specify the router use the demand-dial feature of Routing and Remote Access to support automatic connection to the organization’s order entry system 10 An organization is designing a Windows 2000–based network and will be moving from IPX/SPX to a TCP/IP-based network Which requirements would you need to evaluate to determine if a Routing and Remote Access-based router design is appropriate for the organization? Routing and Remote Access is an appropriate solution for connectivity between private networks if the private network: • Encompasses multiple geographic locations • Includes any number of users in a routed environment • Supports industry standard routing protocols, such as RIP, OSPF, or IGMP • Connects over public or private networks requiring router authentication and data encryption ... Windows Media™ viewer are examples of applications that can take advantage of multicast transmissions RIP -for- IP version is an example of a protocol that can take advantage of multicast transmissions... that routers can automatically update routing information for unicast packets Unlike RIP -for- IP routers, OSPF routers maintain a map of the network in the link state database Updates to the network. .. IPSec and L2TP tunnels are not an appropriate solution 44 Module 8: Routing as a Solution for Private Network Connectivity In a recent acquisition, an organization merged with a national distribution