What features does the Remote Access Role provide?
• A virtual private network (VPN) gateway where clients can connect to an organization’s private network using the Internet.
• Connect two private networks using a VPN connection using the Internet.
• A dial-up remote access server, which enables users to connect to a private network using a modem.
• Network address translation (NAT), which enables multiple users to share a single public network address.
• Provide routing functionality, which can connect subnets and control where packets are forwarded based on the destination address.
• Provide basic firewall functionality and allow or disallow packets based on addresses of source and/or destination and protocols.
What must be disabled while configuring RRAS?
What are the five basic options for configuring RRAS through the wizard?
• Remote access (dial-up or VPN): Sets up the server to accept incoming remote access connections (dial-up or VPN).
• Network address translation (NAT): Sets up the server to provide NAT services to cli- ents on the private network that need to access the Internet.
• Virtual private network (VPN) access and NAT: Sets up the server to support incom- ing VPN connections and to provide NAT services.
• Secure connection between two private networks: Sets up a demand-dial or persistent connection between two private networks.
• Custom configuration: Enables you to choose individual services, including NAT, LAN routing, and VPN access.
PPTP (Point-to-Point Tunneling Protocol) - 7 Key Facts
Encrypted using MPPE
Uses optional MS-CHAPv2 keys
Uses optional EAP-TLS keys
Easy to set up
TCP Port 1723, Protocol 47
L2TP - 6 Key Facts
Uses Pre-shared Key or Shared Secret
Encrypted with AES or 3DES
Uses IKE negotiation
UDP Port 500, 1701, 4500
IKEv2 - 5 Key facts
IKEv2 Internet Key Exchange
Uses IPsec ESP or AH
Encryption Keys, AES 256, AES 192, AES 128, 3DES
Supported on Win 7 and Up
SSTP - 3 Key facts
Uses TCP Port 443
Passes traffic through firewalls and web proxies that block PPTP or L2TP
What are the two levels of authentication?
Computer Level - Certificates or pre-shared key
User Level - Username and Password using PPP (can be mutual)
What authentication methods are supported by Windows 8.1 and 2012 R2?
PAP - Plain text authentication
CHAP - md5 hashing
MS-CHAPv2 - Provides Mutual Auth, allows expired pw change
EAP-MS-CHAPv2 - Provies mutual auth. Allows 3rd party custom auth schemes (biomedics, smart cards)
What are alternative methods to enable logging?
• Execute the following command: Netsh ras set tracing * enabled
• Set the following registry value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ EnableFileTracing=1