You are the systems engineer for your company. The network consists of a single Active Directory domain. The company has a main office and two branch offices. All servers run Windows Server 2003. All client computers run either Windows XP Professional or Windows 2000 Professional. Each branch office maintains a dedicated 256-Kbps connection to the main office.

Each office also maintains a T1 connection to the Internet. Each office has a Microsoft Internet Security and Acceleration (ISA) Server 2000 computer, which provides firewall and proxy services on the Internet connection. Each branch office contains one domain controller and five servers that are not domain controllers. There is minimal administrative staff at the branch offices.

A new company policy states that all servers must now be remotely administered by administrators in the main office. The policy states that all remote administration connections must be authenticated by the domain and that all traffic must be encrypted. The policy also states that the remote administration traffic must never be carried in clear text across the Internet.

You choose to implement remote administration by enabling Remote Desktop connections on all servers on the network. You decide to use the Internet-connected T1 lines for remote administration connectivity between offices.

Because administrative tasks might require simultaneous connections to multiple servers across the network, you need to ensure that administrators do not lose connections to servers in one office when they attempt to connect to servers in another office.

What should you do?

A.
Configure Routing and Remote Access on one server in each branch office. Create L2TP/IPSec VPN ports on these servers. Create new VPN connections on the administrators’ computers to connect to the VPN servers in the branch offices.

B.
Configure a local PPTP VPN connection on the ISA Server 2000 firewall computers in each branch office. Configure the ISA Server 2000 firewall computer at the main office as a remote PPTP VPN server.

C.
Configure a VPN server in each branch office. Create connections that use IPSec Authentication Header (AH) in tunnel mode from the main office connect to VPN servers in the branch offices.

D.
Configure a local L2TP/IPSec VPN connection on the ISA Server 2000 firewall computer in the main office. Configure the ISA Server 2000 firewall computers at the branch offices as remote L2TP/IPSec VPN servers.

Explanation:
Windows 2003 VPNs use the IP Security protocol (IPSec) to encrypt data sent over an L2TP tunnel. This provides end-to-end encryption and greater security than the MPPE encryption used with PPTP.

Reference:

Martin Grasdal, Laura E. Hunter, Michael Cross, Laura Hunter, Debra Littlejohn Shinder, and Dr. Thomas W. Shinder, Planning and Maintaining a Windows Server 2003 Network Infrastructur* Exam 70-293 Study Guide & DVD Training System, Syngress Publishing, Inc., Rockland, MA, pp.
258, 307-309