What should you do?
Your network contains an ISA Server 2006 computer named ISA1, which allows outgoing connections to the Internet. A network rule defines a network address translation (NAT) relationship between the Internal network and the Internet. Users on ISA Server protected networks require access to PPTP and L2TP over IPSec VPN servers on the Internet. You configure all network computers, except ISA1, as both Web Proxy and Firewall clients. You create access rules on ISA1 to allow outbound connections to the Internet by using PPTP Client,
IPSec NAT Traversal (NAT-T) Client, and IKE Client protocols. You discover that users cannot connect to Internet PPTP and L2TP over IPSec VPN servers. You need to ensure that users can connect to PPTP and L2TP over IPSec VPN servers on the Internet. What should you do?
Which two actions should you perform?
Your network contains an ISA Server 2006 computer named ISA1 operating in a Workgroup. ISA1 functions as a remote access VPN server for the network. Remote access VPN clients can use either PPTP or L2TP over IPSec to connect to ISA1. Users report that after connecting to the corporate network, they cannot access file shares on the network file server without first being presented with an authentication prompt. You need to ensure that users are not asked for credentials when they access file shares. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
What should you do?
Your network contains an ISA Server 2006 computer named ISA1, which is configured as a remote access VPN server. You configure ISA1 to accept both PPTP and L2TP over IPSec VPN connections from remote access clients. Several users report that they cannot connect to the network. You review the log files on ISA1 and discover that the users with failed connection attempts are all using L2TP over IPSec. You need to ensure that the users can connect to the network. What should you do?
What should you do?
Your company has a main office and is adding a branch office. You are connecting the main office and branch office networks. You install ISA Server 2006 on a computer at each office, and you create a site-to-site VPN connection between the ISA Server computers. You create remote site networks on the ISA Server computers at both offices. You choose the L2TP over IPSec VPN protocol. You want to use a preshared key for the IPSec authentication. You open the Routing and Remote Access console and enter the preshared key in the Properties dialog box for the Routing and Remote Access server. The site-to-site L2TP over IPSec connection is successful.
You then restart the ISA Server computers and discover that the site-to-site connection fails. You need to ensure that the L2TP over IPSec site-to-site VPN connections continue to function properly after the ISA Server computers are restarted. What should you do?
Which two actions should you perform?
Your network contains an ISA Server 2006 computer named ISA1. ISA1 is configured as a remote access VPN server and as a DHCP server.
VPN client computers need to be assigned the following DHCP options:
� DNS
� WINS
� Domain name
On the DHCP server, you create a DHCP scope that includes the three DHCP options. VPN users report that they cannot connect to file shares after logging on to the network. You discover that no WINS or DNS server address is assigned to the VPN clients, and no primary domain name is listed.
You need to ensure that the DHCP options are assigned to the VPN client computers.
Which two actions should you perform? (Each correct answer presents part of the solution.
Choose two.)
What should you do?
Your network contains an ISA Server 2006 computer named ISA1. ISA1 is configured with two network adapters. The external network adapter is connected to the Internet. The internal network adapter is connected to the Internal network. The Internal network address range is 10.0.0.0 through 10.0.0.255. You define the VPN assignment as a static pool that extends from 10.0.1.0 through 10.0.1.255. You enable VPN client access. You test the VPN configuration and successfully establish a VPN connection to ISA1 from an external Windows XP Professional client computer named XP1. You discover that you cannot browse external Web sites from XP1 while it has a VPN session with ISA1. You confirm that internal client computers can browse external Web sites. You need to ensure that VPN clients can browse external Web sites while connected to ISA1. You also need to ensure that all requests for external Web sites from VPN clients are processed through ISA1. What should you do?
What should you do?
Your network consists of a single Active Directory domain. The network contains an ISA Server 2006 computer named ISA1. ISA1 is a member of the Active Directory domain. You configure ISA1 as a remote access VPN server that allows both PPTP and L2TP over IPSec remote access client connections. You want to control VPN access by using a remote access policy. You configure ISA1 to allow VPN access to members of the Domain Users global group.
However, VPN connections fail.
You examine the properties of several domain user accounts, and you discover that the Control access through Remote Access Policy option is not available. You need to enable remote access permission by using a remote access policy. What should you do?
What should you do?
The network contains an ISA Server 2006 computer named ISA1. ISA1 connects to the Internet. ISA1 is configured with access rules for Internet access. A Windows Server 2003 computer named CERT1 is configured as an internal certification authority
(CA). ISA1 can download the certificate revocation list (CRL) from CERT1. You are deploying 10 new ISA Server 2006 computers on the network. On ISA1 you export the firewall policy settings into a file named ISA1export.xml. You configure the network configuration settings on each new ISA Server computer. You import the firewall policy settings from the ISA1export.xml file on each new ISA Server computer. You test the imported configuration on each of the new ISA Server computers. You discover that each new ISA Server computer cannot download the CRL from CERT1. You need to ensure that the new ISA Server computers can download the CRL.
What should you do?
What should you do?
Your network contains an ISA Server 2006 computer named ISA1. ISA1 is connected to the Internet. VPN access is configured to ISA1. RADIUS is configured as the only type of authentication for VPN connections. All remote users can connect to ISA1 by using a VPN connection.
All internal users can connect to the Internet. You are replacing ISA1 with a new ISA Server computer named ISA2. You export the network-level node configuration settings on ISA1 to a file named ISAconfig.xml. You import the ISAconfig.xml file on ISA2. You replace ISA1 with ISA2 on the network.
Remote VPN users report that they cannot authenticate to gain access to the network. Internal network users report that they cannot connect to the Internet. You need to configure ISA2 to allow incoming and outgoing access for company users. What should you do?
Which two System Monitor performance counters should you add?
Your network contains an ISA Server 2006 computer named ISA1. ISA1 is configured to provide forward Web caching for users on the Internal network. During periods of peak usage, users report that it takes longer than usual for Web pages to appear. You suspect that insufficient memory is the source of the slow performance of ISA1. You need to verify whether insufficient memory is the source of the slow performance. Which two System Monitor performance counters should you add? (Each correct answer presents part of the solution.
Choose two.)