MCSE 70-293 Exam Prep: Planning and Maintaining a Microsoft Windows Server 2003 Network Infrastructure (2nd Edition)

In this section, we discuss your network infrastructure's Internet connectivity options, design issues, the reasons NAT is used, and the reasons the Internet and connectivity are so important. We also look at client-specific issues as well as issues relating to DNS. These are some of the more complicated issues to resolve, especially when you are dealing with NAT and DNS.

Planning Internet Connectivity

Plan an Internet connectivity strategy.

To connect your LAN to the Internet, you need to plan for the following issues:

• What type of connection do you want? What media, what technology?

• How much bandwidth do you need to provide?

• What hardware will you use?

• Will security be involved?

• Who provides DNS?

• Will you be doing Network Address Translation?

• Where does Windows Server 2003 fit into network connectivity?

These questions are often asked before a deployment because deploying an Internet connection strategy is easier if you plan for it. Not planning or making up the plan as you are deploying can lead to an unsecured connection with the wrong bandwidth, which causes nothing but problems. Let's look at each question in depth to plan your Internet connection strategy:

• What type of connection do you want? What media, what technology ? You need to consider what type of connection to the Internet you will have installed because the type of Internet connection you select determines what the connection media will be (WISP, T1, DSL, cable, and so on) as well as what signaling method, what additional hardware (modem, router, CSU/DSU) you will need. Each connection type selected also dictates the bandwidth you will have available to you in most instances. Therefore, you need to plan your Internet connection method well.

• How much bandwidth do you need to provide ? You need to consider what type of traffic and how much of it will be traversing your Internet connection. Without applications to limit what can leave or enter your network via the Internet, most of your bandwidth will likely be consumed by outbound email and Internet Web browsing.

• What hardware will you use ? Will you use a Cisco router? A 3Com router? You need to know what to use for an Internet connection before you purchase the hardware because it is imperative that you plan the hardware around the connection type. You need specific interface types depending on what technology you select (T1, DSL, and so on), so you must make sure you plan your hardware accordingly .

• Will security be involved ? Whether a firewall will be used dictates how you deploy your Internet connection. If you want to use a firewall, you must plan for it as well. If a firewall is used, you must plan what traffic you need to pass; otherwise , the firewall will block it out. For instance, if you were to use the Remote Desktop Protocol or Terminal Services over the Internet, you would need to configure the firewall to allow this traffic to pass.

• Who provides DNS ? The domain name system is the lifeblood of the Internet. Without it, everyone would have to memorize IP addresses to get to everything they needed; instead, easy-to-remember and -use names such as Que.com are used. Your ISP normally provides DNS, or you can move the DNS into your network (preferably on your Demilitarized Zone, DMZ) and have an internal namespace forward out to the public DNS servers. Either way, you need to consider this issue when deploying your Internet solution.

• Will you be doing Network Address Translation ? NAT translates one set of IP addresses to another. If NAT is to be used, you must plan for it. Because setting up NAT is somewhat complex if you have never done it before, you must make sure you properly plan what you need before you deploy it. For example, say you want to have a 10.1.1.0/24 LAN access the Internet via a translatable pool of addresses to the Internet via 12.1.1.1, 12.1.1.2, and 12.1.1.3. You must plan this configuration so you know what IP addresses you will need and how to deploy them so that they work.

• Where does Windows Server 2003 fit into network connectivity ? Windows Server 2003 can be used as an Internet connection, but it is advised that for larger implementations you get dedicated devices to do specific tasks .

Troubleshooting Client Configuration Issues

Troubleshoot connectivity to the Internet.

• Diagnose and resolve issues related to client configuration.

If you cannot connect to the Internet with a client PC, you have a few options to think about. First, you need to consider that the Internet may be inaccessible. Sometimes the line that supplies the traffic to and from your organization has problems with the ISP. Although such problems can be deemed inexcusable, you may see the line go down for maintenance or for an unpredicted outage .

As a client, you also may see that your IP address is not on the same subnet (if you have a static assignment on a laptop and move to another subnet) or your network connection is disconnected. Make sure that you know how to troubleshoot client issues for the 70-293 exam.

Troubleshooting DNS Issues

Troubleshoot connectivity to the Internet.

• Diagnose and resolve issues related to name resolution cache information.

Here, we discuss ways to troubleshoot DNS connectivity on a client workstation that is having problems with name resolution on a Windows network. You need to know how to diagnose and resolve problems related to name resolution cache information. To do this, you need to know the ipconfig command, which was discussed previously. ipconfig has several switches associated with it, so if you are working from a Windows workstation, and you cannot get a client to resolve names properly because the client-side DNS cache is either corrupted or not updated to a change already made on the DNS server, you can easily flush out that information by using one of the following commands:

• ipconfig /flushdns ” This command purges the DNS resolver cache.

• ipconfig /displaydns ” This command displays the contents of the DNS resolver cache.

• ipconfig /registerdns ” This command refreshes all DHCP leases and reregisters DNS names.

EXAM TIP

Remember when you need to use each command because the test doesn't point you in the right direction. By memorizing these commands, you can effectively troubleshoot DNS on a client.

Everything you need to know is done at the command prompt.

Troubleshooting Network Address Translation (NAT) Issues

Troubleshoot connectivity to the Internet.

• Diagnose and resolve issues related to Network Address Translation ( NAT ).

We covered NAT in great detail throughout the chapter, so this section covers what you need to know about NAT for the exam. You need to be aware of the changes that have been made to the IPSec protocol and NAT in Windows Server 2003.

First, you need to understand why such changes were needed in the first place. Network Address Translation does not allow IPSec to work. IPSec is a security-based protocol that allows you to secure communications across your network. The problem is that the IPSec packet, by design, does not work well with NAT. Because NAT breaks down the packets to change the IP address, it also causes problems with the IPSec packet, which is essentially encrypted and cannot be changed. With Windows Server 2003, the biggest change is that IPSec and L2TP are both supported through NAT. Revised IPSec clients are available for Windows XP and 2000 Professional as well. Using Windows Server 2003 and NAT dramatically reduces problems with IPSec.