What are the benefits of using Windows

2003 DNS when using AD-integrated

zones?
Advantages:

DNS supports Dynamic registration of SRV records registered by a Active Directory

server or a domain controller during promotion. With the help of SRV records client
machines can find domain controllers in the network.

1. DNS supports Secure Dynamic updates. Unauthorized access is denied.

2. Exchange server needs internal DNS or AD DNS to locate Global Catalog servers.

3. Active Directory Integrated Zone. If you have more than one domain controller
(recommended) you need not worry about zone replication. Active Directory replication
will take care of DNS zone replication also.

4. If your network use DHCP with Active Directory then no other DHCP will be able to
service client requests coming from different network. It is because DHCP server is
authorized in AD and will be the only server to participate on network to provide IP
Address information to client machines.

5. Moreover, you can use NT4 DNS with Service Pack 4 or later. It supports both SRV
record registration and Dynamic Updates.

Using Microsoft DNS gives the following benefits:

If you implement networks that require secure updates.
If you want to take benefit of Active Directory replication.
If you want to integrate DHCP with DNS for Low-level clients to register their Host
records in Zone database
You installed a new ad domain and the
new and first dc has not registered its
srv records in dns name a few possible
causes?
A máquina pode não estar configurada com cliente DNS dela própria

O serviço de DNS pode não estar a correr)

The machine cannot be configured with DNS client her own

The DNS service cannot be run

What are the benefits and scenarios of

using Stub zones
One of the new features introduced in the Windows Server 2003-based implementation of
DNS are stub zones. Its main purpose is to provide name resolution in domains, for
which a local DNS server is not authoritative. The stub zone contains only a few records:
- Start of Authority (SOA) record pointing to a remote DNS server that is considered to
be the best source of information about the target DNS domain, - one or more Name
Server (NS) records (including the entry associated with the SOA record), which are
authoritative for the DNS domain represented by the stub zone, - corresponding A
records for each of the NS entries (providing IP addresses of the servers). While you can
also provide name resolution for a remote domain by either creating a secondary zone
(which was a common approach in Windows Server 2000 DNS implementation) or
delegation (when dealing with a contiguous namespace), such approach forces periodic
zone transfers, which are not needed when stub zones are used. Necessity to traverse
network in order to obtain individual records hosted on the remote Name Servers is
mitigated to some extent by caching process, which keeps them on the local server for the
duration of their Time-to-Live (TTL) parameter. In addition, records residing in a stub
zone are periodically validated and refreshed in order to avoid lame delegations.

What are the benefits and scenarios of

using Conditional Forwarding?
The benefits are speed up name resolution in certain scenarios. According to research that
is forwarded to the correct server or with specific speed. And down where DNS queries
are sent in specific areas.
Differences between Windows Clustering
Network Load Balancing and Round
Robin?

I will make a few assumptions here: 1) By "Windows Clustering Network Load

Balancing" you mean Windows Network Load Balancing software included in Windows
Server software a.k.a NLB., and 2) By Round Robin, you mean DNS Round Robin
meaning the absence of a software or hardware load balancing device, or the concept of
the Round Robin algorithm available in just about every load balancing solution.

Microsoft NLB is designed for a small number (4 - 6) of Windows Servers and a low to
moderate number of new connections per second, to provide distribution of web server
requests to multiple servers in a virtual resource pool. Some would call this a "cluster",
but there are suttle differences between a clustered group of devices and a more loosely
configured virtual pool. From the standpoint of scalability and performance, almost all
hardware load balancing solutions are superior to this and other less known software load
balancing solutions [e.g. Bright Tiger circa 1998].

DNS Round Robin is an inherent load balancing method built into DNS. When you
resolve an IP address that has more than one A record, DNS hands out different
resolutions to different requesting local DNS servers. Although there are several factors
effecting the exact resulting algorithm (e.g. DNS caching, TTL, multiple DNS servers
[authoritative or cached]), I stress the term "roughly" when I say it roughly results in an
even distribution of resolutions to each of the addresses specified for a particular URL. It
does not however, consider availability, performance, or any other metric and is
completely static. The basic RR algorithm is available in many software and hardware
load balancing solutions and simply hands the next request to the next resource and starts
back at the first resource when it hits the last one.

NLB is based on proprietary software, meant for small groups of Windows servers only
on private networks, and is dynamic in nature (takes into account availability of a server,
and in some cases performance). "Round Robin", DNS or otherwise, is more generic,
static in nature (does not take into account anything but the resource is a member of the
resource pool and each member is equal), and ranges from DNS to the default static load
balancing method on every hardware device in the market.
How do you clear DNS cache?
Answer To clear DNS Cache do the following:

1. Start 2. Run

3. Type "cmd" and press enter

4. In the command window type "ipconfig /flushdns"

5.a If done correctly it should say "Successfully flushed the DNS Resolver Cache."

5.b If you receive an error "Could not flush the DNS Resolver Cache: Function failed
during execution.", follow the Microsoft KB Article 919746 to enable the cache. The
cache will be empty however this will allow successful cache-flush in future.

What is the 224.0.1.24 address used for?

WINS server group address. Used to support autodiscovery and dynamic configuration of
replication for WINS servers. For more information, see WINS replication overview

WINS server group address. Used to support autodiscovery and dynamic configuration of
replication for WINS servers. For more information, see WINS replication overview
by following the below link

http://technet2.microsoft.com/WindowsServer/en/library/c0addcc8-27ba-4250-8b6b-
7b3465ab29731033.mspx

Re: What is WINS server? where we use WINS server? difference between
DNS and WINS?
Answer WINS is windows internet name service who
# 1 is use for
resolved the NetBIOS(computer name)name to
IP address.This
is proprietary for Windows.You can use in
LAN.
DNS is a Domain Naming System, which
resolves Host names to
IP addresses. It uses fully qualified
domain names. DNS is
an Internet standard used to resolve host
names.
Differences between WINS push and pull
replications?
To replicate database entries between a pair of WINS servers, you must configure each
WINS server as a pull partner, a push partner, or both with the other WINS server.

• A push partner is a WINS server that sends a message to its pull partners,
notifying them that it has new WINS database entries. When a WINS server's pull
partner responds to the message with a replication request, the WINS server sends
(pushes) copies of its new WINS database entries (also known as replicas) to the
requesting pull partner.
• A pull partner is a WINS server that pulls WINS database entries from its push
partners by requesting any new WINS database entries that the push partners
have. The pull partner requests the new WINS database entries that have a higher
version number than the last entry the pull partner received during the most recent
replication

What is the difference between

tombstoning a WINS record and simply
deleting it?
Simple deletion removes the records that are selected in the WINS console only from the
local WINS server you are currently managing. If the WINS records deleted in this way
exist in WINS data replicated to other WINS servers on your network, these additional
records are not fully removed. Also, records that are simply deleted on only one server
can reappear after replication between the WINS server where simple deletion was used
and any of its replication partners.

Tombstoning marks the selected records as tombstoned, that is, marked locally as extinct
and immediately released from active use by the local WINS server. This method allows
the tombstoned records to remain present in the server database for purposes of
subsequent replication of these records to other servers. When the tombstoned records are
replicated, the tombstone status is updated and applied by other WINS servers that store
replicated copies of these records. Each replicating WINS server then updates and
tombstones
Name the netbios names you might expect
from a windows 2003 dc that is
registered in wins?
Name the NetBIOS names you might expect from a Windows 2003 DC that is registered
in WINS.

Describe the role of the routing table on a

host and on a router?
Describe the role of the routing table on a host and on a router.

Routing protocol
From Wikipedia, the free encyclopedia
Jump to: navigation, search

A routing protocol is a protocol that specifies how routers communicate with each other,
disseminating information that enables them to select routes between any two nodes on a
computer network, the choice of the route being done by routing algorithms. Each router
has a prior knowledge only of networks attached to it directly. A routing protocol shares
this information first among immediate neighbors, and then throughout the network. This
way, routers gain knowledge of the topology of the network. For a discussion of the
concepts behind routing protocols, see: Routing.

The term routing protocol may refer specifically to one operating at layer three of the
OSI model, which similarly disseminates topology information between routers.

Many routing protocols used in the public Internet are defined in documents called RFCs.
[1][2][3][4]

Although there are many types of routing protocols, two major classes are in widespread
use in the Internet: link-state routing protocols, such as OSPF and IS-IS; and path vector
or distance vector protocols, such as BGP, RIP and EIGRP.

The specific characteristics of routing protocols include

• the manner in which they either prevent routing loops from forming or break them
up if they do
 • the manner in which they select preferred routes, using information about hop
costs
• the time they take to converge
• how well they scale up
• many other factors

Routed versus routing protocols

In some cases, routing protocols can themselves run over routed protocols: for example,
BGP runs over TCP which runs over IP; care is taken in the implementation of such
systems not to create a circular dependency between the routing and routed protocols.
That a routing protocol runs over particular transport mechanism does not mean that the
routing protocol is of layer (N+1) if the transport mechanism is of layer (N). Routing
protocols, according to the OSI Routing framework, are layer management protocols for
the network layer, regardless of their transport mechanism:

• IS-IS runs over the data link layer

• OSPF, IGRP, and EIGRP run directly over IP; OSPF and EIGRP have their own
reliable transmission mechanism while IGRP assumed an unreliable transport
• RIP runs over UDP
• BGP runs over TCP

[edit] Examples
[edit] Interior routing protocols

Interior Gateway Protocols (IGPs) exchange routing information within a single routing
domain. A given autonomous system [5] can contain multiple routing domains, or a set of
routing domains can be coordinated without being an Internet-participating autonomous
system. Common examples include:fh

• IGRP (Interior Gateway Routing Protocol)

• EIGRP (Enhanced Interior Gateway Routing Protocol)
• OSPF (Open Shortest Path First)
• RIP (Routing Information Protocol)
• IS-IS (Intermediate System to Intermediate System)

Note that IGRP, a Cisco proprietary routing protocol, is no longer supported. EIGRP
accepts IGRP configuration commands, but the internals of IGRP and EIGRP are
completely different.

Managing Routing And Remote Access in

Windows Server 2003
by Scott Lowe MCSE | Nov 06, 2003 8:00:00 AM

Tags: VPNs, TELECOMMUNICATIONS, NETWORKING, Scott Lowe MCSE,

RRAS...

4 comment(s)

• Email
• Share
o Digg
o Yahoo! Buzz
o Twitter
o Facebook
o Google
o del.icio.us
o StumbleUpon
o Reddit
o Newsvine
o Technorati
o LinkedIn
• Save
• Print
• Recommend
• 7

Takeaway: When you connect your network to the Internet, you don't want every
machine to interface directly with it. Instead, you can use RRAS to allow your server to
act as a barrier. Microsoft has updated RRAS in Windows Server 2003. Here's what
you'll face.

People who read this, also read...

• Get connected to a Windows Server 2003 VPN in this step-by-step

• Get IT Done: Provide VPN services using Windows Server 2003
• Using Windows Server 2003 as a router on your network
• Configure Windows Server 2003 to act as a router
• Configure a Windows Server 2003 VPN on the server side

Like its predecessors, Windows Server 2003 provides the ability to act as a router on your
network and to provide remote access services to users outside your network. Routing
And Remote Access (RRAS) in Windows Server 2003 provides VPN, routing, NAT,
dialup and basic firewall services. Here's how to use and configure these services.

Getting started
To get started, open up the Routing And Remote Access configuration utility at Start |
Administrative Tools | Routing And Remote Access. Initially, RRAS is not enabled on
the server. To enable it, right-click the server on which you wish to enable the services
and choose Configure And Enable Routing And Remote Access. In Figure A below, you
can see that I am enabling the service on the server named RAS.

Figure A

Starting the initial RRAS configuration

The initial RRAS configuration starts a wizard that walks you through the steps that need
to be taken to enable the services that you would like to offer. For the first example, I will
enable VPN and NAT services on this server as shown below in Figure B.

Figure B
 Choose the services you wish to support.

When configuring VPN services under Windows Server 2003, you generally need to
have two network interfaces if you also want the remote users to be able to use other
services on the network. If you want them to use just the services on the VPN server, a
single interface will do. In either case, you need to select the interface which faces the
Internet. In Figure C, the adapter with address 192.168.229.128 acts in this capacity
while 192.168.1.103 is the LAN side of the server.

Figure C
 Select the adapter that faces the Internet.

If you do decide to use Windows Server 2003’s VPN services, I still recommend the use
of a hardware firewall between the Internet and your VPN server. Windows has too many
holes to be allowed a direct connection to the Internet.

To work on the local network, remote clients need to be assigned appropriate IP

addresses. You can choose to use your network’s DHCP for this purpose or you can
specify a range of addresses that are used by RRAS. If you decide to use a range of
addresses, make sure that you remove them from any DHCP scopes in order to prevent
conflicts.

I prefer to provide RRAS with a range of addresses rather than use DHCP. By providing
a range, I always know exactly which IP addresses are being used by remote users.

If you select the option to provide RRAS with a range of addresses, they are defined on
the next step of the wizard, shown in Figure D. For this example, I have assigned
192.168.1.200 to 192.168.1.224. Remember to assign addresses from the right network.
I’m not using the 192.168.229 network because that one faces the Internet, while
192.168.1 faces my network, which has the resources that remote users need.

Figure D
 Provide a range of addresses for remote clients to use.

If you are using RADIUS to authenticate users for other services, you can include RRAS
in the mix if you like. This is especially useful in larger networks as RRAS will simply
forward authentication requests to the RADIUS server. For this example, I will not use
RADIUS, as shown in Figure E.

Figure E
 Do you want to use RADIUS for authentication?

That’s all there is initially to configuring VPN and NAT services. While there were no
NAT specific configuration options during the wizard, NAT was enabled and configured
based on responses to other questions. For example, the NAT interface was designated as
network interface facing the Internet and the private interface was designated as the LAN
interface.

NAT
Even though NAT was configured during the wizard, there will come a time when you
want to modify its configuration. To view NAT parameters and statistics, from the RRAS
console, choose Your Server | IP Routing | NAT/Basic Firewall, as shown in Figure F.

Figure F
 NAT/Basic firewall parameters

To configure the NAT services, right-click an interface and choose Properties. This will
display the External Network Properties screen shown in Figure G. Since it’s responsible
for the most NAT functions, the external adapter has more options related to the service.

Figure G
 NAT properties for the external network interface

The NAT/Basic Firewall tab provides a place for you to configure the details directly
relating to the service. If you don’t want to do NAT, you can uncheck the box marked
Enable NAT on this device and vice versa. You can also choose to enable a basic firewall
on the interface. If your server is directly connected to the Internet, I can’t stress enough
the importance of enabling the firewalling feature as well as defining appropriate inbound
filters.

You can configure both inbound and outbound filters by clicking the associated button at
the bottom of the window. You can define filters based on the traffic destination or
source, by the source or destination ports, or by ICMP type.

The Address Pool tab, shown in Figure H, requires that you enter the ranges of IP
addresses assigned by your ISP and available for use on the external interface for NAT
applications. Once you have this information in place, you can reserve addresses for
specific internal machines by clicking the Reservations button and providing the IP
address of the internal machine and the NAT IP address you would like it to use.
Additionally, you can allow incoming connections to this machine by selecting the Allow
incoming connections to this machine box (not shown).

Figure H

The Address Pool tab

On the Services And Ports tab, seen in Figure I, you can configure the services on your
network to which you would like to provide access. Since I have a VPN server on this
system, some options such as L2TP, PPTP, IKE and IKE NAT Traversal are already
enabled. (IKE NAT Traversal, you say? Yes - under Windows Server 2003 with the
appropriate client on the remote machine, you can use IPSec when using NAT). If you
run other services on your network to which you would like to provide access to Internet
users, select it from the list.

Figure I
 The Services And Ports tab

Finally, the ICMP tab, Figure J, provides a place where you can allow specific ICMP
services such as PING to traverse the router. Since ICMP can be used for nefarious
purposes as well as to provide troubleshooting information, be careful what you enable.

Figure J
 The ICMP interface

Routing
Routing is a basic component to both providing VPN services and NAT services under
RRAS on Windows Server 2003. These services configure the router in order to best
provide their individual services. However, you can use your server to provide more
granular routing services as well. Specifically, Windows Server 2003 supports the RIP2
(Routing Information Protocol version 2) and OSPF (Open Shortest Path First) routing
protocols. Of course, static routing capability is also provided.

To add RIP2 or OSPF to your RRAS server, right-click General under Your Server | IP
Routing. From the shortcut menu, choose New Routing Protocol. A list of the currently
unused routing protocols will be presented. Select the one you wish to enable and click
OK. Once enabled, an option for configuring that protocol will appear under the IP
Routing option in the RRAS console.

General IP routing options

Under the General option in the IP Routing section, there are a number of things you can
do. Selecting this option shows a list of available network interfaces including the
internal and the loopback interfaces, as seen in Figure K.

Figure K

The General IP routing tab

To perform further operations on an adapter, right-click the adapter and choose Properties
from the shortcut menu. As you can see below in Figure L, there are a number of things
that can be configured including filters, whether or not TCP/IP is enabled on this
interface, router discovery advertisements, and more.

Figure L
 General interface configuration

RIP2
RIP2 is a distance-vector-based routing protocol which means basically that it directs
traffic based on the number of router hops that have to be taken to reach a destination. It’s
an excellent choice for small- to medium-sized networks where static routes have become
unwieldy. To see which interfaces on which RIP is enabled, select the RIP option under
IP Routing, which will show the screen in Figure M. See above if you have not yet
enabled RIP.

Figure M
 RIP-enabled interfaces

To configure RIP parameters, right-click an interface and choose Properties. The first tab
is the General tab, shown in Figure N, which is where you can define general
information about how RIP will operate on your server. On this tab, Operation Mode
refers to how RIP will update its tables. The two choices are Auto-static Mode and
Periodic Update Mode, which is the default. Auto-static Mode means that an update will
be triggered when another router requests an update while Periodic Update Mode means
that the routing table will be updated at a defined interval (defined on the Advanced tab).

Figure N
 The RIP General tab

The General tab also provides a place for you to define the incoming and outgoing
protocol. For outgoing packets, you can choose RIP1 broadcast, RIP2 broadcast, RIP2
multicast or silent RIP. In silent mode, the system only listens for new RIP
announcements but does not make any itself. If your network uses consistent network
masks throughout, you can use RIP1, but I don’t recommend it unless you have devices
that can only use RIP1. You can also specify the route cost for this interface as well as a
tag number for the routes on this interface. Finally, a password can be specified to be
used for RIP2 updates as a means of identification.

As with everything, security is a concern with network routing. You don’t want bad
routes propagating across your network and interrupting communications. Fortunately,
the WS2K3 RIP service allows you to provide lists of incoming and/or outgoing route
updates that should be ignored. This is accomplished on the Security tab, shown in
Figure O.

Figure O
 The RIP Security tab

The Neighbors tab, Figure P, lets you specify how the RIP service should interact with
its neighbors. On this tab, you can configure RIP to only broadcast its routes, to broadcast
its routes in addition to notifying each neighbor, or to just notify neighbors.

Figure P
 The RIP Neighbors tab

Finally, the RIP Advanced tab, Figure Q, provides a place to configure more advanced
parameters such as the update interval, route expiration time, whether split-horizon
and/or poison reverse is enabled and much more. Split horizon and poison reverse are
useful in preventing routing loops.

Figure Q
 The RIP Advanced tab

OSPF
Like RIP, OSPF is a routing protocol but that is where the similarities end. While RIP is
distance-vector-based (loosely, “hop count”) protocol, OSPF is a link state protocol
meaning that OSPF routers exchange information about the current state of their network
connections when making routing determinations. While more complex than distance
vector protocols, using link state protocols can result in more efficient network traffic
flow as each router always has a map of the network and its current state.

To enable OSPF, you need to define which interface(s) it will act on. To do this, right-
click OSPF and choose New Interface from the shortcut menu. As an example, I’ll enable
OSPF on my internal network.

The General tab for the OSPF properties for the interface defines whether or not OSPF is
enabled, its Area ID, priority, cost and password as well as the network types. Since I’m
using Ethernet, OSPF assumes a broadcast-based environment, as you can see in Figure
R.

Figure R
 OSPF is enabled on the internal interface

The NBMA neighbors tab, Figure S, is only used by X.25, ATM, and Frame Relay
networks. This allows you to manually specify neighbors in these types of networks.

Figure S
 OSPF NBMA Neighbors tab

The OSPF Advanced tab, Figure T, allows you to customize OSPF operation to your
network by configuring options such as the MTU, Hello Interval, and Transmit Delay.

Figure T
 OSPF Advanced tab

Static Routes
The old standby and most people’s introduction to IP routing, static routes are also
available in RRAS. Static routes allow you to manually define routes for this server
rather than using a routing protocol such as RIP or OSPF. Static routing is generally used
on small, static networks.

To create a new static route, right-click Static Routes under IP Routing and select New
Static Route from the shortcut menu. To define a static route, you need the destination
network’s address (the network address for a network route or the host address for a host
route), the network mask for the destination, and the IP address of the gateway used to
get to this network. Figure U below shows a route from my RAS server to the network
172.16.1.0.

Figure U
 A list of the static routes on the server

To see the current routing table, right-click Static Routes and choose Show IP Routing
Table. Figure V shows the routing table from the RAS server I have been using in these
examples.

Figure V

The IP routing table

That's it!
Remote VPN access, NAT, and IP routing are all integral parts of RRAS available in
Windows Server 2003. While I don’t recommend a Windows server being directly
exposed to the Internet, these services can still be safely used on the internal network to
provide network connectivity and access to services that your users need.

What is NAT?
Answer

In computer networking, the process of network address translation (NAT, also known as
network masquerading or IP-masquerading) involves re-writing the source and/or
destination addresses of IP packets as they pass through a router or firewall. Most
systems using NAT do so in order to enable multiple hosts on a private network to access
the Internet using a single public IP address. According to specifications, routers should
not act in this way, but many network administrators find NAT a convenient technique
and use it widely. Nonetheless, NAT can introduce complications in communication
between hosts.

• NAT(Network Address Translation) is most commonly used by broadband

routers. NAT allows the router to assign non-publically routable IP addresses to
the computers on the network. When these computers access the Internet, NAT
modifies the request from the PC with the publically routable address assigned to
the router itself. This allows the request for a web page or whatever to get to it's
destination. When the request is answered, NAT receives the return and forwards
it to the PC on the network that originally requested

There is a difference between NAT and PAT!

Contributed by Andrew Yager
Sunday, 22 January 2006
It sometimes bugs me... like right now... that when I am trying to find information about a
particular technology people
have universally used the wrong term to describe a commonly used feature. Take NAT (Network
Address Translation)
and PAT (Port Address Translation). NAT allows you to translate or map one IP address onto
another single ip address.
PAT on the other hand is what is most commonly referred to as NAT. In a PAT system you have
a single or group of
public IP addresses that are translated to multiple internal ip addresses by mapping the TCP/UDP
ports to different ports.
This means that by using some "magic" on a router or server you can get around problems that
you might have with two
web browsers sending a request out the same port.
But why do people get confused, and why do I care?
This is the question that I propose to begin answering. Essentially, the problem is that some
(indeed most) vendors have
taken to using the wrong terms because users didn't know better. In the internet's younger days,
people would buy NAT
enabled software packages that did port address translation. With the advent of broadband and
the introduction of
consumer ADSL and Cable routers, someone designed an interface which called PAT NAT. In
fairness to these people,
PAT is a kind of NAT - you are translating a single outside IP address to inside IP addresses...
but they are still
fundamentally different concepts!
The down side of having both terms used for the same thing is that when I am after some
information about NAT - that is
TRUE NAT, without Port Address Translation, but merely forwarding requests with the IP headers
changed (which is
necessary to make NAT work) is that I can't find any information on it's implementation. Even for
my Cisco 1700 series
router. I haven't looked a lot, and decided to rant before I got too far, but I mean really... is it that
hard?
I'm calling all of the internet to correct your terms. Make sure your acronmyns mean what you
think they mean. And don't
confuse NAT and PAT any longer. Reform!
Andrew Yager's Blog
http://www.

How to configure Network Address Translation in Windows Server

2003

Prerequisites

To configure the Routing and Remote Access and the Network Address Translation components,

your computer must have at least two network interfaces: one connected to the Internet and the

other one connected to the internal network. You must also configure the network translation

computer to use Transport Control Protocol/Internet Protocol (TCP/IP).

If you use dial-up devices such as a modem or an Integrated Services Digital Network (ISDN)

adapter to connect to the Internet, install your dial-up device before you configure Routing and

Remote Access.

Use the following data to configure the TCP/IP address of the network adapter that connects to the

internal network:
TCP/IP address: 192.168.0.1
Subnet mask: 255.255.255.0
No default gateway
Domain Name System (DNS) server: provided by your Internet service
provider (ISP)
Windows Internet Name Service (WINS) server: provided by your ISP
Use the following data to configure the TCP/IP address of the network adapter that connects to the

external network:
TCP/IP address: provided by your ISP
subnet mask: provided by your ISP
default gateway: provided by your ISP
DNS server: provided by your ISP
WINS server: provided by your ISP
Before you continue, verify that all your network cards or all your dial-up adapters are functioning

correctly.

Configure Routing and Remote Access

To activate Routing and Remote Access, follow these steps:

1. Click Start, point to All Programs, point to Administrative Tools, and then click

Routing and Remote Access.

2. Right-click your server, and then click Configure and Enable Routing and Remote

Access.

3. In the Routing and Remote Access Setup Wizard, click Next, click Network address

translation (NAT), and then click Next.

4. Click Use this public interface to connect to the Internet, and then click the network

adapter that is connected to the Internet. At this stage you have the option to reduce the

risk of unauthorized access to your network. To do so, click to select the Enable security

on the selected interface by setting up Basic Firewall check box.

5. Examine the selected options in the Summary box, and then click Finish.

Configure dynamic IP address assignment for private network clients

You can configure your Network Address Translation computer to act as a Dynamic Host

Configuration Protocol (DHCP) server for computers on your internal network. To do so, follow these

steps:

1. Click Start, point to All Programs, point to Administrative Tools, and then click

Routing and Remote Access.

2. Expand your server node, and then expand IP Routing.

3. Right-click NAT/Basic Firewall, and then click Properties.

4. In the NAT/Basic Firewall Properties dialog box, click the Address Assignment tab.

5. Click to select the Automatically assign IP addresses by using the DHCP allocator

check box. Notice that default private network 192.168.0.0 with the subnet mask of
 255.255.0.0 is automatically added in the IP address and the Mask boxes. You can keep

the default values, or you can modify these values to suit your network.

6. If your internal network requires static IP assignment for some computers -- such as for

domain controllers or for DNS servers -- exclude those IP addresses from the DHCP pool.

To do this, follow these steps:

a. Click Exclude.

b. In the Exclude Reserved Addresses dialog box, click Add, type the IP address,

and then click OK.

c. Repeat step b for all addresses that you want to exclude.

d. Click OK.

Configure name resolution

To configure name resolution, follow these steps:

1. Click Start, point to All Programs, point to Administrative Tools, and then click

Routing and Remote Access.

2. Right-click NAT/Basic Firewall, and then click Properties.

3. In the NAT/Basic Firewall Properties dialog box, click the Name Resolution tab.

4. Click to select the Clients using Domain Name System (DNS) check box. If you use a

demand-dial interface to connect to an external DNS server, click to select the Connect to

the public network when a name needs to be resolved check box, and then click the

appropriate dial-up interface in the list.

How do you allow inbound traffic for

specific hosts on Windows 2003 NAT?
You can use the Windows Server 2003 implementation of IPSec to compensate for the
limited protections provided by applications for network traffic, or as a network-layer
foundation of a defense-in-depth strategy. Do not use IPSec as a replacement for other
user and application security controls, because it cannot protect against attacks from
within established and trusted communication paths. Your authentication strategy must
be well defined and implemented for the potential security provided by IPSec to be
realized, because authentication verifies the identity and trust of the computer at the other
end of the connection.

Você pode usar o Windows Server 2003 implementação de IPSec para compensar a
limitada proteção fornecida pelas aplicações para o tráfego de rede, ou como uma rede da
camada de fundação de uma defesa em profundidade estratégia. Não utilizar o IPSec
como um substituto para o outro usuário e aplicação controlos de segurança, porque pode
não proteger contra os ataques de dentro da estabilidade e de confiança comunicação
caminhos. Sua estratégia autenticação devem ser bem definidas e implementadas para o
potencial de segurança fornecido pelo IPSec para ser realizado, porque autenticação
verifica a identidade ea confiança do computador na outra extremidade da ligação.

What is VPN (Virtual Private

Networking)?
VPN gives extremely secure connections between private networks linked through
the Internet. It allows remote computers to act as though they were on the same secure,
local network.

Advantages

• Allows you to be at home and access your company's computers in the same way
as if you were sitting at work.
• Almost impossible for someone to tap or interfer with data in the VPN tunnel.
• If you have VPN client software on a laptop, you can connect to your company
from anywhere in the world.

Disadvantages

• Setup is more complicated than less secure methods. VPN works across different
manufacturers' equipment, but connecting to a non-NETGEAR product will add
to difficulty, since there may not documentation specific to your situation.
• The company whose network you connect to may require you to follow the
company's own policies on your home computers ( ! )

VPN goes between a computer and a network (client-to-server), or a LAN and a network
using two routers (server-to-server). Each end of the connection is an VPN "endpoint",
the connection between them is a "VPN tunnel". When one end is a client, it means that
computer is running VPN client software such as NETGEAR's ProSafe VPN Client. The
two types of VPN:

VPN Client-to-Server (Client-to-Box):

VPN Server-to-Server (Box-to-Box):

All NETGEAR routers support "VPN Passthrough", but "passthrough" simply means the
router does not stop VPN traffic — you still need two endpoints.
The whole purpose of VPN is to prevent data being altered, so, for example, a
passthrough router that is also running NAT will break the VPN connection.

NETGEAR Support will configure one VPN tunnel between two pieces of NETGEAR
equipment to demonstrate that the equipment and VPN work. For other information:

• See the list of NETGEAR VPN documentation in VPN Configuration and

Troubleshooting Resources.
• Read the product's Reference Manuals, available with the product's downloads.
• Make use of NETGEAR's cost-effective ProSupport. This support for advanced
features is available by phone, or with an on-site NETGEAR representative.

Re: What types of VPN does Windows 2000 and beyond work with natively?
Answer L2TP (layer 2 tunneling protocol )
#1
vpn server is also know as L2TP server in native mode &
in
PPTP in mixed mode

WHAT IS IAS
The IAS machine was the first electronic digital computer built by the Institute for
Advanced Study (IAS), Princeton, NJ, USA. The paper describing the design of the IAS
machine was edited by John von Neumann, (see Von Neumann architecture), a
mathematics professor at both Princeton University and the Institute for Advanced Study.
The computer was built from 1942 until 1951 under his direction. The IAS was in limited
operation in the summer of 1951 and fully operational on June 10, 1952.[1]

The machine was a binary computer with a 40 bit word, storing two 20 bit instructions in
each word. The memory was 1024 words (5.1 kilobytes). Negative numbers were
represented in "two's complement" format. It had two registers: the Accumulator (AC)
and Multiplier/Quotient (MQ).

Although some claim the IAS machine was the first design to mix programs and data in a
single memory, that had been implemented four years earlier by the 1948 Manchester
Small Scale Experimental Machine.[2]

Von Neumann showed how the combination of instructions and data in one memory
could be used to implement loops, by modifying branch instructions when a loop was
completed, for example. The resultant demand that instructions and data be placed on the
memory later came to be known as the Von Neumann Bottleneck.

While the original design called for using a type of vacuum tubes called RCA Selectron
tubes for the memory, problems with the development of these complex tubes forced the
switch to Williams tubes. Nevertheless, it used about 2300 tubes in its circuitry. The
addition time was 62 microseconds and the multiplication time was 713 microseconds. It
was an asynchronous machine, meaning that there was no central clock regulating the
timing of the instructions. One instruction started executing when the previous one
finished.