(Each week we present a question similar to those you will find in our ExamSim software. If you are interested in purchasing the ExamSim software, just click the ExamSim MCSE 2000 link)You are the new network administrator for a small company. This company has about 800 computers spread across two physical locations. The central office is in Dallas, TX and there are about 500 computers at that location. The company also has an office in Laramie, WY where they have a little over 300 computers. The network infrastructure includes a variety of Windows-based clients, including Windows 95, Windows 98, Windows NT 4.0 and Windows 2000 Servers and workstations.
(Each week we present a question similar to those you will find in our
ExamSim software. If you are interested in purchasing the ExamSim software, just
click the ExamSim MCSE 2000 link)
You are the new network administrator for a small company. This company has
about 800 computers spread across two physical locations. The central office is
in Dallas, TX and there are about 500 computers at that location. The company
also has an office in Laramie, WY where they have a little over 300 computers.
The network infrastructure includes a variety of Windows-based clients,
including Windows 95, Windows 98, Windows NT 4.0 and Windows 2000 Servers and
The company would like to connect the two locations in a cost-efficient
manner. Before you came on the job, the company had hired a consultant who told
them the only way to connect the offices was to obtain a dedicated Frame Relay
connection which included monthly line charges as well as packet charges. The
company tried this solution for a month, and found it to be cost-prohibitive.
They decided to stop the dedicated Frame Relay link between the sites and now
wish for you to come up with an answer.
Which of the following solutions would allow the company to connect the
offices in a cost-effective manner?
- Install a Windows 2000 Professional machine in each office and make each
of them a NAT Server. The NAT Servers will be used to link each of the
offices in NAT gateway-to-gateway solution using 56Kpbs dedicated analog
- Install a Windows 2000 Server computer in each office and enable the
Routing and Remote Access Service. Create a one-way VPN link from the Dallas
to the Laramie office using a dedicated ISDN connection.
- Install a Windows 2000 Server computer in each office and enable the
Routing and Remote Access Service. Create demand-dial routes at each office
that connects to the other office. Use ISDN adapters at each site to connect
the Servers to each other.
- Install a Windows 2000 Server computer in each and enable the Routing and
Remote Access Service. At each site, obtain a local ISP account and
configure a dedicated connection on both servers to connect to their local
ISPs. Configure a demand-dial VPN connection at each site to connect the
sites to one another via the VPN.
The correct answers are C and D.
If you would like to see the explanations for this question, check out the
next page link below.
This question focuses on your level of understanding of WAN internetworking, the
Windows 2000 Routing and Remote Access Service, Demand Dial Routing, and Virtual
Private Networking. Like most of the Windows 2000 MCSE exam questions you'll
run into, this question tests your understanding of multiple subjects, and your
ability to integrate your knowledge of those subjects.
This company was sold a bill of goods with their previous consultant, because
the most expensive option you have to connect two sites together is via
dedicated WAN links. This company had to pay quite a bit of money to connect to
the two sites via a dedicated Frame Relay line. With the technologies available
in Windows 2000, a company of this size does not need to incur the expense of
There are actually two viable solutions to this company's problem:
- The company could configure a Windows 2000 Server at each site and enable
the Routing and Remote Access Service on each computer. On each of the
Windows 2000 Servers, you could configure a demand-dial routing connection
to connect the servers to each other. This would allow the users from both
sites to take advantage of the demand-dial route to access resources on the
opposite network. The demand-dial route can be configured to drop the
connection after a short period of inactivity, and therefore avoid the costs
of a long-distance connection that is not being actively used.
- The company could take advantage of a second option that includes the use
of a virtual demand-dial route. In this example, you would have a Windows
2000 Server at each office and configure each of them to be VPN Servers. In
this case, each server would have a dedicated link to the Internet via a
local ISP. You could configure ISDN connections for each of the computers to
their local ISPs, and then create a demand-dial VPN link on each RRAS Server
to the other server. The advantage to this solution is that the offices will
be able to access each other's resources via the link, but they will also
be able to access Internet resources because of their connection to the
The key to cost savings in this example is to take advantage of technologies
that prevent you from requiring a long distance dedicated link between the
sites. In the first approach, you use an on-demand point-to-point connection between the
offices and do not use the Internet. In this second scenario, you take advantage
of the Internet and never incur any long distance charges.
For an explanation of demand-dial routing, click the link before for the next
A demand-dial route is a connection that is created temporarily between
networks that allows them to exchange information. For example, you might have
two private networks with network IDs 192.168.1.0/24 and 192.168.2.0/24 and you
want to them to able to exchange packets. In order to do so, you need to install
a device that can route packets between the networks. If these networks were
connected via fast Ethernet links, you could use a dedicated hardware router, or
a multihomed Windows 2000 Server machine as a software router. The Ethernet connections are
dedicated connections; they are "always on".
But when sites are geographically disparate, the issue of dedicated
connections becomes a little more complex. You can create dedicated
point-to-point links between the sites, but this can become prohibitively
expensive. You could also configure virtual private links between the sites, but
leaving those links open all the time could represent a security risk.
The demand-dial solution addresses both of these problems. If you choose the more secure point-to-point solution, you configure a static route on your
Windows 2000 RRAS Server to direct all packets to the other network via a
demand-dial connection. When a user on one of the networks seeks to access a
resource on the other network, the packet is sent to the RRAS Server for
routing. The static route instructs the router to forward the packet using
the demand-dial route and a dial-up connection is established. When the
connection becomes idle for a specified period of time, the connection is
dropped. The company saves money because they do not need to support a dedicated
In the VPN demand-dial scenario, the overall costs of ISP and local line
charges should be less than that of a dedicated long distance point-to-point
connection. The issue with a VPN connection is security. From a security
standpoint, you would prefer that the door open to your private network's data
remain closed as much as possible. To accomplish this end you can configure a
demand-dial VPN connection. To increase security, you could filter out all but
VPN connections sources from your own VPN gateways. Of course, this alternative
will not enable Internet access for the sites.
For coverage is answer to the question, go to the next page via the link
Answer A is incorrect because you cannot make Windows 2000 Professional
machines demand dial routers. Windows 2000 Professional does not include the
Routing and Remote Access service and therefore you cannot create demand-dial
routing connections between the sites with this solution. In addition, NAT
(Network Address Translation) does not allow you to configure demand-dial links
and is not involved with the creation of demand-dial routing or VPN demand-dial
links. NAT is one of the routing protocols included in the Windows 2000 Routing
and Remote Access service.
Answer B is incorrect because you run into the cost-prohibitive solution of using dedicated point-to-point links between the sites. If the company were to
maintain continuous point-to-point links via two ISDN modems, they would have to
pay long distance charges for the time online, as well as possible packet
charges depending on the policies of the local telephone company. This is also a
somewhat unusual setup in that a dedicated point-to-point connection is used to
tunnel data between the sites. This can be done to add more security, however.
Another problem is that the connection is a one-way connection, which would
leave the other users unable to access resources on the opposite subnet.
Answer C is correct because you can save money by creating a demand-dial
point-to-point routed connection between the sites. The link will stay active only as long as
it is needed, and then the line will be dropped.
Answer D is correct because you can save money by using dedicated connections
to local ISPs, and then create demand-dial VPN connections to route packets
between VPN gateways. The link will remain active only as long as it is needed,
and then the tunnel is torn down. This adds security to the VPN solution.
This article was originally published on Monday Nov 20th 2000