ExamSim MCSE 2000: Connecting Remote Offices Page 3

Thomas Shinder

A demand-dial route is a connection that is created temporarily between networks that allows them to exchange information. For example, you might have two private networks with network IDs and and you want to them to able to exchange packets. In order to do so, you need to install a device that can route packets between the networks. If these networks were connected via fast Ethernet links, you could use a dedicated hardware router, or a multihomed Windows 2000 Server machine as a software router. The Ethernet connections are dedicated connections; they are "always on".

But when sites are geographically disparate, the issue of dedicated connections becomes a little more complex. You can create dedicated point-to-point links between the sites, but this can become prohibitively expensive. You could also configure virtual private links between the sites, but leaving those links open all the time could represent a security risk.

The demand-dial solution addresses both of these problems. If you choose the more secure point-to-point solution, you configure a static route on your Windows 2000 RRAS Server to direct all packets to the other network via a demand-dial connection. When a user on one of the networks seeks to access a resource on the other network, the packet is sent to the RRAS Server for routing. The static route instructs the router to forward the packet using the demand-dial route and a dial-up connection is established. When the connection becomes idle for a specified period of time, the connection is dropped. The company saves money because they do not need to support a dedicated long-distance connection.

In the VPN demand-dial scenario, the overall costs of ISP and local line charges should be less than that of a dedicated long distance point-to-point connection. The issue with a VPN connection is security. From a security standpoint, you would prefer that the door open to your private network's data remain closed as much as possible. To accomplish this end you can configure a demand-dial VPN connection. To increase security, you could filter out all but VPN connections sources from your own VPN gateways. Of course, this alternative will not enable Internet access for the sites.

For coverage is answer to the question, go to the next page via the link below.

This article was originally published on Nov 20, 2000
Page 3 of 4

Thanks for your registration, follow us on our social networks to keep up-to-date