cbt video question

This topic contains 3 replies, has 2 voices, and was last updated by  Don Jones 4 years, 2 months ago.

  • Author
    Posts
  • #7140

    theeagle
    Participant

    Hi Don,

    I just finished watching your cbt videos on the 413 exam, they were very informative but I did have one question, in the vpn video you said that you can't use the dhcp nap enforcement method for vpn users, but in the last video you said that you could, is there certain cases where you could and certain cases where you couldn't?

    Thanks in advance

  • #7146

    Don Jones
    Keymaster

    Sorry if that seemed confusing. You can use both methods on the same network. But, when someone comes in via VPN (we're talking Windows RRAS here, not third-party VPN), the VPN server is the sole enforcement point, so you can't also use DHCP enforcement on those connections. If you're using non-Windows VPN... well, "it depends."

  • #7171

    theeagle
    Participant

    thank you for the clarification, so you wouln't use both vpn and dhcp enforcement for clients connecting over rras vpn, but could you use dhcp enforcement for rras users instead of vpn enforcement?

  • #7177

    Don Jones
    Keymaster

    It depends. You have to understand the flow, and there are version interdependencies.

    The client health report is generated by the CLIENT. That gets sent along to the NAP server. For an RRAS client, their NAP service point is the RRAS server – so no, you wouldn't normally use DHCP enforcement, because the RRAS server wouldn't necessarily pass along the client's health report to DHCP. But it's very version-specific, how all this works – you really should read up on it, and definitely use this stuff (at least in a lab) before you jump into, say, taking an exam. The exams are really geared for folks who've used the product – my training video is meant to give you a huge jump start on all that but there's no substitute for experience. When you start playing with all the various RRAS permutations, it gets complicated. Are you using RRAS to hand out IP addresses, or is it proxying DHCP requests, for example? So... it depends. NAP's a pretty complex topic.

    (you're welcome to e-mail me – this is a PowerShell forum, and I don't want to go too far off-topic. I realize you were just trying to contact me, and this is a good spot, but I'd rather not continue the conversation here. There's a contact form on the Site Info page here, and while I don't have time to do a lot of detailed back-and-forth, I'm happy to try and do what I can.)

     

You must be logged in to reply to this topic.