Testing Your Remote Access Server Design

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

When you complete the design of your remote access server solution, test the design. Testing the design includes testing individual VPN client access to VPN servers, as well as comprehensive testing of the entire external connectivity design. If you are integrating multiple remote access solutions, test them together after testing them individually.

Because of vulnerabilities that exposure to the Internet might introduce, isolate your network perimeter from your intranet during testing. Do not integrate your network perimeter with your intranet until you are confident that you have addressed all security issues.

Be sure to test the ISP infrastructure, including the RADIUS proxy (if applicable), and a representative sampling of access points.

Testing is critical to the security of any external connectivity solution, and it is important for ensuring that the connections function as planned. Before testing, simulate both internal and external connections to prevent exposure and corruption of any part of your network.

Tools for Testing a Remote Access Server Design

The following tools are useful in testing a remote access server design:

• TCP/IP troubleshooting tools, including Netsh, Ping, Pathping, Route, and Tracert.

• Remote access logging in the Routing and Remote Access snap-in. The log includes authentication and accounting information.

• Event Viewer. This is an administrative tool for Windows Server 2003 that displays monitoring and troubleshooting information from Windows and other programs.

• Network Monitor. This is an optional networking component for Windows Server 2003 that allows a system administrator to capture and examine packets on a LAN and save the packets to a capture file.

• Remote Access Event Tracing. This is enabled through Netsh.