What command line command is used to view the state of all sockets for VPN and verify that UDP port 500 is listening for requests?

netstat -an

What is the command line command to view the VPN routing tables and verify custom network routing definitions?

netstat -rn

If using both L2TP and PPTP for VPN configuration, what must you make sure of?

that the IP ranges for each protcol do not overlap

What two tunneling protocols are supported by Mac OS X Server and what are the key differences between them?

Layer Two Tunneling Protocol (L2TP) – more robust security, allows for shared secret

Point-to-Point Tunneling Protocol (PPTP) – more compatible with wider array of clients

What authentication method (not tunneling protocol) is supported by default for VPN connections? Can other authentication methods be used?

MS-CHAPv2 supported by default

Other authentication methods can be used with advanced configuration.

What are the three kinds of NAT, and which one is the only kind that you can configure via Server admin?

static NAT – maps a private IP address to a public one

dynamic NAT – maps a private IP address to the first available address from a list of public addresses

Port Address Translation (PAT) – maps multiple private IP addresses to a single public one using different ports. This is also known as port overloading, single address NAT, and port-level multiplexed NAT

Which one is the only kind that you can configure via Server admin?
Port Address Translation (PAT)

What does NAT stand for and what else is it known by?

NAT: network address translation

also known as IP masquerading or IP aliasing

In a Firewall log, what does term is used to indicate that the incoming request was allowed?

accept

In a Firewall log, what does term is used to indicate that the incoming request was denied?

unreach

Which ports are enabled by default when you first configure Firewall and why?

Only the ports needed to perform remote administration: Remote Directory Access (625), server admin (687), Secure Shell (22)

WHY: These ports are enabled so that if you turn Firewall on remotely you will still be able to configure the server without blocking yourself out accidentally.