Windows Network Administration Chapter 10

854 views
777 views

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
854
On SlideShare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
51
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Windows Network Administration Chapter 10

  1. 1. Windows Network Administration Chapter 10 Administering Routing and Remote Access
  2. 2. Introduction • Routing and Remote Access Service (RRAS) – Enables users to connect to LAN from remote computer • Windows Dial-up Networking (DUN) – Allows modem dial-up connection/modem to work like LAN interface – Allows servers to host one or more dial-up network users – Infrastructure: • Modem • POTS / ISDN
  3. 3. Point-to-Point Protocol (PPP) • Allows two devices to establish TCP/IP connection over serial link • Three phases • Protocols: – Link Control Protocol (LCP) – Challenge Handshake Authentication Protocol (CHAP) – Callback Control Protocol (CBCP) – Compression Control Protocol (CCP) – IP Control Protocol (IPCP) – Internet Protocol (IP) • Encapsulation • Multilink extensions
  4. 4. Three Phases of PPP
  5. 5. Virtual Private Networking • VPN: Private networking using Internet connection • Encrypted tunnels • Windows Server 2003 VPN support – Point-to-Point Tunneling Protocol (PPTP) – Layer 2 Tunneling Protocol (L2TP)
  6. 6. Virtual Private Networking
  7. 7. How VPNs Work • Connection process: 1. Client establishes Internet connection 2. Client sends VPN request to server • Request Format varies (PPTP, L2TP) 3. Client authenticates to server • Authentication process varies (PPTP, L2TP) 4. Client/server negotiation for VPN session • Encryption algorithm and strength 5. Client/server PPP negotiation
  8. 8. VPNs • VPN packets – Encrypted by VPN software – Encapsulated inside regular IP packets • VPN encapsulation 1. Data packet created 2. IP stack adds TCP and IP headers: IP datagram 3. Add PPP header: PPP frame 4. VPN software encrypts PPP frame 5. Add GRE header: Encapsulated PPTP packet 6. PPTP stack adds IP header and PPP header 7. Packet sent
  9. 9. VPN Encapsulation
  10. 10. PPTP and L2TP • PPTP – Encryption using Microsoft Point-to-Point Encryption (MPPE) – Authenticates to server with challenge/response process • L2TP – More general purpose than PPTP – No native encryption or authentication – Used with IPsec for security • ISAKMP, Oakley protocols for creating encrypted channel before establishing tunnel
  11. 11. Configuring Routing • Windows Server 2003 RRAS – Fully functional multiprotocol router – To use as additional router • Activate and configure RRAS – To use as IP router • Add demand-dial interfaces for demand-dialing • Give each routable interface network address • Install and configure routing protocols on interfaces – RRAS Setup Wizard
  12. 12. RRAS Snap-in: Network Interfaces Node
  13. 13. Local Area Connection Properties
  14. 14. Setting Up Demand-Dial Interfaces • Demand-Dial Interface Wizard – Interface Name page – Connection Type page • Physical device or VPN connection – Depending on connection type • Select a Device page • VPN Type page – Network Address / Phone Number page – Protocols and Security page – Dial-In Credentials page – Dial-Out Credentials page
  15. 15. Demand-Dial Interface Wizard
  16. 16. Demand-Dial Interface Wizard
  17. 17. Demand-Dial Interface Wizard
  18. 18. Configuring IP Routing Properties
  19. 19. Managing Static Routes • Create static routes to populate routing table • Static routes: – Combine network address with subnet mask to provide list of destinations • To create static route: – Static Route dialog box, or – route add command route add destination mask netmask gateway metric interface
  20. 20. Managing Static Routes
  21. 21. Configuring Remote Access • General configuration of RAS • Server Properties dialog box – General tab: Whether to allow remote connections – Protocol specific tabs: What protocols to support and their settings – Security tab: Security settings – PPP tab: Which PPP protocols clients may use – Logging tab: Level of log detail
  22. 22. Configuring Remote Access
  23. 23. Configuring Remote Access
  24. 24. Configuring VPN Access • VPN: – Sits between internal network and Internet • VPN server: – Should be outside any firewalls or network security measures
  25. 25. Configuring VPN Access
  26. 26. Configuring VPN Access • Common configuration: Two NICs: – One connects to Internet – Other connects either to: • Private network, OR • Intermediate network connected to private network • Converting RRAS server to handle VPN traffic
  27. 27. Configuring VPN Access
  28. 28. Configuring a VPN • Adjust number and kind of VPN ports • Enable or disable PPTP or L2TP • Ports Properties dialog box – List of hardware ports – Two WAN miniport devices (virtual ports) • PPTP • L2TP – Configure Device dialog box
  29. 29. Configuring a VPN
  30. 30. Remote Access Security • To control who uses remote access services – Set up remote access profiles on individual accounts – Create and manage remote access policies that apply to groups of users
  31. 31. Configuring User Access • Profile: – User account information – Typically stored in Active Directory • Two user management snap-ins – If RRAS is part of Active Directory domain: • Active Directory Users and Computers – If RRAS is not part of Active Directory domain • Local Users and Groups • Dial-in tab of user’s Properties dialog box
  32. 32. Configuring User Access
  33. 33. Remote Access Policies • Remote access policies – To determine who can connect – Each user has single policy applied when connecting – Three components • Conditions • Permissions • Profile – Ordering and application of policies • Caller must match all conditions of policy • First policy to match caller is used
  34. 34. Configuring Remote Access Policies • RRAS snap-in – Remote Access Policies folder – New Remote Access Policy Wizard • Policy Configuration Method page • Policy Conditions page – Select Attribute dialog box • Permissions page
  35. 35. Configuring Remote Access Policies
  36. 36. Configuring Remote Access Policies
  37. 37. Configuring Remote Access Policies
  38. 38. Using Remote Access Profiles • Remote Access profiles – Settings to determine what happens during call setup and completion • Each policy has associated profile – Profile determines settings for connections that meet policy conditions • Profile Properties dialog box – Dial-In Constraints tab – IP tab – Multilink tab – Authentication tab – Encryption tab – Advanced tab
  39. 39. Using Remote Access Profiles
  40. 40. Using Remote Access Profiles
  41. 41. Using Remote Access Profiles

×