Flash Player 9 (or above) is needed to view presentations.
We have detected that you do not have it on your computer. To install it, go here.

Like this presentation? Why not share!

Windows Network Administration Chapter 10






Total Views
Views on SlideShare
Embed Views



0 Embeds 0

No embeds



Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

Windows Network Administration Chapter 10 Windows Network Administration Chapter 10 Presentation Transcript

  • Windows Network Administration
    • Chapter 10
    • Administering Routing and Remote Access
  • Introduction
    • Routing and Remote Access Service (RRAS)
      • Enables users to connect to LAN from remote computer
    • Windows Dial-up Networking (DUN)
      • Allows modem dial-up connection/modem to work like LAN interface
      • Allows servers to host one or more dial-up network users
      • Infrastructure:
        • Modem
        • POTS / ISDN
  • Point-to-Point Protocol (PPP)
    • Allows two devices to establish TCP/IP connection over serial link
    • Three phases
    • Protocols:
      • Link Control Protocol (LCP)
      • Challenge Handshake Authentication Protocol (CHAP)
      • Callback Control Protocol (CBCP)
      • Compression Control Protocol (CCP)
      • IP Control Protocol (IPCP)
      • Internet Protocol (IP)
    • Encapsulation
    • Multilink extensions
  • Three Phases of PPP
  • Virtual Private Networking
    • VPN: Private networking using Internet connection
    • Encrypted tunnels
    • Windows Server 2003 VPN support
      • Point-to-Point Tunneling Protocol (PPTP)
      • Layer 2 Tunneling Protocol (L2TP)
  • Virtual Private Networking
  • How VPNs Work
    • Connection process:
      • Client establishes Internet connection
      • Client sends VPN request to server
        • Request Format varies (PPTP, L2TP)
      • Client authenticates to server
        • Authentication process varies (PPTP, L2TP)
      • Client/server negotiation for VPN session
        • Encryption algorithm and strength
      • Client/server PPP negotiation
  • VPNs
    • VPN packets
      • Encrypted by VPN software
      • Encapsulated inside regular IP packets
    • VPN encapsulation
      • Data packet created
      • IP stack adds TCP and IP headers: IP datagram
      • Add PPP header: PPP frame
      • VPN software encrypts PPP frame
      • Add GRE header: Encapsulated PPTP packet
      • PPTP stack adds IP header and PPP header
      • Packet sent
  • VPN Encapsulation
  • PPTP and L2TP
    • PPTP
      • Encryption using Microsoft Point-to-Point Encryption (MPPE)
      • Authenticates to server with challenge/response process
    • L2TP
      • More general purpose than PPTP
      • No native encryption or authentication
      • Used with IPsec for security
        • ISAKMP, Oakley protocols for creating encrypted channel before establishing tunnel
  • Configuring Routing
    • Windows Server 2003 RRAS
      • Fully functional multiprotocol router
      • To use as additional router
        • Activate and configure RRAS
      • To use as IP router
        • Add demand-dial interfaces for demand-dialing
        • Give each routable interface network address
        • Install and configure routing protocols on interfaces
      • RRAS Setup Wizard
  • RRAS Snap-in: Network Interfaces Node
  • Local Area Connection Properties
  • Setting Up Demand-Dial Interfaces
    • Demand-Dial Interface Wizard
      • Interface Name page
      • Connection Type page
        • Physical device or VPN connection
      • Depending on connection type
        • Select a Device page
        • VPN Type page
      • Network Address / Phone Number page
      • Protocols and Security page
      • Dial-In Credentials page
      • Dial-Out Credentials page
  • Demand-Dial Interface Wizard
  • Demand-Dial Interface Wizard
  • Demand-Dial Interface Wizard
  • Configuring IP Routing Properties
  • Managing Static Routes
    • Create static routes to populate routing table
    • Static routes:
      • Combine network address with subnet mask to provide list of destinations
    • To create static route:
      • Static Route dialog box, or
      • route add command
        • route add destination mask netmask gateway metric interface
  • Managing Static Routes
  • Configuring Remote Access
    • General configuration of RAS
    • Server Properties dialog box
      • General tab: Whether to allow remote connections
      • Protocol specific tabs: What protocols to support and their settings
      • Security tab: Security settings
      • PPP tab: Which PPP protocols clients may use
      • Logging tab: Level of log detail
  • Configuring Remote Access
  • Configuring Remote Access
  • Configuring VPN Access
    • VPN:
      • Sits between internal network and Internet
    • VPN server:
      • Should be outside any firewalls or network security measures
  • Configuring VPN Access
  • Configuring VPN Access
    • Common configuration: Two NICs:
      • One connects to Internet
      • Other connects either to:
        • Private network, OR
        • Intermediate network connected to private network
    • Converting RRAS server to handle VPN traffic
  • Configuring VPN Access
  • Configuring a VPN
    • Adjust number and kind of VPN ports
    • Enable or disable PPTP or L2TP
    • Ports Properties dialog box
      • List of hardware ports
      • Two WAN miniport devices (virtual ports)
        • PPTP
        • L2TP
      • Configure Device dialog box
  • Configuring a VPN
  • Remote Access Security
    • To control who uses remote access services
      • Set up remote access profiles on individual accounts
      • Create and manage remote access policies that apply to groups of users
  • Configuring User Access
    • Profile:
      • User account information
      • Typically stored in Active Directory
    • Two user management snap-ins
      • If RRAS is part of Active Directory domain:
        • Active Directory Users and Computers
      • If RRAS is not part of Active Directory domain
        • Local Users and Groups
    • Dial-in tab of user’s Properties dialog box
  • Configuring User Access
  • Remote Access Policies
    • Remote access policies
      • To determine who can connect
      • Each user has single policy applied when connecting
      • Three components
        • Conditions
        • Permissions
        • Profile
      • Ordering and application of policies
        • Caller must match all conditions of policy
        • First policy to match caller is used
  • Configuring Remote Access Policies
    • RRAS snap-in
      • Remote Access Policies folder
      • New Remote Access Policy Wizard
        • Policy Configuration Method page
        • Policy Conditions page
          • Select Attribute dialog box
        • Permissions page
  • Configuring Remote Access Policies
  • Configuring Remote Access Policies
  • Configuring Remote Access Policies
  • Using Remote Access Profiles
    • Remote Access profiles
      • Settings to determine what happens during call setup and completion
    • Each policy has associated profile
      • Profile determines settings for connections that meet policy conditions
    • Profile Properties dialog box
      • Dial-In Constraints tab
      • IP tab
      • Multilink tab
      • Authentication tab
      • Encryption tab
      • Advanced tab
  • Using Remote Access Profiles
  • Using Remote Access Profiles
  • Using Remote Access Profiles