Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Windows Network
Administration
Chapter 10
Administering Routing and Remote Access
Introduction
• Routing and Remote Access Service
(RRAS)
– Enables users to connect to LAN from remote computer
• Windows D...
Point-to-Point Protocol (PPP)
• Allows two devices to establish TCP/IP
connection over serial link
• Three phases
• Protoc...
Three Phases of PPP
Virtual Private Networking
• VPN: Private networking using Internet
connection
• Encrypted tunnels
• Windows Server 2003 V...
Virtual Private Networking
How VPNs Work
• Connection process:
1. Client establishes Internet connection
2. Client sends VPN request to server
• Requ...
VPNs
• VPN packets
– Encrypted by VPN software
– Encapsulated inside regular IP packets
• VPN encapsulation
1. Data packet...
VPN Encapsulation
PPTP and L2TP
• PPTP
– Encryption using Microsoft Point-to-Point
Encryption (MPPE)
– Authenticates to server with
challeng...
Configuring Routing
• Windows Server 2003 RRAS
– Fully functional multiprotocol router
– To use as additional router
• Act...
RRAS Snap-in: Network Interfaces
Node
Local Area Connection Properties
Setting Up Demand-Dial Interfaces
• Demand-Dial Interface Wizard
– Interface Name page
– Connection Type page
• Physical d...
Demand-Dial Interface Wizard
Demand-Dial Interface Wizard
Demand-Dial Interface Wizard
Configuring IP Routing Properties
Managing Static Routes
• Create static routes to populate routing
table
• Static routes:
– Combine network address with su...
Managing Static Routes
Configuring Remote Access
• General configuration of RAS
• Server Properties dialog box
– General tab: Whether to allow re...
Configuring Remote Access
Configuring Remote Access
Configuring VPN Access
• VPN:
– Sits between internal network and Internet
• VPN server:
– Should be outside any firewalls...
Configuring VPN Access
Configuring VPN Access
• Common configuration: Two NICs:
– One connects to Internet
– Other connects either to:
• Private ...
Configuring VPN Access
Configuring a VPN
• Adjust number and kind of VPN ports
• Enable or disable PPTP or L2TP
• Ports Properties dialog box
– L...
Configuring a VPN
Remote Access Security
• To control who uses remote access
services
– Set up remote access profiles on individual
accounts...
Configuring User Access
• Profile:
– User account information
– Typically stored in Active Directory
• Two user management...
Configuring User Access
Remote Access Policies
• Remote access policies
– To determine who can connect
– Each user has single policy applied when
...
Configuring Remote Access Policies
• RRAS snap-in
– Remote Access Policies folder
– New Remote Access Policy Wizard
• Poli...
Configuring Remote Access Policies
Configuring Remote Access Policies
Configuring Remote Access Policies
Using Remote Access Profiles
• Remote Access profiles
– Settings to determine what happens during call setup and
completio...
Using Remote Access Profiles
Using Remote Access Profiles
Using Remote Access Profiles
Upcoming SlideShare
Loading in …5
×

Windows Network Administration Chapter 10

1,197 views

Published on

  • Be the first to comment

  • Be the first to like this

Windows Network Administration Chapter 10

  1. 1. Windows Network Administration Chapter 10 Administering Routing and Remote Access
  2. 2. Introduction • Routing and Remote Access Service (RRAS) – Enables users to connect to LAN from remote computer • Windows Dial-up Networking (DUN) – Allows modem dial-up connection/modem to work like LAN interface – Allows servers to host one or more dial-up network users – Infrastructure: • Modem • POTS / ISDN
  3. 3. Point-to-Point Protocol (PPP) • Allows two devices to establish TCP/IP connection over serial link • Three phases • Protocols: – Link Control Protocol (LCP) – Challenge Handshake Authentication Protocol (CHAP) – Callback Control Protocol (CBCP) – Compression Control Protocol (CCP) – IP Control Protocol (IPCP) – Internet Protocol (IP) • Encapsulation • Multilink extensions
  4. 4. Three Phases of PPP
  5. 5. Virtual Private Networking • VPN: Private networking using Internet connection • Encrypted tunnels • Windows Server 2003 VPN support – Point-to-Point Tunneling Protocol (PPTP) – Layer 2 Tunneling Protocol (L2TP)
  6. 6. Virtual Private Networking
  7. 7. How VPNs Work • Connection process: 1. Client establishes Internet connection 2. Client sends VPN request to server • Request Format varies (PPTP, L2TP) 3. Client authenticates to server • Authentication process varies (PPTP, L2TP) 4. Client/server negotiation for VPN session • Encryption algorithm and strength 5. Client/server PPP negotiation
  8. 8. VPNs • VPN packets – Encrypted by VPN software – Encapsulated inside regular IP packets • VPN encapsulation 1. Data packet created 2. IP stack adds TCP and IP headers: IP datagram 3. Add PPP header: PPP frame 4. VPN software encrypts PPP frame 5. Add GRE header: Encapsulated PPTP packet 6. PPTP stack adds IP header and PPP header 7. Packet sent
  9. 9. VPN Encapsulation
  10. 10. PPTP and L2TP • PPTP – Encryption using Microsoft Point-to-Point Encryption (MPPE) – Authenticates to server with challenge/response process • L2TP – More general purpose than PPTP – No native encryption or authentication – Used with IPsec for security • ISAKMP, Oakley protocols for creating encrypted channel before establishing tunnel
  11. 11. Configuring Routing • Windows Server 2003 RRAS – Fully functional multiprotocol router – To use as additional router • Activate and configure RRAS – To use as IP router • Add demand-dial interfaces for demand-dialing • Give each routable interface network address • Install and configure routing protocols on interfaces – RRAS Setup Wizard
  12. 12. RRAS Snap-in: Network Interfaces Node
  13. 13. Local Area Connection Properties
  14. 14. Setting Up Demand-Dial Interfaces • Demand-Dial Interface Wizard – Interface Name page – Connection Type page • Physical device or VPN connection – Depending on connection type • Select a Device page • VPN Type page – Network Address / Phone Number page – Protocols and Security page – Dial-In Credentials page – Dial-Out Credentials page
  15. 15. Demand-Dial Interface Wizard
  16. 16. Demand-Dial Interface Wizard
  17. 17. Demand-Dial Interface Wizard
  18. 18. Configuring IP Routing Properties
  19. 19. Managing Static Routes • Create static routes to populate routing table • Static routes: – Combine network address with subnet mask to provide list of destinations • To create static route: – Static Route dialog box, or – route add command route add destination mask netmask gateway metric interface
  20. 20. Managing Static Routes
  21. 21. Configuring Remote Access • General configuration of RAS • Server Properties dialog box – General tab: Whether to allow remote connections – Protocol specific tabs: What protocols to support and their settings – Security tab: Security settings – PPP tab: Which PPP protocols clients may use – Logging tab: Level of log detail
  22. 22. Configuring Remote Access
  23. 23. Configuring Remote Access
  24. 24. Configuring VPN Access • VPN: – Sits between internal network and Internet • VPN server: – Should be outside any firewalls or network security measures
  25. 25. Configuring VPN Access
  26. 26. Configuring VPN Access • Common configuration: Two NICs: – One connects to Internet – Other connects either to: • Private network, OR • Intermediate network connected to private network • Converting RRAS server to handle VPN traffic
  27. 27. Configuring VPN Access
  28. 28. Configuring a VPN • Adjust number and kind of VPN ports • Enable or disable PPTP or L2TP • Ports Properties dialog box – List of hardware ports – Two WAN miniport devices (virtual ports) • PPTP • L2TP – Configure Device dialog box
  29. 29. Configuring a VPN
  30. 30. Remote Access Security • To control who uses remote access services – Set up remote access profiles on individual accounts – Create and manage remote access policies that apply to groups of users
  31. 31. Configuring User Access • Profile: – User account information – Typically stored in Active Directory • Two user management snap-ins – If RRAS is part of Active Directory domain: • Active Directory Users and Computers – If RRAS is not part of Active Directory domain • Local Users and Groups • Dial-in tab of user’s Properties dialog box
  32. 32. Configuring User Access
  33. 33. Remote Access Policies • Remote access policies – To determine who can connect – Each user has single policy applied when connecting – Three components • Conditions • Permissions • Profile – Ordering and application of policies • Caller must match all conditions of policy • First policy to match caller is used
  34. 34. Configuring Remote Access Policies • RRAS snap-in – Remote Access Policies folder – New Remote Access Policy Wizard • Policy Configuration Method page • Policy Conditions page – Select Attribute dialog box • Permissions page
  35. 35. Configuring Remote Access Policies
  36. 36. Configuring Remote Access Policies
  37. 37. Configuring Remote Access Policies
  38. 38. Using Remote Access Profiles • Remote Access profiles – Settings to determine what happens during call setup and completion • Each policy has associated profile – Profile determines settings for connections that meet policy conditions • Profile Properties dialog box – Dial-In Constraints tab – IP tab – Multilink tab – Authentication tab – Encryption tab – Advanced tab
  39. 39. Using Remote Access Profiles
  40. 40. Using Remote Access Profiles
  41. 41. Using Remote Access Profiles

×