Abstract image of a woman sitting on books and studying on a laptop

4966709.ppt

Download as PPT, PDF
I
ImXaib

This document provides an overview of configuring and administering remote access services in Windows Server 2003. It discusses configuring remote access and VPN connections using dial-up connections and VPN protocols like PPTP and L2TP. It also covers implementing and troubleshooting remote access policies, network address translation (NAT), and Internet connection sharing to provide remote access to network resources.

Education
1 of 50
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
Hands-On Microsoft Windows Server 2003 Administration Chapter 11 Administering Remote Access Services
2 Objectives • Configure remote access and virtual private network (VPN) connections • Implement and troubleshoot remote access policies • Configure and troubleshoot network address translation (NAT) • Configure and troubleshoot Internet connection sharing • Configure and manage Terminal Services
3 Configuring Remote Access and Virtual Private Network Connections • Remote access server – A computer running Windows Server 2003 and the Routing and Remote Access Service (RRAS) • RRAS authenticates remote or mobile users • Options for providing a connection to a network from a remote location – Dial-up connections – Virtual private network (VPN) connections
4 Configuring Remote Access and Virtual Private Network Connections (Continued) • Dial-up connections – Communication established via communication networks such as a Public Switched Telephone Network (PSTN) – Point-to-Point Protocol (PPP) • Enables remote access clients and servers to communicate over a dial-up connection from any operating system that supports the PPP standards
5 Configuring Remote Access and Virtual Private Network Connections (Continued) • VPN – Uses a LAN protocol and PPP, which are both encapsulated within a VPN protocol, to send data over a public network – Common VPN protocols • Point-to-Point Tunneling Protocol (PPTP) • Layer 2 Tunneling Protocol (L2TP)
6 • PPTP and L2TP are both used to establish a secure tunnel between two endpoints over an insecure network Configuring Remote Access and Virtual Private Network Connections (Continued)
7 • Remote access is implemented on a Windows Server 2003 system by configuring RRAS • Primary tasks for providing remote access: – Configure RRAS with the appropriate remote access configuration – Configure clients to connect to the RRAS server – Configure user rights, security, and conditions to successfully and securely connect to the RRAS server Configuring Remote Access and Virtual Private Network Connections (Continued)
8 Configuring Dial-Up Connections • Advantages of dial-up connections – Wide availability • Disadvantages of dial-up connections – Slow speed • 56-Kbps is the maximum connection speed using a single phone line – Unreliability
9 Configuring Dial-Up Connections (Continued) • To provide remote access to clients – Configure the physical modem on the server to which the clients connect – Configure Windows Server 2003 as a remote access server • Once the dial-up server is installed, you may want to – Configure IP-addressing options – Configure protocol options – Configure remote access clients
10 Implementing Virtual Private Network Access • A VPN – Can be created to • Ensure that data communication over a public network, such as the Internet, is secure • Connect two LANs, forming a type of WAN connection using the Internet as the backbone link between two locations – Can be created over any existing connection to the Internet, such as • Dial-up • Cable modem • Digital subscriber line (DSL)
11 Virtual private network (VPN)
12 Implementing Virtual Private Network Access (Continued) • To configure the client for VPN – The VPN connection is configured as a new network connection using the New Connection Wizard • To configure the server for VPN – RRAS is used to configure the VPN server
13 Configuring Remote Access Authentication • Windows Authentication – Used by default for client requests • Remote authentication dial-in user service (RADIUS) authentication – Can be chosen in environments with a configured RADIUS server • Authentication protocols enabled on a Windows Server 2003 RRAS system by default – EAP – MS-CHAP v2 – MS-CHAP
14 Configuring Remote Access Authentication (Continued) • Authentication protocols supported by Windows .NET Server – MS-CHAP – MS-CHAP v2 – CHAP – SPAP – PAP – EAP • EAP-MD5 • EAP-TLS • You also have the option of implementing unauthenticated remote access
15 Configuring Encryption Protocols • Encryption protocols – Used to encrypt the data sent between a client and an RAS server • When using MS-CHAP (v1 or v2) or EAP, two forms of encryption can be used – Microsoft Point-to-Point Encryption (MPPE) • Uses encryption keys varying in length from 40 bits to 128 bits • Used when IP security is not available – IP Security (IPSec) • Consists of a suite of cryptography-based protection services and protocols that provide machine-level authentication and data encryption
16 Configuring Encryption Protocols (Continued) • Encryption levels supported on an RRAS server – No Encryption – Basic – Strong – Strongest
17 Troubleshooting Remote Access • Possible solutions to dial-up or VPN connection problems – Verify that all dial-up credentials such as user name and password are correct – Ensure that remote access is enabled on the RRAS server – Check to see that ports such as PPTP or L2TP are enabled for inbound remote access connections – If attempting to connect to a VPN server using L2TP, ensure that the client has a computer certificate properly installed
18 Troubleshooting Remote Access (Continued) • Possible solutions to dial-up or VPN connection problems (Continued) – Ensure that the remote access server and remote access client are configured with at least one common authentication and encryption method between the two – Check the remote access policy to be sure that it is configured to allow access – Verify that there are enough addresses in the static IP address range
19 Troubleshooting Remote Access (Continued) • Possible solutions to dial-up or VPN connection problems (Continued) – Ensure that a DHCP Relay Agent has been configured – Ensure that packet filters are not being used that may restrict access – Check to be sure that the network adapter that is connected to the Internet is configured with a static IP address
20 Implementing and Troubleshooting Remote Access Policies • To grant users the ability to dial into an RRAS server, Windows Server 2003 uses both – Dial-in properties of user accounts – Remote access policies • By default, all user accounts in an Active Directory domain have the dial-in properties configured to the Control Access through Remote Access Policy setting
21 Elements of a Remote Access Policy • A remote access policy consists of – Conditions • Attributes that are compared to a connection attempt – Permissions • A combination of user account permissions as well as those defined in the policy – Profile • Consists of settings such as dial-in constraints, multilink properties, authentication protocols, and encryption properties • Each element of a remote access policy must be evaluated before a user is allowed to dial in
22 Creating a Remote Access Policy • When RRASs are installed, two default policies are created – Connections to Microsoft Routing and Remote Access server – Connections to other access servers • Remote Access Policies container – Found within the Routing and Remote Access snap-in – Lists all the remote access policies – Can be used to • Configure the order of policy processing • Add, delete, or edit individual policies
23 Creating a Remote Access Policy (Continued) • Additional settings can be configured with the default profile to further control which clients can access the RRAS server
24 Troubleshooting Remote Access Policies • Possible solutions to problems with remote access policies – Verify that the connection attempt matches the conditions of at least one remote access policy – Check to be sure the user is not a member of any groups that have been denied access – Ensure that the user attempting to connect has been granted permission to dial in either through a user account property or through a remote access policy
25 Troubleshooting Remote Access Policies (Continued) • Possible solutions to problems with remote access policies (Continued) – Verify dial-in settings configured for the user account are not conflicting with those of the remote access policy – Verify that the connection attempt matches all of the settings configured in the profile of the policy
26 Configuring and Troubleshooting Network Address Translation • Network address translation (NAT) – Allows a group of computers to access the Internet using a single Internet connection and a single IP address • Services provided by a computer running NAT – Address translation – IP addressing – Name resolution – Basic Firewall – Static Packet Filters
27 Installing NAT • If RRAS is not already installed – NAT can be configured by installing and enabling RRAS • If RRAS is already installed and configured – NAT can be added to the server manually • Routing and Remote Access snap-in – Can be used to configure the NAT protocol
28 Configuring NAT
29 Troubleshooting NAT • Possible problems and solutions – If clients are not receiving IP addresses from the NAT computer, verify that • NAT addressing has been enabled • There is no other DHCP server running on the network – If name resolution is not working for NAT clients, check • That name resolution has been enabled using the Name Resolution tab in the NAT properties dialog box • The configuration of the NAT computer using the ipconfig command to verify DNS settings
30 Troubleshooting NAT (Continued) • Possible problems and solutions (Continued) – If packets are not being properly translated, verify • That both the Internet and LAN interface have been added to the NAT protocol • The range of IP addresses that has been configured on the NAT computer • That IP packet filtering is not preventing certain Internet traffic from being sent and received
31 Configuring Internet Connection Sharing • Internet connection sharing (ICS) – Provides all computers on a LAN with complete access to Internet resources using a single public IP address – Provides the following for computers on the internal network • NAT services • IP addressing • Name resolution
32 Configuring Internet Connection Sharing (Continued) • After installing ICS on the computer connected to the Internet – The IP address of the internal network adapter is automatically set to 192.168.0.1 – A simplified version of DHCP is installed, which assigns internal clients an IP address (from the network ID of 192.168.0.0/24) – A DNS proxy service is installed to pass internal DNS requests to the DNS server that the computer running ICS is configured to use
33 Configuring Internet Connection Sharing (Continued) • ICS and NAT are both used to connect a small or home office to the Internet
34 Enabling ICS • Enabling ICS – Relatively straightforward – Does not require any configuration unless you want to change the applications and services that outside Internet users are able to access on an internal private network
35 Configuring Internet Connection Sharing for a dial-up connection
36 Troubleshooting ICS • Techniques to troubleshoot common problems – After ICS is installed, use the ipconfig command to verify that the network adapter has been assigned the IP address of 192.168.0.1 and the subnet mask is 255.255.255.0 – If client computers are unable to connect to the Internet • Use the ipconfig command to verify that – An IP address in the range of 192.168.0.2 through 192.168.0.254 has been assigned – The subnet mask is 255.255.255.0 – The default gateway is set to 192.168.0.1 • Use the ping command to verify – TCP/IP connectivity with the computer running ICS
37 Troubleshooting ICS (Continued) • Techniques to troubleshoot common problems (Continued) – Verify that there is no DHCP server already running on the network – If clients are unable to access the Internet using an FQDN, verify that the IP address of a DNS server is configured in the TCP/IP properties of the connection to the Internet – If clients can only connect to the Internet after you manually establish a connection, verify that demand dialing is enabled on the ICS computer
38 Configuring Terminal Services and Remote Desktop for Administration • Terminal Services – The ability of users to connect to a server for the purpose of running applications – Not installed unless explicitly added to a server by an administrator • Remote Desktop for Administration – The ability of an administrator to connect to a server for administration purposes – Installed as part of Windows Server 2003, but disabled by default
39 Enabling Remote Desktop for Administration • To enable Remote Desktop for Administration – Only a single setting in the Control Panel System program needs to be changed • Permissions regarding connecting to a server using Remote Desktop for Administration – By default, only members of the Administrators group are granted access – Additional users can be granted access via the System program
40 Enabling Remote Desktop for Administration
41 Enabling Remote Desktop for Administration (Continued) • To connect to a server using Remote Desktop for Administration – Users must access the Remote Desktop Connection software from their client system
42 Installing Terminal Services • To install Terminal Services – Use the Add/Remove Windows Components section from within the Add or Remove Programs applet found in Control Panel • To set up an application server – One Windows Server 2003 server on the network must be configured as a Terminal Services licensing server
43 Managing Terminal Services • Primary tools used for Terminal Services administration – Terminal Services Manager – Terminal Services Configuration – Terminal Services Licensing
44 Managing Terminal Services (Continued) • Connection settings for a Terminal Server are configured from the properties of a Terminal Server connection object
45 Managing Terminal Services (Continued) • Authentication – Can be set to use either no authentication or standard Windows authentication when the clients are Windows 95, 98, NT, or 2000 • Encryption options include – Client Compatible • All data sent from the client to the server is encrypted using a key based on the maximum strength supported on the client – High • Data sent from the client to the server and from the server to the client is encrypted using the highest encryption level available at the server
46 Terminal Services Client Software • %Systemroot%system32clientstsclientwin32 folder on the Terminal Server – Contains the files necessary to install the Remote Desktop Connection software that is used by clients to connect to a Windows Server 2003 Terminal Server • Installing applications – When you install Windows Server 2003 Terminal Server, applications need to be installed in a compatible mode for multiple users to access them simultaneously
47 Terminal Services Client Software (Continued) • Configuring Terminal Services User Properties – Extra tabs added when Terminal Server is installed • Terminal Services Profile • Remote control • Sessions • Environment
48 Summary • Remote access server – A computer running Windows Server 2003 with Routing and Remote Access Services installed and enabled – Authenticates remote and mobile users, providing a gateway to internal network resources • Remote access solutions include dial-up,VPN, and NAT • Each RAS server can be configured using the Routing and Remote Access console • Windows .NET Server supports two VPN protocols: PPTP and L2TP
49 Summary (Continued) • Authentication and encryption protocols can be used to secure communications between the RAS server and a dial-up client • Authentication protocols supported by Windows .NET Server – MS-CHAP v1 and v2, CHAP, SPAP, PAP, and EAP • Dial-in access can be controlled through user account properties and Remote Access policies • Remote Access policies consist of conditions, permissions, and profiles
50 Summary (Continued) • Network address translation (NAT) and Internet connection sharing (ICS) – Provide a way of connecting computers in a small or home office to the Internet using a single connection • Terminal Server – Enables clients to access applications on a terminal server • Remote Desktop for Administrators – Gives administrators the ability to remotely administer network servers

More Related Content

PPTX
6421 b Module-05
Bibekananada Jena
 
PPT
Network Access COntrol asdfcxzqwe asd asdd .ppt
jrsocmad
 
PPT
Vpnppt1884
Nisha Qazi
 
PPT
Network client configuration
Eduardo Cambinda
 
PPTX
6421 b Module-07
Bibekananada Jena
 
PPT
Network security chapter 6 and 7 internet architecture
Muhammad ismail Shah
 
PPTX
MTCNA Show.pptx
ahmedraed19
 
DOC
Wagner Desrosiers RESUME2
Wagner Desrosiers
 
6421 b Module-05
Bibekananada Jena
 
Network Access COntrol asdfcxzqwe asd asdd .ppt
jrsocmad
 
Vpnppt1884
Nisha Qazi
 
Network client configuration
Eduardo Cambinda
 
6421 b Module-07
Bibekananada Jena
 
Network security chapter 6 and 7 internet architecture
Muhammad ismail Shah
 
MTCNA Show.pptx
ahmedraed19
 
Wagner Desrosiers RESUME2
Wagner Desrosiers
 

Similar to 4966709.ppt (20)

PPT
Chapter08
Muhammad Ahad
 
PDF
Telecommunications and Network Security Presentation
Wajahat Rajab
 
PPTX
MVA slides lesson 6
Fabio Almeida- Oficina Eletrônica
 
PPTX
98 366 mva slides lesson 6
suddenven
 
PPTX
08. networking-part-2
Muhammad Ahad
 
PDF
Private cloud networking_cloudstack_days_austin
Chiradeep Vittal
 
DOC
amir_(1) (1) (1)
Mohammad Amir Alam
 
PDF
MTCNA knsakdn akdnd aknkfnknn ajfjbf.pdf
jahidcse38
 
PPT
Ciscorouterasavpnserver 100218045815-phpapp01
slavenvvv
 
DOC
Senthil _Updated _Resume_V1
Senthilkumar.K Senthilkumar.K
 
PDF
ITN3052_01_Routing_Concepts and advanced networking
zamna8043
 
PPT
Unit07
Nurul Nadirah
 
PPTX
VPN Network
Wani Zahoor
 
PPT
Material best practices in network security using ethical hacking
Desmond Devendran
 
PPTX
CCNA v6.0 ITN - Chapter 11
Irsandi Hasan
 
PDF
Brkcrt 2214
Mac An
 
PDF
Case mis ch06
Sanghyeok Park
 
PPTX
6421 b Module-09
Bibekananada Jena
 
PDF
PDF MCSE 70 293 Exam Prep Planning and Maintaining a Microsoft Windows Server...
ulaifemia
 
PPTX
Checkpoint Firewall for Dummies
sushmil123
 
Chapter08
Muhammad Ahad
 
Telecommunications and Network Security Presentation
Wajahat Rajab
 
MVA slides lesson 6
Fabio Almeida- Oficina Eletrônica
 
98 366 mva slides lesson 6
suddenven
 
08. networking-part-2
Muhammad Ahad
 
Private cloud networking_cloudstack_days_austin
Chiradeep Vittal
 
amir_(1) (1) (1)
Mohammad Amir Alam
 
MTCNA knsakdn akdnd aknkfnknn ajfjbf.pdf
jahidcse38
 
Ciscorouterasavpnserver 100218045815-phpapp01
slavenvvv
 
Senthil _Updated _Resume_V1
Senthilkumar.K Senthilkumar.K
 
ITN3052_01_Routing_Concepts and advanced networking
zamna8043
 
Unit07
Nurul Nadirah
 
VPN Network
Wani Zahoor
 
Material best practices in network security using ethical hacking
Desmond Devendran
 
CCNA v6.0 ITN - Chapter 11
Irsandi Hasan
 
Brkcrt 2214
Mac An
 
Case mis ch06
Sanghyeok Park
 
6421 b Module-09
Bibekananada Jena
 
PDF MCSE 70 293 Exam Prep Planning and Maintaining a Microsoft Windows Server...
ulaifemia
 
Checkpoint Firewall for Dummies
sushmil123
 

More from ImXaib (20)

PPTX
cellular-communication-system presentation.pptx
ImXaib
 
PPTX
informationandnetworksecurity16transpositionciphers-210723152730.pptx
ImXaib
 
PPTX
ALI HAMZAH PRESENTATION ON INFO SECURITY.pptx
ImXaib
 
PPTX
Advance Machine Learning presentation.pptx
ImXaib
 
PPTX
NEW METHODOLOGIES FOR IDENTIFYING CUSTOMER NEEDS FROM USER-GENERATED CONTENTS...
ImXaib
 
PPTX
ERD introduction in databases model.pptx
ImXaib
 
PPTX
SDA presentation the basics of computer science .pptx
ImXaib
 
PPTX
terminal a clear presentation on the topic.pptx
ImXaib
 
PPTX
What is Machine Learning_updated documents.pptx
ImXaib
 
PPTX
Grid Computing and it's applications.PPTX
ImXaib
 
PDF
Firewall.pdf
ImXaib
 
PPT
lecture2.ppt
ImXaib
 
PPTX
Tools.pptx
ImXaib
 
PPT
lec3_10.ppt
ImXaib
 
PPT
ch12.ppt
ImXaib
 
PPT
Fullandparavirtualization.ppt
ImXaib
 
PPT
mis9_ch08_ppt.ppt
ImXaib
 
PPT
rooster-ipsecindepth.ppt
ImXaib
 
PPT
Policy formation and enforcement.ppt
ImXaib
 
PPT
Database schema architecture.ppt
ImXaib
 
cellular-communication-system presentation.pptx
ImXaib
 
informationandnetworksecurity16transpositionciphers-210723152730.pptx
ImXaib
 
ALI HAMZAH PRESENTATION ON INFO SECURITY.pptx
ImXaib
 
Advance Machine Learning presentation.pptx
ImXaib
 
NEW METHODOLOGIES FOR IDENTIFYING CUSTOMER NEEDS FROM USER-GENERATED CONTENTS...
ImXaib
 
ERD introduction in databases model.pptx
ImXaib
 
SDA presentation the basics of computer science .pptx
ImXaib
 
terminal a clear presentation on the topic.pptx
ImXaib
 
What is Machine Learning_updated documents.pptx
ImXaib
 
Grid Computing and it's applications.PPTX
ImXaib
 
Firewall.pdf
ImXaib
 
lecture2.ppt
ImXaib
 
Tools.pptx
ImXaib
 
lec3_10.ppt
ImXaib
 
ch12.ppt
ImXaib
 
Fullandparavirtualization.ppt
ImXaib
 
mis9_ch08_ppt.ppt
ImXaib
 
rooster-ipsecindepth.ppt
ImXaib
 
Policy formation and enforcement.ppt
ImXaib
 
Database schema architecture.ppt
ImXaib
 

Recently uploaded (20)

PDF
Hospital Case Study .architecture design
Amlan Priyadarshan
 
PDF
African Communication Research: A review
AgathaMashindano1
 
PDF
Farming Based Livelihood Systems English Notes
Akhil Agriculture
 
PDF
LIFE & LIVING TRILOGY - PART (3) REALITY & MYSTERY.pdf
sureshkumarsoni26
 
PDF
M.Tech in Aerospace Engineering | BIT Mesra
BIT Mesra
 
PDF
Myanmar Dental Journal, The Journal of the Myanmar Dental Association (2015).pdf
Nay Aung
 
PDF
Horaris_Grups_25-26_Definitiu_15_07_25.pdf
rpujol11
 
PDF
Fun with Grammar (Communicative Activities for the Azar Grammar Series)
JohanaWulandari2
 
PDF
fundamentals-of-heat-and-mass-transfer-6th-edition_incropera.pdf
gloryjsingh
 
PDF
Journal of Dental Science - UDMY (2022).pdf
Nay Aung
 
PPTX
2025 High Blood Pressure Guideline Slide Set.pptx
Ramesh Kumar
 
PDF
Civil Department's presentation Your score increases as you pick a category
OperaVill
 
PDF
Literature_Review_methods_ BRACU_MKT426 course material
mokoto4834
 
PDF
Disorder of Endocrine system (1).pdfyyhyyyy
[email protected]
 
PDF
Journal of Dental Science - UDMY (2021).pdf
Nay Aung
 
PPTX
Integrated Management of Neonatal and Childhood Illnesses (IMNCI) – Unit IV |...
RAKESH SAJJAN
 
PPTX
Thinking Routines and Learning Engagements.pptx
n646vnqyjz
 
PDF
MICROENCAPSULATION_NDDS_BPHARMACY__SEM VII_PCI Syllabus.pdf
SabsKhan1
 
PDF
Chevening Scholarship Application and Interview Preparation Guide
Leneka Rhoden
 
PDF
PUBH1000 - Module 6: Global Health Tute Slides
Jonathan Hallett
 
Hospital Case Study .architecture design
Amlan Priyadarshan
 
African Communication Research: A review
AgathaMashindano1
 
Farming Based Livelihood Systems English Notes
Akhil Agriculture
 
LIFE & LIVING TRILOGY - PART (3) REALITY & MYSTERY.pdf
sureshkumarsoni26
 
M.Tech in Aerospace Engineering | BIT Mesra
BIT Mesra
 
Myanmar Dental Journal, The Journal of the Myanmar Dental Association (2015).pdf
Nay Aung
 
Horaris_Grups_25-26_Definitiu_15_07_25.pdf
rpujol11
 
Fun with Grammar (Communicative Activities for the Azar Grammar Series)
JohanaWulandari2
 
fundamentals-of-heat-and-mass-transfer-6th-edition_incropera.pdf
gloryjsingh
 
Journal of Dental Science - UDMY (2022).pdf
Nay Aung
 
2025 High Blood Pressure Guideline Slide Set.pptx
Ramesh Kumar
 
Civil Department's presentation Your score increases as you pick a category
OperaVill
 
Literature_Review_methods_ BRACU_MKT426 course material
mokoto4834
 
Disorder of Endocrine system (1).pdfyyhyyyy
[email protected]
 
Journal of Dental Science - UDMY (2021).pdf
Nay Aung
 
Integrated Management of Neonatal and Childhood Illnesses (IMNCI) – Unit IV |...
RAKESH SAJJAN
 
Thinking Routines and Learning Engagements.pptx
n646vnqyjz
 
MICROENCAPSULATION_NDDS_BPHARMACY__SEM VII_PCI Syllabus.pdf
SabsKhan1
 
Chevening Scholarship Application and Interview Preparation Guide
Leneka Rhoden
 
PUBH1000 - Module 6: Global Health Tute Slides
Jonathan Hallett
 

4966709.ppt

  • 1. Hands-On Microsoft Windows Server 2003 Administration Chapter 11 Administering Remote Access Services
  • 2. 2 Objectives • Configure remote access and virtual private network (VPN) connections • Implement and troubleshoot remote access policies • Configure and troubleshoot network address translation (NAT) • Configure and troubleshoot Internet connection sharing • Configure and manage Terminal Services
  • 3. 3 Configuring Remote Access and Virtual Private Network Connections • Remote access server – A computer running Windows Server 2003 and the Routing and Remote Access Service (RRAS) • RRAS authenticates remote or mobile users • Options for providing a connection to a network from a remote location – Dial-up connections – Virtual private network (VPN) connections
  • 4. 4 Configuring Remote Access and Virtual Private Network Connections (Continued) • Dial-up connections – Communication established via communication networks such as a Public Switched Telephone Network (PSTN) – Point-to-Point Protocol (PPP) • Enables remote access clients and servers to communicate over a dial-up connection from any operating system that supports the PPP standards
  • 5. 5 Configuring Remote Access and Virtual Private Network Connections (Continued) • VPN – Uses a LAN protocol and PPP, which are both encapsulated within a VPN protocol, to send data over a public network – Common VPN protocols • Point-to-Point Tunneling Protocol (PPTP) • Layer 2 Tunneling Protocol (L2TP)
  • 6. 6 • PPTP and L2TP are both used to establish a secure tunnel between two endpoints over an insecure network Configuring Remote Access and Virtual Private Network Connections (Continued)
  • 7. 7 • Remote access is implemented on a Windows Server 2003 system by configuring RRAS • Primary tasks for providing remote access: – Configure RRAS with the appropriate remote access configuration – Configure clients to connect to the RRAS server – Configure user rights, security, and conditions to successfully and securely connect to the RRAS server Configuring Remote Access and Virtual Private Network Connections (Continued)
  • 8. 8 Configuring Dial-Up Connections • Advantages of dial-up connections – Wide availability • Disadvantages of dial-up connections – Slow speed • 56-Kbps is the maximum connection speed using a single phone line – Unreliability
  • 9. 9 Configuring Dial-Up Connections (Continued) • To provide remote access to clients – Configure the physical modem on the server to which the clients connect – Configure Windows Server 2003 as a remote access server • Once the dial-up server is installed, you may want to – Configure IP-addressing options – Configure protocol options – Configure remote access clients
  • 10. 10 Implementing Virtual Private Network Access • A VPN – Can be created to • Ensure that data communication over a public network, such as the Internet, is secure • Connect two LANs, forming a type of WAN connection using the Internet as the backbone link between two locations – Can be created over any existing connection to the Internet, such as • Dial-up • Cable modem • Digital subscriber line (DSL)
  • 12. 12 Implementing Virtual Private Network Access (Continued) • To configure the client for VPN – The VPN connection is configured as a new network connection using the New Connection Wizard • To configure the server for VPN – RRAS is used to configure the VPN server
  • 13. 13 Configuring Remote Access Authentication • Windows Authentication – Used by default for client requests • Remote authentication dial-in user service (RADIUS) authentication – Can be chosen in environments with a configured RADIUS server • Authentication protocols enabled on a Windows Server 2003 RRAS system by default – EAP – MS-CHAP v2 – MS-CHAP
  • 14. 14 Configuring Remote Access Authentication (Continued) • Authentication protocols supported by Windows .NET Server – MS-CHAP – MS-CHAP v2 – CHAP – SPAP – PAP – EAP • EAP-MD5 • EAP-TLS • You also have the option of implementing unauthenticated remote access
  • 15. 15 Configuring Encryption Protocols • Encryption protocols – Used to encrypt the data sent between a client and an RAS server • When using MS-CHAP (v1 or v2) or EAP, two forms of encryption can be used – Microsoft Point-to-Point Encryption (MPPE) • Uses encryption keys varying in length from 40 bits to 128 bits • Used when IP security is not available – IP Security (IPSec) • Consists of a suite of cryptography-based protection services and protocols that provide machine-level authentication and data encryption
  • 16. 16 Configuring Encryption Protocols (Continued) • Encryption levels supported on an RRAS server – No Encryption – Basic – Strong – Strongest
  • 17. 17 Troubleshooting Remote Access • Possible solutions to dial-up or VPN connection problems – Verify that all dial-up credentials such as user name and password are correct – Ensure that remote access is enabled on the RRAS server – Check to see that ports such as PPTP or L2TP are enabled for inbound remote access connections – If attempting to connect to a VPN server using L2TP, ensure that the client has a computer certificate properly installed
  • 18. 18 Troubleshooting Remote Access (Continued) • Possible solutions to dial-up or VPN connection problems (Continued) – Ensure that the remote access server and remote access client are configured with at least one common authentication and encryption method between the two – Check the remote access policy to be sure that it is configured to allow access – Verify that there are enough addresses in the static IP address range
  • 19. 19 Troubleshooting Remote Access (Continued) • Possible solutions to dial-up or VPN connection problems (Continued) – Ensure that a DHCP Relay Agent has been configured – Ensure that packet filters are not being used that may restrict access – Check to be sure that the network adapter that is connected to the Internet is configured with a static IP address
  • 20. 20 Implementing and Troubleshooting Remote Access Policies • To grant users the ability to dial into an RRAS server, Windows Server 2003 uses both – Dial-in properties of user accounts – Remote access policies • By default, all user accounts in an Active Directory domain have the dial-in properties configured to the Control Access through Remote Access Policy setting
  • 21. 21 Elements of a Remote Access Policy • A remote access policy consists of – Conditions • Attributes that are compared to a connection attempt – Permissions • A combination of user account permissions as well as those defined in the policy – Profile • Consists of settings such as dial-in constraints, multilink properties, authentication protocols, and encryption properties • Each element of a remote access policy must be evaluated before a user is allowed to dial in
  • 22. 22 Creating a Remote Access Policy • When RRASs are installed, two default policies are created – Connections to Microsoft Routing and Remote Access server – Connections to other access servers • Remote Access Policies container – Found within the Routing and Remote Access snap-in – Lists all the remote access policies – Can be used to • Configure the order of policy processing • Add, delete, or edit individual policies
  • 23. 23 Creating a Remote Access Policy (Continued) • Additional settings can be configured with the default profile to further control which clients can access the RRAS server
  • 24. 24 Troubleshooting Remote Access Policies • Possible solutions to problems with remote access policies – Verify that the connection attempt matches the conditions of at least one remote access policy – Check to be sure the user is not a member of any groups that have been denied access – Ensure that the user attempting to connect has been granted permission to dial in either through a user account property or through a remote access policy
  • 25. 25 Troubleshooting Remote Access Policies (Continued) • Possible solutions to problems with remote access policies (Continued) – Verify dial-in settings configured for the user account are not conflicting with those of the remote access policy – Verify that the connection attempt matches all of the settings configured in the profile of the policy
  • 26. 26 Configuring and Troubleshooting Network Address Translation • Network address translation (NAT) – Allows a group of computers to access the Internet using a single Internet connection and a single IP address • Services provided by a computer running NAT – Address translation – IP addressing – Name resolution – Basic Firewall – Static Packet Filters
  • 27. 27 Installing NAT • If RRAS is not already installed – NAT can be configured by installing and enabling RRAS • If RRAS is already installed and configured – NAT can be added to the server manually • Routing and Remote Access snap-in – Can be used to configure the NAT protocol
  • 29. 29 Troubleshooting NAT • Possible problems and solutions – If clients are not receiving IP addresses from the NAT computer, verify that • NAT addressing has been enabled • There is no other DHCP server running on the network – If name resolution is not working for NAT clients, check • That name resolution has been enabled using the Name Resolution tab in the NAT properties dialog box • The configuration of the NAT computer using the ipconfig command to verify DNS settings
  • 30. 30 Troubleshooting NAT (Continued) • Possible problems and solutions (Continued) – If packets are not being properly translated, verify • That both the Internet and LAN interface have been added to the NAT protocol • The range of IP addresses that has been configured on the NAT computer • That IP packet filtering is not preventing certain Internet traffic from being sent and received
  • 31. 31 Configuring Internet Connection Sharing • Internet connection sharing (ICS) – Provides all computers on a LAN with complete access to Internet resources using a single public IP address – Provides the following for computers on the internal network • NAT services • IP addressing • Name resolution
  • 32. 32 Configuring Internet Connection Sharing (Continued) • After installing ICS on the computer connected to the Internet – The IP address of the internal network adapter is automatically set to 192.168.0.1 – A simplified version of DHCP is installed, which assigns internal clients an IP address (from the network ID of 192.168.0.0/24) – A DNS proxy service is installed to pass internal DNS requests to the DNS server that the computer running ICS is configured to use
  • 33. 33 Configuring Internet Connection Sharing (Continued) • ICS and NAT are both used to connect a small or home office to the Internet
  • 34. 34 Enabling ICS • Enabling ICS – Relatively straightforward – Does not require any configuration unless you want to change the applications and services that outside Internet users are able to access on an internal private network
  • 35. 35 Configuring Internet Connection Sharing for a dial-up connection
  • 36. 36 Troubleshooting ICS • Techniques to troubleshoot common problems – After ICS is installed, use the ipconfig command to verify that the network adapter has been assigned the IP address of 192.168.0.1 and the subnet mask is 255.255.255.0 – If client computers are unable to connect to the Internet • Use the ipconfig command to verify that – An IP address in the range of 192.168.0.2 through 192.168.0.254 has been assigned – The subnet mask is 255.255.255.0 – The default gateway is set to 192.168.0.1 • Use the ping command to verify – TCP/IP connectivity with the computer running ICS
  • 37. 37 Troubleshooting ICS (Continued) • Techniques to troubleshoot common problems (Continued) – Verify that there is no DHCP server already running on the network – If clients are unable to access the Internet using an FQDN, verify that the IP address of a DNS server is configured in the TCP/IP properties of the connection to the Internet – If clients can only connect to the Internet after you manually establish a connection, verify that demand dialing is enabled on the ICS computer
  • 38. 38 Configuring Terminal Services and Remote Desktop for Administration • Terminal Services – The ability of users to connect to a server for the purpose of running applications – Not installed unless explicitly added to a server by an administrator • Remote Desktop for Administration – The ability of an administrator to connect to a server for administration purposes – Installed as part of Windows Server 2003, but disabled by default
  • 39. 39 Enabling Remote Desktop for Administration • To enable Remote Desktop for Administration – Only a single setting in the Control Panel System program needs to be changed • Permissions regarding connecting to a server using Remote Desktop for Administration – By default, only members of the Administrators group are granted access – Additional users can be granted access via the System program
  • 40. 40 Enabling Remote Desktop for Administration
  • 41. 41 Enabling Remote Desktop for Administration (Continued) • To connect to a server using Remote Desktop for Administration – Users must access the Remote Desktop Connection software from their client system
  • 42. 42 Installing Terminal Services • To install Terminal Services – Use the Add/Remove Windows Components section from within the Add or Remove Programs applet found in Control Panel • To set up an application server – One Windows Server 2003 server on the network must be configured as a Terminal Services licensing server
  • 43. 43 Managing Terminal Services • Primary tools used for Terminal Services administration – Terminal Services Manager – Terminal Services Configuration – Terminal Services Licensing
  • 44. 44 Managing Terminal Services (Continued) • Connection settings for a Terminal Server are configured from the properties of a Terminal Server connection object
  • 45. 45 Managing Terminal Services (Continued) • Authentication – Can be set to use either no authentication or standard Windows authentication when the clients are Windows 95, 98, NT, or 2000 • Encryption options include – Client Compatible • All data sent from the client to the server is encrypted using a key based on the maximum strength supported on the client – High • Data sent from the client to the server and from the server to the client is encrypted using the highest encryption level available at the server
  • 46. 46 Terminal Services Client Software • %Systemroot%system32clientstsclientwin32 folder on the Terminal Server – Contains the files necessary to install the Remote Desktop Connection software that is used by clients to connect to a Windows Server 2003 Terminal Server • Installing applications – When you install Windows Server 2003 Terminal Server, applications need to be installed in a compatible mode for multiple users to access them simultaneously
  • 47. 47 Terminal Services Client Software (Continued) • Configuring Terminal Services User Properties – Extra tabs added when Terminal Server is installed • Terminal Services Profile • Remote control • Sessions • Environment
  • 48. 48 Summary • Remote access server – A computer running Windows Server 2003 with Routing and Remote Access Services installed and enabled – Authenticates remote and mobile users, providing a gateway to internal network resources • Remote access solutions include dial-up,VPN, and NAT • Each RAS server can be configured using the Routing and Remote Access console • Windows .NET Server supports two VPN protocols: PPTP and L2TP
  • 49. 49 Summary (Continued) • Authentication and encryption protocols can be used to secure communications between the RAS server and a dial-up client • Authentication protocols supported by Windows .NET Server – MS-CHAP v1 and v2, CHAP, SPAP, PAP, and EAP • Dial-in access can be controlled through user account properties and Remote Access policies • Remote Access policies consist of conditions, permissions, and profiles
  • 50. 50 Summary (Continued) • Network address translation (NAT) and Internet connection sharing (ICS) – Provide a way of connecting computers in a small or home office to the Internet using a single connection • Terminal Server – Enables clients to access applications on a terminal server • Remote Desktop for Administrators – Gives administrators the ability to remotely administer network servers