windows network administration chapter 10
DESCRIPTION
TRANSCRIPT
![Page 1: Windows Network Administration Chapter 10](https://reader033.vdocuments.net/reader033/viewer/2022061223/54c432aa4a7959302b8b4628/html5/thumbnails/1.jpg)
Windows Network Administration
Chapter 10 Administering Routing and Remote Access
![Page 2: Windows Network Administration Chapter 10](https://reader033.vdocuments.net/reader033/viewer/2022061223/54c432aa4a7959302b8b4628/html5/thumbnails/2.jpg)
Introduction
• Routing and Remote Access Service (RRAS)– Enables users to connect to LAN from remote
computer
• Windows Dial-up Networking (DUN)– Allows modem dial-up connection/modem to work
like LAN interface– Allows servers to host one or more dial-up
network users– Infrastructure:
• Modem• POTS / ISDN
![Page 3: Windows Network Administration Chapter 10](https://reader033.vdocuments.net/reader033/viewer/2022061223/54c432aa4a7959302b8b4628/html5/thumbnails/3.jpg)
Point-to-Point Protocol (PPP)
• Allows two devices to establish TCP/IP connection over serial link
• Three phases• Protocols:
– Link Control Protocol (LCP)– Challenge Handshake Authentication Protocol
(CHAP)– Callback Control Protocol (CBCP)– Compression Control Protocol (CCP)– IP Control Protocol (IPCP)– Internet Protocol (IP)
• Encapsulation• Multilink extensions
![Page 4: Windows Network Administration Chapter 10](https://reader033.vdocuments.net/reader033/viewer/2022061223/54c432aa4a7959302b8b4628/html5/thumbnails/4.jpg)
Three Phases of PPP
![Page 5: Windows Network Administration Chapter 10](https://reader033.vdocuments.net/reader033/viewer/2022061223/54c432aa4a7959302b8b4628/html5/thumbnails/5.jpg)
Virtual Private Networking
• VPN: Private networking using Internet connection
• Encrypted tunnels• Windows Server 2003 VPN support
– Point-to-Point Tunneling Protocol (PPTP)– Layer 2 Tunneling Protocol (L2TP)
![Page 6: Windows Network Administration Chapter 10](https://reader033.vdocuments.net/reader033/viewer/2022061223/54c432aa4a7959302b8b4628/html5/thumbnails/6.jpg)
Virtual Private Networking
![Page 7: Windows Network Administration Chapter 10](https://reader033.vdocuments.net/reader033/viewer/2022061223/54c432aa4a7959302b8b4628/html5/thumbnails/7.jpg)
How VPNs Work
• Connection process:1. Client establishes Internet connection2. Client sends VPN request to server
• Request Format varies (PPTP, L2TP)
3. Client authenticates to server• Authentication process varies (PPTP, L2TP)
4. Client/server negotiation for VPN session• Encryption algorithm and strength
5. Client/server PPP negotiation
![Page 8: Windows Network Administration Chapter 10](https://reader033.vdocuments.net/reader033/viewer/2022061223/54c432aa4a7959302b8b4628/html5/thumbnails/8.jpg)
VPNs
• VPN packets– Encrypted by VPN software– Encapsulated inside regular IP packets
• VPN encapsulation1. Data packet created2. IP stack adds TCP and IP headers: IP datagram3. Add PPP header: PPP frame4. VPN software encrypts PPP frame5. Add GRE header: Encapsulated PPTP packet6. PPTP stack adds IP header and PPP header7. Packet sent
![Page 9: Windows Network Administration Chapter 10](https://reader033.vdocuments.net/reader033/viewer/2022061223/54c432aa4a7959302b8b4628/html5/thumbnails/9.jpg)
VPN Encapsulation
![Page 10: Windows Network Administration Chapter 10](https://reader033.vdocuments.net/reader033/viewer/2022061223/54c432aa4a7959302b8b4628/html5/thumbnails/10.jpg)
PPTP and L2TP
• PPTP– Encryption using Microsoft Point-to-Point
Encryption (MPPE)– Authenticates to server with
challenge/response process• L2TP
– More general purpose than PPTP– No native encryption or authentication– Used with IPsec for security
• ISAKMP, Oakley protocols for creating encrypted channel before establishing tunnel
![Page 11: Windows Network Administration Chapter 10](https://reader033.vdocuments.net/reader033/viewer/2022061223/54c432aa4a7959302b8b4628/html5/thumbnails/11.jpg)
Configuring Routing
• Windows Server 2003 RRAS– Fully functional multiprotocol router– To use as additional router
• Activate and configure RRAS
– To use as IP router• Add demand-dial interfaces for demand-dialing• Give each routable interface network address • Install and configure routing protocols on
interfaces
– RRAS Setup Wizard
![Page 12: Windows Network Administration Chapter 10](https://reader033.vdocuments.net/reader033/viewer/2022061223/54c432aa4a7959302b8b4628/html5/thumbnails/12.jpg)
RRAS Snap-in: Network Interfaces Node
![Page 13: Windows Network Administration Chapter 10](https://reader033.vdocuments.net/reader033/viewer/2022061223/54c432aa4a7959302b8b4628/html5/thumbnails/13.jpg)
Local Area Connection Properties
![Page 14: Windows Network Administration Chapter 10](https://reader033.vdocuments.net/reader033/viewer/2022061223/54c432aa4a7959302b8b4628/html5/thumbnails/14.jpg)
Setting Up Demand-Dial Interfaces
• Demand-Dial Interface Wizard– Interface Name page– Connection Type page
• Physical device or VPN connection– Depending on connection type
• Select a Device page• VPN Type page
– Network Address / Phone Number page– Protocols and Security page– Dial-In Credentials page– Dial-Out Credentials page
![Page 15: Windows Network Administration Chapter 10](https://reader033.vdocuments.net/reader033/viewer/2022061223/54c432aa4a7959302b8b4628/html5/thumbnails/15.jpg)
Demand-Dial Interface Wizard
![Page 16: Windows Network Administration Chapter 10](https://reader033.vdocuments.net/reader033/viewer/2022061223/54c432aa4a7959302b8b4628/html5/thumbnails/16.jpg)
Demand-Dial Interface Wizard
![Page 17: Windows Network Administration Chapter 10](https://reader033.vdocuments.net/reader033/viewer/2022061223/54c432aa4a7959302b8b4628/html5/thumbnails/17.jpg)
Demand-Dial Interface Wizard
![Page 18: Windows Network Administration Chapter 10](https://reader033.vdocuments.net/reader033/viewer/2022061223/54c432aa4a7959302b8b4628/html5/thumbnails/18.jpg)
Configuring IP Routing Properties
![Page 19: Windows Network Administration Chapter 10](https://reader033.vdocuments.net/reader033/viewer/2022061223/54c432aa4a7959302b8b4628/html5/thumbnails/19.jpg)
Managing Static Routes
• Create static routes to populate routing table
• Static routes:– Combine network address with subnet
mask to provide list of destinations
• To create static route:– Static Route dialog box, or– route add command
route add destination mask netmask gateway metric interface
![Page 20: Windows Network Administration Chapter 10](https://reader033.vdocuments.net/reader033/viewer/2022061223/54c432aa4a7959302b8b4628/html5/thumbnails/20.jpg)
Managing Static Routes
![Page 21: Windows Network Administration Chapter 10](https://reader033.vdocuments.net/reader033/viewer/2022061223/54c432aa4a7959302b8b4628/html5/thumbnails/21.jpg)
Configuring Remote Access
• General configuration of RAS• Server Properties dialog box
– General tab: Whether to allow remote connections
– Protocol specific tabs: What protocols to support and their settings
– Security tab: Security settings– PPP tab: Which PPP protocols clients may
use– Logging tab: Level of log detail
![Page 22: Windows Network Administration Chapter 10](https://reader033.vdocuments.net/reader033/viewer/2022061223/54c432aa4a7959302b8b4628/html5/thumbnails/22.jpg)
Configuring Remote Access
![Page 23: Windows Network Administration Chapter 10](https://reader033.vdocuments.net/reader033/viewer/2022061223/54c432aa4a7959302b8b4628/html5/thumbnails/23.jpg)
Configuring Remote Access
![Page 24: Windows Network Administration Chapter 10](https://reader033.vdocuments.net/reader033/viewer/2022061223/54c432aa4a7959302b8b4628/html5/thumbnails/24.jpg)
Configuring VPN Access
• VPN: – Sits between internal network and
Internet
• VPN server:– Should be outside any firewalls or
network security measures
![Page 25: Windows Network Administration Chapter 10](https://reader033.vdocuments.net/reader033/viewer/2022061223/54c432aa4a7959302b8b4628/html5/thumbnails/25.jpg)
Configuring VPN Access
![Page 26: Windows Network Administration Chapter 10](https://reader033.vdocuments.net/reader033/viewer/2022061223/54c432aa4a7959302b8b4628/html5/thumbnails/26.jpg)
Configuring VPN Access
• Common configuration: Two NICs:– One connects to Internet– Other connects either to:
• Private network, OR • Intermediate network connected to private
network
• Converting RRAS server to handle VPN traffic
![Page 27: Windows Network Administration Chapter 10](https://reader033.vdocuments.net/reader033/viewer/2022061223/54c432aa4a7959302b8b4628/html5/thumbnails/27.jpg)
Configuring VPN Access
![Page 28: Windows Network Administration Chapter 10](https://reader033.vdocuments.net/reader033/viewer/2022061223/54c432aa4a7959302b8b4628/html5/thumbnails/28.jpg)
Configuring a VPN
• Adjust number and kind of VPN ports• Enable or disable PPTP or L2TP• Ports Properties dialog box
– List of hardware ports– Two WAN miniport devices (virtual ports)
• PPTP• L2TP
– Configure Device dialog box
![Page 29: Windows Network Administration Chapter 10](https://reader033.vdocuments.net/reader033/viewer/2022061223/54c432aa4a7959302b8b4628/html5/thumbnails/29.jpg)
Configuring a VPN
![Page 30: Windows Network Administration Chapter 10](https://reader033.vdocuments.net/reader033/viewer/2022061223/54c432aa4a7959302b8b4628/html5/thumbnails/30.jpg)
Remote Access Security
• To control who uses remote access services– Set up remote access profiles on
individual accounts– Create and manage remote access
policies that apply to groups of users
![Page 31: Windows Network Administration Chapter 10](https://reader033.vdocuments.net/reader033/viewer/2022061223/54c432aa4a7959302b8b4628/html5/thumbnails/31.jpg)
Configuring User Access
• Profile: – User account information– Typically stored in Active Directory
• Two user management snap-ins– If RRAS is part of Active Directory domain:
• Active Directory Users and Computers
– If RRAS is not part of Active Directory domain
• Local Users and Groups
• Dial-in tab of user’s Properties dialog box
![Page 32: Windows Network Administration Chapter 10](https://reader033.vdocuments.net/reader033/viewer/2022061223/54c432aa4a7959302b8b4628/html5/thumbnails/32.jpg)
Configuring User Access
![Page 33: Windows Network Administration Chapter 10](https://reader033.vdocuments.net/reader033/viewer/2022061223/54c432aa4a7959302b8b4628/html5/thumbnails/33.jpg)
Remote Access Policies
• Remote access policies– To determine who can connect– Each user has single policy applied when
connecting– Three components
• Conditions• Permissions• Profile
– Ordering and application of policies• Caller must match all conditions of policy• First policy to match caller is used
![Page 34: Windows Network Administration Chapter 10](https://reader033.vdocuments.net/reader033/viewer/2022061223/54c432aa4a7959302b8b4628/html5/thumbnails/34.jpg)
Configuring Remote Access Policies
• RRAS snap-in– Remote Access Policies folder– New Remote Access Policy Wizard
• Policy Configuration Method page• Policy Conditions page
– Select Attribute dialog box
• Permissions page
![Page 35: Windows Network Administration Chapter 10](https://reader033.vdocuments.net/reader033/viewer/2022061223/54c432aa4a7959302b8b4628/html5/thumbnails/35.jpg)
Configuring Remote Access Policies
![Page 36: Windows Network Administration Chapter 10](https://reader033.vdocuments.net/reader033/viewer/2022061223/54c432aa4a7959302b8b4628/html5/thumbnails/36.jpg)
Configuring Remote Access Policies
![Page 37: Windows Network Administration Chapter 10](https://reader033.vdocuments.net/reader033/viewer/2022061223/54c432aa4a7959302b8b4628/html5/thumbnails/37.jpg)
Configuring Remote Access Policies
![Page 38: Windows Network Administration Chapter 10](https://reader033.vdocuments.net/reader033/viewer/2022061223/54c432aa4a7959302b8b4628/html5/thumbnails/38.jpg)
Using Remote Access Profiles
• Remote Access profiles– Settings to determine what happens during call setup
and completion
• Each policy has associated profile– Profile determines settings for connections that meet
policy conditions
• Profile Properties dialog box– Dial-In Constraints tab– IP tab– Multilink tab– Authentication tab– Encryption tab– Advanced tab
![Page 39: Windows Network Administration Chapter 10](https://reader033.vdocuments.net/reader033/viewer/2022061223/54c432aa4a7959302b8b4628/html5/thumbnails/39.jpg)
Using Remote Access Profiles
![Page 40: Windows Network Administration Chapter 10](https://reader033.vdocuments.net/reader033/viewer/2022061223/54c432aa4a7959302b8b4628/html5/thumbnails/40.jpg)
Using Remote Access Profiles
![Page 41: Windows Network Administration Chapter 10](https://reader033.vdocuments.net/reader033/viewer/2022061223/54c432aa4a7959302b8b4628/html5/thumbnails/41.jpg)
Using Remote Access Profiles