配配配配配配 配配配配配配
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
配置远程访问配置远程访问
概述概述
• 在 Windows 2000 中检测远程访问• 配置入站连接• 配置出站连接 • 配置多链路连接• 配置身份验证协议• 配置加密协议• 为 DHCP 集成配置路由和远程访问
在 在 Windows 2000Windows 2000 中检测远程访问中检测远程访问
• 建立远程访问连接• 数据传输协议• 虚拟专用网络协议( VPN )
建立远程访问连接建立远程访问连接
LAN Protocols
Remote Access Protocols
Local Area Network
LAN Protocols
LAN Protocols
Remote Access
ProtocolsRemote Access
Protocols
InternetInternet
Remote Access Client
Remote Access Server
数据传输协议数据传输协议
Remote Access Server
Remote Access Client
PPPPPP
SLIP (client only)SLIP (client only)
Microsoft RASMicrosoft RAS
ARAP (server only)ARAP (server only)
TCP/IPTCP/IP
NWLinkNWLink
NetBEUINetBEUI
AppleTalkAppleTalk
Remote Access ProtocolsRemote Access Protocols LAN ProtocolsLAN Protocols
虚拟专用网络协议(虚拟专用网络协议( VPNVPN ))
Client Server
PPTPPPTP
Internetwork Must Be IP BasedInternetwork Must Be IP Based
No Header CompressionNo Header Compression
No Tunnel AuthenticationNo Tunnel Authentication
Built-in PPP EncryptionBuilt-in PPP Encryption
L2TPL2TP
Internetwork Can Be IP, Frame Relay, X.25, or ATM Based
Internetwork Can Be IP, Frame Relay, X.25, or ATM Based
Header CompressionHeader Compression
Tunnel AuthenticationTunnel Authentication
Uses IPSec EncryptionUses IPSec Encryption
InternetInternet
PPTP or L2TP
配置远程访问连接配置远程访问连接• 配置远程访问服务• 配置虚拟专用网络端口• 配置调制解调器和电缆端口• 配置用户拨入设置
启动远程访问服务启动远程访问服务Routing and Remote Access
Routing and Remote AccessServer Status
SERVERX (local)
Action View
Configure and Enable Routing and Remote Access
Disable Routing and Remote AccessDisable Routing and Remote Access
Delete
Refresh
Export List...
Properties
Help
All Tasks
View
配置虚拟专用网络端口配置虚拟专用网络端口Routing and Remote Access
Action View
Routing and Remote Access
Server StatusSERVERX (local)
PortsDial-In Clients (0)IP RoutingRemote Access Policies
Name Device Comment Status
Ports
WAN Miniport (PPTP)(VPN3-4) VPN Inactive
WAN Miniport (PPTP)(VPN3-3) VPN Inactive
WAN Miniport (PPTP)(VPN3-2) VPN Inactive
WAN Miniport (PPTP)(VPN3-1) VPN Inactive
WAN Miniport (PPTP)(VPN3-0) VPN Inactive
WAN Miniport (L2TP)(VPN2-4) VPN Inactive
WAN Miniport (L2TP)(VPN2-3) VPN Inactive
WAN Miniport (L2TP)(VPN2-2) VPN Inactive
WAN Miniport (L2TP)(VPN2-1) VPN Inactive
WAN Miniport (L2TP)(VPN2-0) VPN Inactive
Direct Parallel (LPT1) PARALLEL Inactive
Modem (COM 3) MODEM Inactive
PPTP PortsPPTP Ports
L2TP PortsL2TP Ports
Cable and Modem Ports
Cable and Modem Ports
配置调制解调器和电缆端口配置调制解调器和电缆端口Ports Properties
RAS Device Configuration
In the list below, select those devices which can be used by the Routing and Remote Access Services.
Devices:
Usage Device Type Num...RasRasNone
WAN Miniport (PPTP)WAN Miniport (L2TP)Direct Parallel
PPTPL2TPParallel
551
Configure
Configure ports - WAN Miniport (PPTP)
You can enable this device to accept inbound remote access requests and to enable demand-dial routing connections.
Remote access (inbound)
Demand-dial routing (inbound/outbound)
Phone number of this device:
Ports
You can adjust the port limit for a device which supports dynamic ports (such as virtual circuits).
Maximum ports: 5
OK Cancel
Ports, Grouped By Type
Ports, Grouped By Type
Function of PortFunction of Port
Phone Number(if applicable)
Phone Number(if applicable)
Number of Virtual PortsNumber of
Virtual Ports
配置用户拨入设置配置用户拨入设置User1 Properties
General Address Account Profile Telephones Organization
Member Of Environment TimeoutsDial-in
Remote Access Permission (Dial-in or VPN)
Callback Options
Apply Static Routes
Allow access
Deny access
Control access through Remote Access Policy
Verify Caller-ID:
No Callback
Set by Caller (Routing and Remote Access Service only)
Always Callback to:
Assign Static IP Address
Define routes to enable for this Dial-inconnection.
OK Cancel ApplyApply
Static Routes...Static Routes...
PermissionsPermissions
Caller IDCaller ID
CallbackCallback
IP RoutingIP Routing
配置出站连接配置出站连接• 考查硬件选项• 创建拨号连接• 连接到虚拟专用网• 通过电缆直接连接
考查硬件选项考查硬件选项Connection Methods
PSTN
ISDN
Cable Modem
X.25
Direct Connection
创建拨号连接创建拨号连接
Network Connection TypeYou can choose the type of network connection...
Network Connection TypeYou can choose the type of network connection...
Network Connection Wizard
Dial-up to private network
Dial-up to the Internet
Connect using my phone line (modem or ISDN)
Connect to the Internet using my phone line (modem or ISDN)
ClientClient RemoteAccess Server
ClientClient
ISP Server
InternetInternet
连接到虚拟专用网连接到虚拟专用网
Windows 2000 VPN Server
Internet Adapter
Intranet Adapter
CorporateIntranet
VPN Remote Access Client
InternetInternet
TunnelTunnel
通过电缆直接连接通过电缆直接连接
Host
Guest
This computer has the information you want to access.
Host or GuestTo connect two computers, specify which one you are using.
Host or GuestTo connect two computers, specify which one you are using.
Network Connection Wizard
Choose the role you want for this computer
This computer will be used to access information on the host computer.Select a Device
This is the device that will be used to make the connection.
Select a DeviceThis is the device that will be used to make the connection.
Network Connection Wizard
Select a device:
Communications Port (Com1)Communications Port (Com1)
Communications Port (Com1)
Communications Port (Com2)
Direct Parallel (LPT1)
Communications Port (Com1)
Communications Port (Com2)
Direct Parallel (LPT1)
Communications Port (Com1)
配置身份验证协议配置身份验证协议
• 标准身份验证协议• 可扩展的身份验证协议
标准身份验证协议标准身份验证协议ProtocolProtocolProtocolProtocol SecuritySecuritySecuritySecurity
PAPPAP 低低
SPAPSPAP 中中
CHAPCHAP 高高
MS-CHAPMS-CHAP 高高
Use whenUse whenUse whenUse when
The client and server cannot negotiate using more secure validationThe client and server cannot negotiate using more secure validation
Connecting a Shiva LANRover and Windows 2000–based client or a Shiva client and a Windows 2000–based remote access server
Connecting a Shiva LANRover and Windows 2000–based client or a Shiva client and a Windows 2000–based remote access server
You have clients that are not running Microsoft operating systemsYou have clients that are not running Microsoft operating systems
You have clients running Windows NT version 4.0 and later or, Microsoft Windows 95 and later
You have clients running Windows NT version 4.0 and later or, Microsoft Windows 95 and later
MS-CHAPv2
MS-CHAPv2 高高
You have dial-up clients running Windows 2000, or VPN clients running Windows NT 4.0 or Windows 98
You have dial-up clients running Windows 2000, or VPN clients running Windows NT 4.0 or Windows 98
可扩展的身份验证协议可扩展的身份验证协议• 允许客户和服务器协商他们将使用的身份
验证方法• 支持所使用的身份验证
– MD5-CHAP– 传输层安全性– 附加的第三方的身份验证方法
• 确保支持通过 API 进行身份验证的方法
配置加密协议配置加密协议Edit Dial-in Profile
Dial-in Constraints IP MultilinkAdvancedEncryptionAuthentication
NOTE: These encryption settings apply only to the Windows 2000 Routing and Remote Access Service.
Select the level(s) of encryption that should be allowed by this profile.
No Encryption
Basic
Strong
Strongest
OK Cancel Apply
Members of this group dial-in profile can use IPSec 56-bit Data Encryption Standard (DES) or MPPE 40-bit data
encryption
Members of this group dial-in profile can use IPSec 56-bit Data Encryption Standard (DES) or MPPE 40-bit data
encryption
Members of this group dial-in profile can use IPSec 56-bit
DES or MPPE 56-bit data encryption
Members of this group dial-in profile can use IPSec 56-bit
DES or MPPE 56-bit data encryption
Members of this group dial-in profile can use IPSec Triple DES (3DES) or MPPE 128-bit
data encryption
Members of this group dial-in profile can use IPSec Triple DES (3DES) or MPPE 128-bit
data encryption
为为 DHCP DHCP 集成配置路由和远程访问集成配置路由和远程访问
• 利用 DHCP 将 IP 地址分配给远程访问客户机
• 为使用 DHCP 而配置路由和远程访问
利用 利用 DHCPDHCP 将 将 IPIP 地址分配给远地址分配给远程访问客户机程访问客户机
• If DHCP Server is Available
• If DHCP Server is Unavailable
Remote Access Server Obtains 10 IP Addresses at a TimeRemote Access Server Obtains 10 IP Addresses at a Time
Remote Access Server Uses Automatic Private IP Addressing
Remote Access Server Uses Automatic Private IP Addressing
为使用为使用 DHCPDHCP 而配置路由和远程访而配置路由和远程访问问
General Security IP PPP Event Logging
Enable IP routingAllow IP-based remote access and demand-dial connectionsIP address assignment
This server can assign IP addresses by using:
Dynamic Host Configuration Protocol (DHCP)
Static address pool
From To Number IP Add… Mask
Add…Add… Edit…Edit… RemoveRemove
Use the following adapter to obtain DHCP, DNS, and WINS addresses for dial-up clients.Adapter:
OK Cancel Apply
LONDON (local) Properties
Corpnet:
复习复习• 在 Windows 2000 中检测远程访问• 配置入站连接• 配置出站连接 • 配置身份验证协议• 配置加密协议• 为 DHCP 集成配置路由和远程访问
Related Documents
