(Skill 5). Introducing Routing and Remote Access Service (RRAS). Routing and Remote Access Service (RRAS) - PowerPoint PPT Presentation
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment
Lesson 11: Introducing WINS, DNS, and RRAS
Routing and Remote Access Service (RRAS) Can be configured on a Windows Server 2003 computer
to create a remote access service (RAS) server that can manage hundreds of concurrent dial-up connections or to receive Virtual Private Network (VPN) connections on the internal network
Can also be configured to provide shared Internet access using Network Address Translation (NAT) or to create a secure connection between two servers on the Internet connecting two LANs
(Skill 5)
Introducing Routing and Remote Access Service (RRAS)
Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment
Lesson 11: Introducing WINS, DNS, and RRAS
PPP supports many networking and authentication protocols Password Authentication Protocol (PAP)
The least secure authentication protocol Uses plain text passwords for authentication
Shiva Password Authentication Protocol (SPAP) An authentication protocol used to connect to a Shiva server More secure than PAP; less secure than CHAP or MS-CHAP
Challenge Handshake Authentication Protocol (CHAP) Sends a challenge message to the client, the client applies an
algorithm to the message to calculate a hash value (a fixed-length number), and sends the value to the server
The server also calculates a value and compares it to the client’s If the values match, a connection is established
Introducing Routing and Remote Access Service (RRAS) (5)
Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment
Lesson 11: Introducing WINS, DNS, and RRAS
Types of dial-up equipment used to establish a connection between a remote network and a remote access clientPOTS (Plain Old Telephone System) ISDN (Integrated Services Digital Network)DSL (Digital Subscriber Line)Cable modem linesFrame relayLeased telecommunication linesModems (asynchronous and synchronous)
Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment
Lesson 11: Introducing WINS, DNS, and RRAS
Remote access profile settings Allowed dial-in days and times Connection limits Allowed dial-in media and phone numbers Authentication settings Encryption settings
Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment
Lesson 11: Introducing WINS, DNS, and RRAS
Use the Edit Dial-in Profile dialog box to configure a remote access profile Dial-in Constraints tab is used to specify the dial-in number and
the type of media to be used for a connection IP tab is used to set the IP properties for a connection Multilink tab is used to configure the RRAS server to handle
multilink calls and to specify the number of ports a single remote client can use at one time
Authentication tab is used to set the authentication protocols (PAP, SPAP, CHAP, MS-CHAP, MS-CHAP v2, EAP)
Encryption tab is used to specify the type of encryption for remote access clients (no encryption, basic, strong, or strongest)
Advanced tab is used to configure connection attributes (RADIUS, frame types, AppleTalk zones, special filters, etc.)
Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment
Lesson 11: Introducing WINS, DNS, and RRAS
Figure 11-54 The Dial-in tab in the Properties dialog box for a user
(Skill 8)
Only available in Windows 2000 native mode or Windows 2003 mode domains. When this option is set, the permissions configured in the remote access policy are checked. If they are set to Grant, the profile is applied. If they are set to Deny, the caller is disconnected.
Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment
Lesson 11: Introducing WINS, DNS, and RRAS
Figure 11-57 The Add IP Filter dialog box
(Skill 8)
You can create an IP packet filter to control the allowed upper-layer protocols, and the remote IP addresses with which clients are allowed to communicate
Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment
Lesson 11: Introducing WINS, DNS, and RRAS
Figure 11-58 The Multilink tab
(Skill 8)
Select to set Bandwidth Allocation Protocol (BAP) settings; you can dynamically drop a link if bandwidth usage by remote clients drops below a certain threshold
Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment
Lesson 11: Introducing WINS, DNS, and RRAS
If you have multiple remote access policies, the RRAS server evaluates them in the order in which they are listed in the Routing and Remote Access console; you can change the order
In RRAS, the properties of individual user accounts or the RRAS policy is used to set which users can access the RRAS server
Your domain must be in Windows 2000 native mode or Windows Server 2003 mode to use RRAS policies
The biggest advantage of RRAS policies is ease of administration
Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment
Lesson 11: Introducing WINS, DNS, and RRAS
After configuring the properties for a VPN server, you can create remote access policies and a remote access profile just as you can for a RAS server
By default, if configured to support VPN connections, Windows Server 2003 automatically creates 128 PPTP and 128 L2TP ports for incoming VPN connections
You can change the number of ports if your VPN server needs to support more clients for either protocol
To configure VPN clients,you must enter the FQDN or IP address for the VPN server in the New Connection Wizard
Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment
Lesson 11: Introducing WINS, DNS, and RRAS
ICS is used to create an Internet connection access point with other computers on a home or small network
The ICS-enabled computer has both a public IP address and a private IP address
The clients sharing the connection request Internet access from the ICS-enabled computer, which accesses the Internet for them and passes the information to them
To set up ICS, you need two network connections: one for the LAN and one for the Internet
ICS is only suitable for small networks because only a limited range of private IP addresses can be used and it cannot be extended across subnets
Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment
Lesson 11: Introducing WINS, DNS, and RRAS
ICS automatically assigns unregistered non-routable private IP addresses to the client computers on the network in the Class C subnet range 192.168.0.2-192.168.0.254
The address for the ICS computer will always be the Windows Server 2003 internal address 192.168.0.1 with a subnet mask of 255.255.255.0
Public IP addresses are assigned by a registrar and are unique on the Internet
Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment
Lesson 11: Introducing WINS, DNS, and RRAS
Figure 11-78 Network Connections message box
(Skill 10)
The address for the ICS computer will always be the Windows internal address 192.168.0.1; unregistered non-routable private IP addresses in the Class C subnet range 192.168.0.2-192.168.0.254 will be assigned to the client computers on the network
Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment
Lesson 11: Introducing WINS, DNS, and RRAS
The ICS server assigns IP addresses and subnet masks to the other computers on the LAN just like a DHCP server
The default gateway for the other computers on the LAN will be the IP address for the ICS-enabled network interface
ICS is generally not suitable for a domain-based network where there is a WINS server, a DNS server, or any other computer with a static IP address
If there is a DHCP server on the network, the DHCP service should be stopped because it may interfere with the DHCP allocator functionality included with ICS
Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment
Lesson 11: Introducing WINS, DNS, and RRAS
Network Address Translation (NAT) also allows computers on a network to share a single Internet connection, but with greater flexibility
The NAT service translates private IP addresses to public IP addresses and vice versa as they are forwarded from client computers to a server or from the server to client computers
Using NAT, you can determine your own IP address range, making NAT extendable for a larger network that has multiple subnets over a routed network
NAT includes a basic firewall to help protect clients from intrusions from the Internet
You can also configure static packet filters to designate the kinds of traffic you will allow to both enter and leave the internal network
Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment
Lesson 11: Introducing WINS, DNS, and RRAS
Figure 11-88 The Network Address Translation Properties dialog box
(Skill 11)
Use to create IP filters to control data traffic based on the IP address of the source or destination, the source or destination port number, and the type of data packet