远程访问策略是如何处理的 Are there policies to process? START Does connection attempt match policy conditions? Yes 拒绝尝 试的连接 Is the Ignore User Dialin Properties attribute set to False ? Is the remote access permission set to Deny Access ? Yes No Go to next policy No Is the remote access permission for the user account set to Deny Access ? Yes Is the remote access permission for the user account set to Allow Access ? Does the connection attempt match the User Account and Profile settings? Yes 接受尝 试的连接 拒绝尝 试的连接 No Yes No

如何配置远程访问策略 Your instructor will demonstrate how to: Configure a remote access policy Configure a new policy condition for a remote access policy Configure a remote access policy Configure a new policy condition for a remote access policy

如何配置远程访问配置文件 Your instructor will demonstrate how to configure a remote access policy profile

Practice: Controlling User Access to a Network In this practice, you will configure a remote access policy and policy profile

Lesson: 使用 IAS 集中网络访问验证和策略管理 What Is RADIUS? What Is IAS? How Centralized Authentication Works How to Configure an IAS Server for Network Access Authentication How to Configure the Remote Access Server to Use IAS for Authentication

什么是 RADIUS RADIUS is a widely deployed protocol, based on a client/server model, that enables centralized authentication, authorization, and accounting for network access RADIUS is the standard for managing network access for VPN, dial-up, and wireless networks Use RADIUS to manage network access centrally across many types of network access RADIUS servers receive and process connection requests or accounting messages from RADIUS clients or proxies RADIUS is the standard for managing network access for VPN, dial-up, and wireless networks Use RADIUS to manage network access centrally across many types of network access RADIUS servers receive and process connection requests or accounting messages from RADIUS clients or proxies

什么是 IAS IAS, a Windows Server 2003 component, is an industry-standard compliant RADIUS server. IAS performs centralized authentication, authorization, auditing, and accounting of connections for VPN, dial- up, and wireless connections You can configure IAS to support: Dial-up corporate access Extranet access for business partners Internet access Outsourced corporate access through service providers Dial-up corporate access Extranet access for business partners Internet access Outsourced corporate access through service providers RADIUS Server

How Centralized Authentication Works RADIUS Server RADIUS Client Client Dials in to a local RADIUS client to gain network connectivity 1 1 Forwards requests to a RADIUS server 2 2 Authenticates requests and stores accounting information 3 3 Domain Controller Communicates to the RADIUS client to grant or deny access 4 4 Remote Access Server

How to Configure an IAS Server for Network Access Authentication Your instructor will demonstrate how to: Authorize an IAS server in Active Directory Configure the IAS server for RADIUS clients Authorize an IAS server in Active Directory Configure the IAS server for RADIUS clients

How to Configure a Remote Access Server to Use IAS for Authentication Your instructor will demonstrate how to configure a remote access server to use IAS for authentication

Practice: Centralizing Network Access Authentication by Using IAS In this practice, you will add a VPN server as a RADIUS client to an IAS server

Lab A: Configuring Network Access In this lab, you will configure network access

Lesson: Managing the Network Access Services Guidelines for Managing Network Access Services How to Manage Remote Access Clients

Guidelines for Managing Network Access Services 1 1 Configure another server to support remote access clients 2 2 Schedule downtime for remote access server during off-peak hours 3 3 Send the disconnect message to remote access clients 5 5 Stop the remote access service 4 4 Disconnect the remaining active remote access clients Remote Access Server2 Remote Access Server2 1 1 Remote Access Server1 Remote Access Server

How to Manage Remote Access Clients Your instructor will demonstrate how to: Send a message to a single remote access client Send a message to all remote access clients Disconnect a remote access client Start and stop the Routing and Remote Access service Send a message to a single remote access client Send a message to all remote access clients Disconnect a remote access client Start and stop the Routing and Remote Access service

Practice: Managing the Remote Access Service In this practice, you will manage the Remote Access service

Lesson: Configuring Logging on a Network Access Server Routing and Remote Access Logging Authentication and Accounting Logging How to Configure Authentication and Accounting Logging Log Files for Specific Connections How to Configure Logging for Specific Connection Types

Routing and Remote Access Logging Type of loggingDescription Event logging Records remote access server errors, warnings, and other detailed information in the system event log Local authentication and account logging Tracks usage and authentication attempts on the local remote access server RADIUS-based authentication and account logging Tracks remote access usage and authentication attempts

Authentication and Accounting Logging Authentication and accounting logging is a process that records detailed information about remote access connection requests Use authentication and accounting information to: Track remote access usage and authentication attempts Maintain records for billing purposes Isolate remote access policy issues Track remote access usage and authentication attempts Maintain records for billing purposes Isolate remote access policy issues Refine your logging methods after you determine which data best matches your needs by specifying: The log file properties The types of request logging The log file properties The types of request logging

How to Configure Authentication and Accounting Logging Your instructor will demonstrate how to: Enable Windows accounting Configure local authentication and accounting logging Configure RADIUS-based authentication and accounting logging Enable Windows accounting Configure local authentication and accounting logging Configure RADIUS-based authentication and accounting logging

Log Files for Specific Connections Connection typeLog file nameDescription of log file PPP PPP log Records the series of programming functions and PPP control messages during a PPP connection L2TP/IPSec Audit log Records information about IPSec- related events L2TP/IPSec Oakley log Records information about all Internet Key Exchange main-mode or quick- mode negotiations

How to Configure Logging for Specific Connection Types Your instructor will demonstrate how to: Configure PPP logging Configure Oakley logging for an L2TP/IPSec connection Configure audit logging for an L2TP/IPSec connection Configure PPP logging Configure Oakley logging for an L2TP/IPSec connection Configure audit logging for an L2TP/IPSec connection

Practice: Configuring Logging on a Remote Access Server In this practice, you will configure logging on a remote access server

Lesson: Collecting and Monitoring Network Access Data Why Collect Performance Data? Tools for Collecting Network Access Data How to Monitor Wireless Network Activity

Why Collect Performance Data? Collect performance data to: Evaluate the workload of your server and the effect on resources Observe changes and trends in workloads Track resource usage Test configuration changes or other tuning efforts Isolate problems Target components or processes Evaluate the workload of your server and the effect on resources Observe changes and trends in workloads Track resource usage Test configuration changes or other tuning efforts Isolate problems Target components or processes

Tools for Collecting Network Access Data ToolDescription System Monitor Provides a way to view real-time performance data that is targeted toward specific components and services Performance Logs and Alerts Enables you to capture specific performance data for components and services Wireless Monitor Provides details about wireless network access points and clients

How to Monitor Wireless Network Activity Your instructor will demonstrate how to: Enable or disable wireless client information logging View details about wireless network access points View details about wireless network clients Enable or disable wireless client information logging View details about wireless network access points View details about wireless network clients

Practice: Collecting and Monitoring Network Access Data In this practice, you will:  Determine the best tools to use for monitoring and identifying certain network access issues  Configure Performance Logs

Lab B: Managing and Monitoring Remote Access In this lab, you will monitor remote access by using the Performance console

Course Evaluation

Internet Access

拨号访问 ICS NAT ADSL 设计

Lesson: Connecting to the Internet by Using Internet Connection Sharing and Firewall Connecting to the Internet by Using Internet Connection Sharing: Simplifies the process of configuring NAT Enables small-office and home-office networks to share a single connection to the Internet Internet Small-Office or Home-Office Network Internet Connection Sharing

NAT Process Client Computers IP = IP = IP = Computer Running NAT Internal IP = External IP = The client sends the packet to the computer running NAT 4.The computer running NAT determines the destination, changes the packet header, and sends the packet to the client 2.The computer running NAT changes the packet header and sends the packet over the Internet to the Web server 3.The Web server sends a reply to the computer running NAT Internet Web Server IP =

Course Evaluation