70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 11: Planning Network Access.

Slides:



Advertisements
Similar presentations
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 6 Managing and Administering DNS in Windows Server 2008.
Advertisements

1.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.
4.1 Configuring Network Access Components of a Network Access Services Infrastructure What is the Network Policy and Access Services Role? What is Routing.
11 TROUBLESHOOTING Chapter 12. Chapter 12: TROUBLESHOOTING2 OVERVIEW  Determine whether a network communications problem is related to TCP/IP.  Understand.
1 Routing and Remote Access Service (Week 15, Friday 4/21/2006) © Abdou Illia, Spring 2006.
Module 5: Configuring Access for Remote Clients and Networks.
1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.
1 Configuring Virtual Private Networks for Remote Clients and Networks.
Module 10: Configuring Virtual Private Network Access for Remote Clients and Networks.
MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 13: Troubleshoot TCP/IP.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 5: Planning, Configuring, And Troubleshooting DHCP.
MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 14: Troubleshooting Remote Connections.
Hands-On Microsoft Windows Server 2003 Administration Chapter 11 Administering Remote Access Services.
Chapter 8 Administering TCP/IP.
70-270, MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Twelve Implementing Terminal.
Chapter 8: Configuring Network Connectivity. Installing Network Adapters Network adapter cards connect a computer to a network. Installation –Plug and.
MCITP Guide to Microsoft Windows Server 2008 Server Administration (Exam #70-646) Chapter 10 Configuring Remote Access.
Hands-On Microsoft Windows Server 2003 Networking Chapter 5 Dynamic Host Configuration Protocol.
Remote Networking Architectures
Virtual Private Network (VPN) © N. Ganesan, Ph.D..
Faten Yahya Ismael.  It is technology creates a network that is physically public, but virtually it’s private.  A virtual private network (VPN) is a.
Overview of Routing and Remote Access Service (RRAS) When RRAS was implemented in Microsoft Windows NT 4.0, it added support for a number of features.
Module 11: Supporting Remote Users. Overview Establishing Remote Access Connections Connecting to Virtual Private Networks Configuring Authentication.
Chapter 11: Dial-Up Connectivity in Remote Access Designs
Implementing RADIUS AAA Phil & Rick. Content Terms and Concepts Access Control What is AAA? Benefits of AAA What is RADIUS? Microsoft IAS Overview Installation.
MCTS GUIDE TO MICROSOFT WINDOWS 7 Chapter 14 Remote Access.
70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 10: Remote Access.
1 Microsoft Windows NT 4.0 Authentication Protocols Password Authentication Protocol (PAP) Challenge Handshake Authentication Protocol (CHAP) Microsoft.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 9 Network Policy and Access Services in Windows Server 2008.
Virtual Private Networks (Tunnels). When Are VPN Tunnels Used? VPN with PPTP tunnel Used if: All routers support VPN tunnels You are using MS-CHAP or.
Course 6421A Module 7: Installing, Configuring, and Troubleshooting the Network Policy Server Role Service Presentation: 60 minutes Lab: 60 minutes Module.
Windows Server 2008 Chapter 9 Last Update
Guide to Operating System Security Chapter 9 Web, Remote Access, and VPN Security.
Configuring Routing and Remote Access(RRAS) and Wireless Networking
Chapter 20: Getting from the Office to the Road: VPNs BAI617.
Chapter 12 Chapter 12: Remote Access and Virtual Private Networks.
Module 8: Configuring Virtual Private Network Access for Remote Clients and Networks.
Module 9: Planning Network Access. Overview Introducing Network Access Selecting Network Access Connection Methods Selecting a Remote Access Policy Strategy.
Module 6: Configuring and Troubleshooting Routing and Remote Access
70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 12: Routing.
Objectives Configure routing in Windows Server 2008 Configure Network Address Translation 1.
Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.
11.59 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 11: Introducing WINS, DNS,
Objectives Configure routing in Windows Server 2008 Configure Routing and Remote Access Services in Windows Server 2008 Network Address Translation 1.
1 Chapter Overview Using the New Connection Wizard to configure network and Internet connections Using the New Connection Wizard to configure outbound.
1 Week 6 – NPS and RADIUS Install and Configure a Network Policy Server Configure RADIUS Clients and Servers NPS Authentication Methods Monitor and Troubleshoot.
Module 8: Designing Network Access Solutions. Module Overview Securing and Controlling Network Access Designing Remote Access Services Designing RADIUS.
20411B 8: Installing, Configuring, and Troubleshooting the Network Policy Server Role Presentation: 60 minutes Lab: 60 minutes After completing this module,
1 Chapter 12: VPN Connectivity in Remote Access Designs Designs That Include VPN Remote Access Essential VPN Remote Access Design Concepts Data Protection.
Module 11: Remote Access Fundamentals
VIRTUAL PRIVATE NETWORK By: Tammy Be Khoa Kieu Stephen Tran Michael Tse.
11.59 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 11: Introducing WINS, DNS,
Hands-On Microsoft Windows Server Introduction to Remote Access Routing and Remote Access Services (RRAS) –Enable routing and remote access through.
5.1 © 2004 Pearson Education, Inc. Exam Designing a Microsoft ® Windows ® Server 2003 Active Directory and Network Infrastructure Lesson 5: Planning.
Page 1 TCP/IP Networking and Remote Access Lecture 9 Hassan Shuja 11/23/2004.
70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network, Enhanced Chapter 11: Internet Authentication Service.
USING ROUTING & REMOTE ACCESS.  When you have only 2 network sites, then only 1 topology is available in which you install a router on each site & connect.
1 Week #5 Routing and NAT Network Overview Configuring Routing Configuring Network Address Translation Troubleshooting Routing and Remote Access.
Network Infrastructure Microsoft Windows 2003 Network Infrastructure MCSE Study Guide for Exam
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 10: Planning and Managing IP Security.
Using Routing and Remote Access Chapter Five. Exam Objectives in this Chapter:  Plan a routing strategy Identify routing protocols to use in a specified.
1 Chapter 13: RADIUS in Remote Access Designs Designs That Include RADIUS Essential RADIUS Design Concepts Data Protection in RADIUS Designs RADIUS Design.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 6: Planning, Configuring, And Troubleshooting WINS.
Configure and Security Remote Acess. Chapter 8 Advance Computer Network Lecture Sorn Pisey
Windows Vista Configuration MCTS : Advanced Networking.
KAPLAN SCHOOL OF INFORMATION SYSTEMS AND TECHNOLOGY IT375 Window Enterprise Administration Course Name – IT Introduction to Network Security Instructor.
Module 9: Configuring Network Access
Microsoft Windows NT 4.0 Authentication Protocols
Module Overview Installing and Configuring a Network Policy Server
Configuring and Troubleshooting Routing and Remote Access
Presentation transcript:

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 11: Planning Network Access

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network 2 Objectives Describe the purpose and features of Windows Server 2003 remote access methods Configure a remote access server (RAS) Allow remote clients access to network resources Create and configure remote access policies Understand and describe the purpose of the RADIUS protocol Troubleshoot remote access

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network 3 Introducing Remote Access Methods Remote access allows remote and mobile users access to network resources on the internal network, including files, printers, databases, and , among others, from outside the internal network Windows Server 2003 has the ability to be a remote access server (RAS) There are two types of remote access: Dial-up VPN

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network 4 Dial-up Remote Access Remote access using dial-up connections over phone lines is the oldest type of remote access A dial-up connection allows two computers to transfer information using modems and a phone line The benefit of dial-up connections is availability The drawback of dial-up connections is speed Also, maintenance of a modem pool at the office for dial- up users can be expensive and time-consuming

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network 5 Enabling and Configuring a Dial- up Server Windows Server 2003 uses Routing and Remote Access Service (RRAS) to act as a dial-up server With Routing and Remote Access Setup Wizard, you can configure RRAS as a dial-up server, a VPN server, or a router For the server to act as a dial-up server, it must have a modem installed Modems are installed using Phone and Modem Options in Control Panel

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network 6 Activity 11-1: Installing a Modem The purpose of this activity is to install a modem on your server

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network 7 Activity 11-2: Enabling RRAS as a Dial-up Server The purpose of this activity is to configure RRAS on your server to act as a RAS

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network 8 Activity 11-3: Creating a Dial-up Connection The purpose of this activity is to configure your server with a dial-up connection

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network 9 VPN Remote Access A virtual private network (VPN) uses a public network (Internet) to transmit private information After they are connected to the Internet, client computers initiate a VPN connection with a VPN server Encryption keeps the private information from being read by unauthorized persons Maintaining a VPN server is much easier than maintaining a dial-up server

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network 10 VPN Remote Access (continued) Advantages of VPN connections: Higher speed than dial-up Reduced maintenance by eliminating a modem pool Drawback to VPN connections is the security risk of allowing Internet access to network resources

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network 11 Enabling and Configuring a VPN Server Windows Server 2003 uses RRAS as a VPN server When a RAS is configured to provide VPN connections, no special equipment is required All connectivity is through a regular network card Enable a VPN server with the Routing and Remote Access Server Setup Wizard

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network 12 Activity 11-4: Enabling RRAS as a VPN Server The purpose of this activity is to enable RRAS as a VPN server

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network 13 Activity 11-5: Modifying the Default Number of VPN Ports The purpose of this activity is to reduce the number of PPTP and L2TP VPN ports to 10 each

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network 14 PPTP PPTP is one of the oldest VPN protocols The most popular and most widely supported Supported by all versions of Windows starting with Windows 95 PPTP can function properly through NAT Authentication for PPTP is based on a user name and password, and does not authenticate the computers involved in the connection No assurance that the VPN server or VPN client are authorized

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network 15 L2TP L2TP is designed only for tunneling data, not encrypting it The L2TP implementation used by Microsoft for VPN connections uses IPSec for encryption With L2TP operation over NAT is possible L2TP authentication is like PPTP. However, the addition of IPSec adds computer-level authentication

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network 16 L2TP (continued)

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network 17 Configuring Remote Access Servers Default configuration options for a RAS are sufficient for day-to-day operations, but in some situations you may need to modify settings to allow particular types of clients to connect or to modify system performance

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network 18 Authentication Methods Windows Server 2003 can use many different authentication methods These authentication methods can be used for authenticating dial-up, PPTP, and L2TP connections: No authentication PAP SPAP CHAP MS-CHAP MSCHAPv2 EAP

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network 19 IP Address Management When dial-up and VPN clients connect to Windows Server 2003 configured as a RAS, they are assigned an IP address The IP address can be from a static pool configured on the RAS or leased from a DHCP server

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network 20 IP Address Management

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network 21 Activity 11-6: Configuring the DHCP Relay Agent The purpose of this activity is to configure the DHCP relay agent on a RAS

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network 22 Allowing Client Access Remote access permission allows users to act as dial- up or VPN clients When all domain controllers are Windows 2000 or later and the domain has been switched to at least Windows 2000 native mode, remote access policies can be used to control remote access permission Remote access permission for users is controlled by their user object in Active Directory By default, all users are denied access

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network 23 Activity 11-7: Allowing a User Remote Access Permission The purpose of this activity is to create a new user and allow him remote access permission

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network 24 Creating a VPN Client Connection Windows Server 2003 can be configured as a VPN client Can be useful when Windows Server 2003 is configured to act as a router VPN connections can be used to encrypt traffic sent between the two routers VPN client connections are created using the same New Connection Wizard that is used when configuring dial-up connections

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network 25 Activity 11-8: Creating a Client VPN Connection The purpose of this activity is to create a client VPN connection and then test it

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network 26 Configuring a VPN Client Connection Configuration of a VPN client connection may be done with the New Connection Wizard or with the Properties dialog box of the VPN connection. The following configuration options exist: IP address of VPN server Dialing and redialing options Security and encryption Network configuration Internet Connection Firewall and Internet Connection Sharing for this connection

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network 27 Remote Access Policies Remote access policies are configured on RAS to control how remote access connections are created To use remote access policies effectively, you must understand: Remote access policy components Remote access policy evaluation Default remote access policies

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network 28 Remote Access Policy Components Remote access policies are composed of conditions, remote access permissions, and a profile Conditions are criteria that must be met for a remote access policy to apply to a connection The remote access permission set in a remote access policy has only two options: Deny remote access permission Grant remote access permission

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network 29 Activity 11-9: Creating a Remote Access Policy The purpose of this activity is to create a new remote access policy on your server

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network 30 Remote Access Policy Evaluation To create remote access policies and understand what their results will be, you need to understand Contents of remote access policies How they are evaluated by RRAS The evaluation process varies depending on whether the domain is in mixed mode or native mode

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network 31 Remote Access Policy Evaluation

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network 32 Evaluating Conditions Remote access policies are assigned an order Evaluating conditions follows the same process for mixed-mode domains and native mode domains If no remote access policies exist, the connection attempt is rejected If remote access policies exist, their conditions are evaluated Then compare conditions set in the remote access policies with actual conditions of the attempted connection

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network 33 Evaluating Permissions After a condition match has been found, the permissions of the user attempting the connection are evaluated Check for the Ignore-User-Dialin-Properties attribute in the profile of the remote access policy This is true for mixed-mode and native mode domains

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network 34 Evaluating Profile Settings Even if remote access permission is granted, it does not guarantee that a remote access connection will be successful Some of the profile settings, such as allowed authentication methods and encryption levels, force a connection attempt to be disconnected Profile settings are applied in the same way for mixed-mode and native mode domains

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network 35 Activity 11-10: Testing Remote Policy Evaluation The purpose of this activity is to verify the process by which remote access permission is granted

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network 36 Default Remote Access Policies The default remote access policies are created to make managing remote access easier The first default remote access policy is Connections to Microsoft Routing and Remote Access server The second default remote access policy listed is named Connections to other access servers

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network 37 Radius Remote Authentication Dial-In User Service (RADIUS) is a protocol that centralizes the authentication process for large, distributed networks RADIUS can be used for VPN servers, switches, and wireless access points, etc. The RADIUS process has two mandatory server roles: RADIUS client RADIUS server

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network 38 Outsourcing Dial-up Requirements You can use IAS to outsource dial-up requirements and allow roaming users to continue logging on using their Active Directory user name and password You must coordinate configuration with a remote access provider, usually an ISP

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network 39 Configuring IAS as a RADIUS Server After IAS is installed, it must be configured using the Internet Authentication Service snap-in IAS servers do not respond to requests from RADIUS clients unless the RADIUS clients are listed in the configuration of IAS If a RADIUS proxy is used, it is listed here instead of the RADIUS client When a RADIUS client is added, you are asked for a friendly name, and an IP address or DNS name

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network 40 Activity 11-11: Configuring IAS as a RADIUS Server The purpose of this activity is to install IAS so your server can act as a RADIUS server

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network 41 Activity 11-12: Centralizing Remote Access Policies The purpose of this activity is to configure RRAS and IAS to centralize the management of remote access policies on a single server

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network 42 Configuring IAS as a RADIUS Proxy IAS has the ability to act as both a RADIUS proxy and a RADIUS server at the same time A mechanism is required to determine which RADIUS requests received are authenticated locally and which are forwarded to another RADIUS server Connection request policies are used to determine how a RADIUS request is handled

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network 43 Remote RADIUS Server Groups Remote RADIUS server groups are required for IAS to act as a RADIUS proxy RADIUS requests and logging information are forwarded to remote RADIUS server groups, not individual RADIUS servers You can create a remote RADIUS server group with a single RADIUS server in it Remote RADIUS server groups allow you to do load balancing and fault tolerance between RADIUS servers

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network 44 Activity 11-13: Creating a Remote RADIUS Server Group The purpose of this activity is to create a remote RADIUS server group that can be used when IAS is configured as a RADIUS proxy

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network 45 Activity 11-14: Creating a Connection Request Policy The purpose of this activity is to create a new connection request policy to configure your server as a RADIUS proxy

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network 46 Troubleshooting Remote Access Most of the problems with remote access are due to software configuration issues introduced by users and administrators Hardware errors may occur as well

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network 47 Software Configuration Issues Some configuration problems include: Incorrect phone number and IP addresses Incorrect authentication settings Incorrectly configured remote access policies Name resolution is not configured Clients receive incorrect IP options The RAS leases 10 IP addresses from DHCP at startup User accounts in Active Directory seem to be locked out at random

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network 48 Hardware Errors Some hardware troubleshooting issues: Is the hardware on the HCL list? If you cannot find the server, use Ping to see if server is reachable If you cannot dial in using a new modem, see if you can dial in to a different RAS If you installed a new network card, ensure that you reconnected the patch cable and there is a link light on the network card Is the type of hardware you are trying to use supported?

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network 49 Logging IAS can log authentication requests to a file or an SQL server You can control which events are logged, including accounting requests, authentications requests, and periodic status You can also choose the format of the log and how often a new log file is created

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network 50 Activity 11-15: Modem Logging The purpose of this activity is to enable modem logging

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network 51 Troubleshooting Tools The following tools can be used to for troubleshooting: Ping can confirm that a host is reachable Ipconfig can confirm that the correct IP settings are being delivered to the remote access client Network Monitor can perform packet captures, which may give some further clues as to the cause of the error

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network 52 Summary Windows Server 2003 can be a remote access server Two types of remote access: dial-up & VPN Windows Server 2003 uses Routing and Remote Access Service (RRAS) Dial-up connections are slow, but available anywhere VPN connections are usually faster, but Internet access is required

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network 53 Summary (continued) L2TP does not perform encryption IPSec performs encryption Many authentication methods are supported by RRAS PPTP VPNs cannot encrypt data if PAP, SPAP, or CHAP is used Remote access policies are composed of conditions, remote access permissions, and a profile

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network 54 Summary (continued) IAS allows Windows Server 2003 to act as a RADIUS server IAS can also be configured as a RADIUS proxy Most problems with remote access connections result from improper software configuration Common troubleshooting tools for remote access are ipconfig, ping, and Network Monitor

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.