Presentation is loading. Please wait.

Presentation is loading. Please wait.

Module 9: Configuring Network Access

Published byJeremy Stevens Modified over 6 years ago

Similar presentations

Presentation on theme: "Module 9: Configuring Network Access"— Presentation transcript:

1 Module 9: Configuring Network Access

2 Overview Introduction to a Network Access Infrastructure
Configuring a VPN Connection Configuring a Dial-up Connection Configuring a Wireless Connection Controlling User Access to a Network Centralizing Network Access Authentication and Policy Management by Using IAS

3 Lesson: Introduction to a Network Access Infrastructure
Multimedia: Introduction to the Network Access Infrastructure Components of a Network Access Infrastructure Configuration Requirements for a Network Access Server What Is a Network Access Client? What Are Network Access Authentication and Authorization? Available Methods of Authentication

4 Multimedia: Introduction to the Network Access Infrastructure
The objective of this presentation is to provide a high-level overview of the network access infrastructure and how network access services work together After this presentation, you will be able to: Explain the components of the network access infrastructure Describe how the network access components work together to provide a remote access solution Describe how the remote access process works

5 Components of a Network Access Infrastructure
DHCP Server Network Access Server Domain Controller IAS Server VPN Client Wireless Access Point Dial-up Client Network access service Network access clients Authentication service Active Directory (not required) Wireless Client

6 Configuration Requirements for a Network Access Server
A network access server is a server that acts as a gateway to a network for a client To configure the network access server, you will need to know: Whether the server will also act as a router Authentication methods and providers Client access IP address assignment PPP configuration options Event logging preferences

7 What Is a Network Access Client?
Type of Client Description VPN Client Connects to a network across a shared or public network Emulates a point-to-point link on a private network Dial-up Client Connects to a network by using a communications network Creates a physical connection to a port on a remote access server on a private network Uses a modem or ISDN adapter to dial in to the remote access server Wireless Connects to a network by infrared light and radio frequency technologies Includes many different types of devices

8 What Are Network Access Authentication and Authorization?
2 1 Network Access Client Network Access Server Domain Controller Authentication Verifies a remote user's identification to the network service that the remote user is attempting to access (interactive logon) 1 Authorization Verifies that the connection attempt is allowed; authorization occurs after a successful logon attempt 2

9 Available Methods of Authentication
Remote and wireless authentication methods include: CHAP PAP SPAP MS-CHAP MS-CHAP v2 EAP-TLS PEAP MD-5 Challenge Recommended method for user authentication is by using smart card certificates

10 Lesson: Configuring a VPN Connection
How a VPN Connection Works Components of a VPN Connection Encryption Protocols for a VPN Connection Configuration Requirements for a VPN Server How to Configure a Remote Access Server for a VPN Connection How to Configure a Remote Access Client for a VPN Connection How to Configure Smart Card Authentication on a Remote Access Server

11 How a VPN Connection Works
A VPN extends the capabilities of a private network to encompass links across shared or public networks, such as the Internet, in a manner that emulates a point-to-point link VPN Server Domain Controller VPN Client VPN client calls the VPN server 1 3 VPN server authenticates and authorizes the client 2 VPN server answers the call 4 VPN server transfers data

12 Components of a VPN Connection
VPN Tunnel Tunneling Protocols Tunneled Data VPN Server Transit Network VPN Client Domain Controller Authentication DHCP Server Address and Name Server Allocation

13 Encryption Protocols for a VPN Connection
Category Description PPTP Employs user-level Point-to-Point Protocol (PPP) authentication methods and Microsoft Point-to-Point Encryption (MPPE) for data encryption L2TP/IPSec Employs user-level PPP authentication methods over a connection that is encrypted with IPSec Recommended authentication method for VPN network access is L2TP/IPSec with certificates Examples of Remote Access Server Using L2TP/IPSec Remote User to Corp Net Remote Access Server Branch Office to Branch Office

14 Configuration Requirements for a VPN Server
Before adding a remote access / VPN server: Identify which network interface connects to the Internet and which network interface connects to your private network Identify whether clients receive IP addresses from a DHCP server or the VPN server Identify whether to authenticate connection requests by RADIUS or by the VPN server

15 How to Configure a Remote Access Server for a VPN Connection
Your instructor will demonstrate how to: Register a remote access server in Active Directory Configure a remote access server for a VPN connection Configure the number of ports available on the server

16 How to Configure a Remote Access Client for a VPN Connection
Your instructor will demonstrate how to configure a remote access client for a VPN connection

17 How to Configure Smart Card Authentication on a Remote Access Server
Your instructor will demonstrate how to configure smart card authentication on a remote access server

18 Practice: Configuring a VPN Connection
In this practice, you will configure a VPN connection

19 Lesson: Configuring a Dial-up Connection
How Dial-up Network Access Works Components of a Dial-up Connection Authentication Methods for a Dial-up Connection Configuration Requirements for a Remote Access Server How to Configure a Remote Access Server for a Dial-up Connection How to Configure a Remote Access Client for a Dial-up Connection  

20 How Dial-up Network Access Works
Dial-up networking is the process of a remote access client making a temporary dial-up connection to a physical port on a remote access server by using the service of a telecommunications provider Remote Access Server Domain Controller Dial-up Client Dial-up client calls the RA server 1 3 RA server authenticates and authorizes the client 2 RA server answers the call 4 RA server transfers data

21 Components of a Dial-up Connection
Dial-up Client Address and Name Server Allocation DHCP Server Domain Controller Authentication Remote Access WAN Options: Telephone, ISDN, X.25, or ATM LAN and Remote Access Protocols

22 Authentication Methods for a Dial-up Connection
Authentication methods for dial-up include: CHAP PAP SPAP MS-CHAP MS-CHAP v2 EAP-TLS EAP-MD5 Challenge Mutual Authentication Remote Access Server Remote Access User Strongest method: EAP-TLS with smart cards

23 Configuration Requirements for a Remote Access Server
Before adding a remote access server for dial-up access: Identify whether clients receive IP addresses from a DHCP server or the remote access server Identify whether to authenticate connection requests by RADIUS or by the remote access server Verify that users have user accounts configured for dial-up access

24 How to Configure a Remote Access Server for a Dial-up Connection
Your instructor will demonstrate how to configure a remote access server for a dial-up connection

25 How to Configure a Remote Access Client for a Dial-up Connection
Your instructor will demonstrate how to: Configure a remote access client for a dial-up connection Modify the settings of a dial-up connection

26 Lesson: Configuring a Wireless Connection
Overview of Wireless Network Access Components of a Wireless Connection Wireless Standards Authentication Methods for Wireless Networks Configuration Requirements of a Windows XP Professional Client for Wireless Network Access How to Configure the Network Access Client for a Wireless Connection

27 Overview of Wireless Network Access
A wireless network uses technology that enables devices to communicate by using standard network protocols and electromagnetic waves—not network cabling—to carry signals over part or all of the network infrastructure DHCP Server Network Access Server Domain Controller IAS Server Standard Description Infrastructure WLAN Clients connect to wireless access points Peer-to-peer WLAN Network wireless clients communicate directly with each other without the use of cables Wireless Access Point Wireless Client

28 Components of a Wireless Connection
DHCP Server Remote Access Server Domain Controller Wireless Client (Station) Wireless Access Point Address and Name Server Allocation Authentication Ports

29 Wireless Standards Standard Description
802.11 A group of specifications for WLANs developed by IEEE Defines the physical and MAC portion of the OSI data-link layer 802.11b 11 megabits per second Good range but susceptible to radio signal interference Popular with home and small business users 802.11a Transmissions speeds as high as 54 Mbps Allows wireless LAN networking to perform better for video and conferencing applications Works well in densely populated areas Is not interoperable with , b, g 802.11g Enhancement to and compatible with b 54 Mbps but at shorter ranges than b 802.1x Authenticates clients before it lets them on the network Can be used for wireless or wired LANs Requires greater hardware and infrastructure investment

30 Authentication Methods for Wireless Networks
802.1x Authentication Methods Description EAP-MS-CHAP v2 Provides mutual authentication Uses certificates for server authentication and password-based credentials for client authentication EAP-TLS Provides mutual authentication and is the strongest method of authentication and key determination Uses certificates for both server and client authentication PEAP Provides support for EAP-TLS and EAP-MS-CHAP v2 Encrypts the negotiation process

31 Configuration Requirements of a Windows XP Professional Client for Wireless Network Access
Choose a network type: Access point Computer-to-computer Any available network Configure authentication appropriately for the selected network type Balance the level of security with the deployment effort: For the highest level of security, choose PEAP with certificates (EAP-TLS) For the greatest ease of deployment, choose PEAP with passwords (EAP-MS-CHAP v2)

32 How to Configure the Network Access Client for a Wireless Connection
Your instructor will demonstrate how to configure a network access client for a wireless connection

33 Lesson: Controlling User Access to a Network
User Account Dial-in Permissions How to Configure User Accounts for Network Access What Is a Remote Access Policy? What Is a Remote Access Policy Profile? How Remote Access Policies Are Processed How to Configure a Remote Access Policy How to Configure a Remote Access Policy Profile

34 User Account Dial-in Permissions
You can control the level of remote access for users by configuring the following dial-in properties: Remote Access Permission (Dial-in or VPN) Verify Caller ID Callback Options Assign a Static IP Address Apply Static Routes

35 How to Configure User Accounts for Network Access
Your instructor will demonstrate how to: Raise the domain functional level Configure the dial-in properties for user accounts in a Windows 2000 native domain

36 What Is a Remote Access Policy?
A remote access policy is a named rule that consists of the following elements: Conditions. One or more attributes that are compared to the settings of the connection attempt Remote access permission. If all conditions of a remote access policy are met, remote access permission is either granted or denied Profile. A set of properties that are applied to a connection when it is authorized (either through the user account or policy permission settings)

37 What Is a Remote Access Policy Profile?
Dial-in Constraints IP Properties IP Address Assignment IP Filters Multilink Authentication Encryption Advanced Settings Remote Access User

38 Reject connection attempt
How Remote Access Policies Are Processed START Go to next policy Yes No Are there policies to process? No Does connection attempt match policy conditions? Yes Reject connection attempt Yes Yes Is the Ignore User Dialin Properties attribute set to False? No Is the remote access permission for the user account set to Deny Access? No Yes No Reject connection attempt Is the remote access permission set to Deny Access? Is the remote access permission for the user account set to Allow Access? No Yes Yes Accept connection attempt Does the connection attempt match the User Account and Profile settings? No

39 How to Configure a Remote Access Policy
Your instructor will demonstrate how to: Configure a remote access policy Configure a new policy condition for a remote access policy

40 How to Configure a Remote Access Policy Profile
Your instructor will demonstrate how to configure a remote access policy profile

41 Practice: Controlling User Access to a Network
In this practice, you will configure a remote access policy and policy profile

42 Lesson: Centralizing Network Access Authentication and Policy Management by Using IAS
What Is RADIUS? What Is IAS? How Centralized Authentication Works How to Configure an IAS Server for Network Access Authentication How to Configure the Remote Access Server to Use IAS for Authentication

43 What Is RADIUS? RADIUS is a widely deployed protocol, based on a client/server model, that enables centralized authentication, authorization, and accounting for network access RADIUS is the standard for managing network access for VPN, dial-up, and wireless networks Use RADIUS to manage network access centrally across many types of network access RADIUS servers receive and process connection requests or accounting messages from RADIUS clients or proxies

44 What Is IAS? You can configure IAS to support:
IAS, a Windows Server 2003 component, is an industry-standard compliant RADIUS server. IAS performs centralized authentication, authorization, auditing, and accounting of connections for VPN, dial-up, and wireless connections You can configure IAS to support: Dial-up corporate access Extranet access for business partners Internet access Outsourced corporate access through service providers RADIUS Server

45 How Centralized Authentication Works
Communicates to the RADIUS client to grant or deny access 4 Forwards requests to a RADIUS server 2 RADIUS Client Domain Controller Client Remote Access Server RADIUS Server Authenticates requests and stores accounting information 3 Dials in to a local RADIUS client to gain network connectivity 1

46 How to Configure an IAS Server for Network Access Authentication
Your instructor will demonstrate how to: Authorize an IAS server in Active Directory Configure the IAS server for RADIUS clients

47 How to Configure a Remote Access Server to Use IAS for Authentication
Your instructor will demonstrate how to configure a remote access server to use IAS for authentication

48 Practice: Centralizing Network Access Authentication by Using IAS
In this practice, you will add a VPN server as a RADIUS client to an IAS server

49 Lab A: Configuring Network Access
In this lab, you will configure network access

Download ppt "Module 9: Configuring Network Access"

Similar presentations

1.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.

1.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.
4.1 Configuring Network Access Components of a Network Access Services Infrastructure What is the Network Policy and Access Services Role? What is Routing.

4.1 Configuring Network Access Components of a Network Access Services Infrastructure What is the Network Policy and Access Services Role? What is Routing.
Module 10: Troubleshooting Network Access. Overview Troubleshooting Network Access Resources Troubleshooting LAN Authentication Troubleshooting Remote.

Module 10: Troubleshooting Network Access. Overview Troubleshooting Network Access Resources Troubleshooting LAN Authentication Troubleshooting Remote.
Module 5: Configuring Access for Remote Clients and Networks.

Module 5: Configuring Access for Remote Clients and Networks.
1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.

1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.
1 Configuring Virtual Private Networks for Remote Clients and Networks.

1 Configuring Virtual Private Networks for Remote Clients and Networks.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 11: Planning Network Access.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 11: Planning Network Access.
Module 10: Configuring Virtual Private Network Access for Remote Clients and Networks.

Module 10: Configuring Virtual Private Network Access for Remote Clients and Networks.
Hands-On Microsoft Windows Server 2003 Administration Chapter 11 Administering Remote Access Services.

Hands-On Microsoft Windows Server 2003 Administration Chapter 11 Administering Remote Access Services.
70-270, 70-290 MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Twelve Implementing Terminal.

70-270, MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Twelve Implementing Terminal.
MCITP Guide to Microsoft Windows Server 2008 Server Administration (Exam #70-646) Chapter 10 Configuring Remote Access.

MCITP Guide to Microsoft Windows Server 2008 Server Administration (Exam #70-646) Chapter 10 Configuring Remote Access.
Remote Networking Architectures

Remote Networking Architectures
Virtual Private Network (VPN) © N. Ganesan, Ph.D..

Virtual Private Network (VPN) © N. Ganesan, Ph.D..
Overview of Routing and Remote Access Service (RRAS) When RRAS was implemented in Microsoft Windows NT 4.0, it added support for a number of features.

Overview of Routing and Remote Access Service (RRAS) When RRAS was implemented in Microsoft Windows NT 4.0, it added support for a number of features.
Module 11: Supporting Remote Users. Overview Establishing Remote Access Connections Connecting to Virtual Private Networks Configuring Authentication.

Module 11: Supporting Remote Users. Overview Establishing Remote Access Connections Connecting to Virtual Private Networks Configuring Authentication.
70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 10: Remote Access.

70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 10: Remote Access.
1 Microsoft Windows NT 4.0 Authentication Protocols Password Authentication Protocol (PAP) Challenge Handshake Authentication Protocol (CHAP) Microsoft.

1 Microsoft Windows NT 4.0 Authentication Protocols Password Authentication Protocol (PAP) Challenge Handshake Authentication Protocol (CHAP) Microsoft.
Virtual Private Networks (Tunnels). When Are VPN Tunnels Used? VPN with PPTP tunnel Used if: All routers support VPN tunnels You are using MS-CHAP or.

Virtual Private Networks (Tunnels). When Are VPN Tunnels Used? VPN with PPTP tunnel Used if: All routers support VPN tunnels You are using MS-CHAP or.
Course 6421A Module 7: Installing, Configuring, and Troubleshooting the Network Policy Server Role Service Presentation: 60 minutes Lab: 60 minutes Module.

Course 6421A Module 7: Installing, Configuring, and Troubleshooting the Network Policy Server Role Service Presentation: 60 minutes Lab: 60 minutes Module.
Windows Server 2008 Chapter 9 Last Update 2012.06.07 1.0.0.

Windows Server 2008 Chapter 9 Last Update

Similar presentations

Ads by Google