Presentation is loading. Please wait.

Presentation is loading. Please wait.

Objectives Configure routing in Windows Server 2008 Configure Routing and Remote Access Services in Windows Server 2008 Network Address Translation 1.

Similar presentations


Presentation on theme: "Objectives Configure routing in Windows Server 2008 Configure Routing and Remote Access Services in Windows Server 2008 Network Address Translation 1."— Presentation transcript:

1 Objectives Configure routing in Windows Server 2008 Configure Routing and Remote Access Services in Windows Server 2008 Network Address Translation 1

2 Configuring Routing in 2008 Routing and Remote Access Services (RRAS) –A Server Role service used to configure and manage network routing –Recommended for use in small networks that require simple routing directions –Not recommended for large and complex environments (use Cisco) 2

3 Configuring RRAS as a Router Routers –Responsible for forwarding packets between subnets, or networks with differing IP addressing schemes 3

4 Working with Routing Tables Routing tables are composed of routes Routes –Direct data traffic to its destination Routing tables –A list of routes –Can be managed in the RRAS console or from the command line using the route command 4

5 Configuring Routes Static Routing Limitations: –Requires manual creation and management –Require reconfiguration if the network changes –Used in small network with less than 10 subnet Dynamic protocols –Route traffic based on information they discover about remote networks from other routers Routing Information Protocol version 2 (RIPv2) –Uses partner routers, or RIP neighbors, in determining the dynamic routes it can use for forwarding packets of data 5

6 Configuring a DHCP Relay Agent DHCP relay agent –Manages the communication between a network’s DHCP server and clients on subnets without a DHCP server With RRAS –Network adapters are added and configured to listen for DHCP broadcast messages 6

7 Configuring Dial-on-Demand Routing Demand-dial routing –Allows a server to initiate a connection only when it receives data traffic bound for a remote network –Can use dial-up networks instead of more expensive leased lines 7

8 Configuring Remote Access Services in Windows Server 2008 Dial-up networking –Connects remote users to their networks using a standard phone line Virtual Private Networks –Allow client connections to your network from remote locations –Works by creating a secure tunnel for transmitting data packets between two points –VPN tunneling protocols: Point-to-Point Tunneling Protocol, Layer 2 Tunneling Protocol, Secure Socket Tunneling Protocol 8

9 9

10 10

11 VPN Remote Access Uses Internet to transmit private information Encryption is used High speed and reduced maintenance Security risk presented by allowing access to network resources from the Internet Windows Server 2008 uses RRAS as a VPN server Remote computers are configured as VPN clients

12 Enable and Configure a VPN Server Enabling packet filters should only be chosen if the server has multiple network cards with the filtered card connected to the Internet and the unfiltered cards connected to VPN traffic

13 VPN Protocols PPTP and L2TP are supported by Win. Server 2003 By default, 128 PPTP ports and 128 L2TP ports available – Can increase the number of ports or – Disable a protocol by setting the number of ports to zero PPTP is the most popular and can function through NAT L2TP requires IPSec to function

14 VPN Protocols (continued)

15 Configuring Remote Access Servers Control authentication and logging Specify whether or not the server is a router for IP, and if it allows IP-based remote access connections Enable broadcast name resolution

16 Authentication Methods Windows Server 2003 can use a number of different authentication methods: –No Authentication –Password Authenticated Protocol –Shiva Password Authentication Protocol –Challenge Handshake Authentication Protocol –Microsoft Challenge Handshake Authentication Protocol –Microsoft Challenge Handshake Authentication Protocol version 2 –Extensible Authentication Protocol Server and Client must support common protocol to authenticate and connect

17 IP Address Management When dial-up and VPN clients connect to Windows Server 2003, they are assigned an IP address Options for DNS and WINS server are taken from the configuration of a specified interface on the remote access server Windows 2000 and newer clients can send a DHCPINFORM packet after a remote access connection has been established

18 IP Address Management (continued) Notice: Client DNS Option is taking from RAS server, not DHCP server

19 IP Address Management (continued) Client DNS Option is changed by DHCPINFORM packets to DHCP server settings

20 Allowing Client Access By W2K3 Server default, none of the users are granted remote access permission Remote access permission is controlled by their user object –If RRAS does not participate in Active Directory, the user object is stored in the local user account database –If RRAS belongs to an Active Directory domain, the user object is stored in the Active Directory database located on the domain controller

21 Creating a VPN Client Connection Configure VPN clients on client machines, e.g. Win XP Windows Server 2003 can be configured as a VPN client Create VPN connections using the New Connection Wizard

22 Configuring a VPN Client Connection Most configuration is done with the New Connection Wizard You can: –Configure the IP address of the VPN server to which you are connecting –Configure whether or not an initial connection is created –Configure dialing and redialing options –Specify if password and data encryption are required –Configure the network configuration for VPN connection –Configure an Internet connection firewall and Internet connection sharing

23 Remote Access Policies Control who is allowed to access remotely Depends on the domain’s functional level (mixed, 2000 native or 2003 native) Depend on the machine user is connecting to To use remote access, you must understand: –Remote access policy components –Remote access policy evaluation –Default remote access policies Default Remote Access Policies

24 Remote Access Policy Components Composed of conditions, remote access permissions, and a profile – Conditions are criteria that must be met in order for remote access policy to apply to a connection – Remote access permission set in a remote access policy has only two options: Deny or Grant remote access permission – The profile contains settings that are applied to a remote access connection if the conditions have been matched and permission has been allowed

25 Remote Access Policy Evaluation Evaluation conditions follows the same process for mixed mode domain and native mode domains After a condition match has been found, the permissions of the user attempting the connection must be evaluated Even if remote access permission is granted, it does not guarantee that a remote connection will be successful as some profile settings may interfere

26 Remote Access Policy Evaluation (continued)

27

28 Default Remote Access Policies Created by Microsoft First default policy listed is named Connections to Microsoft Routing and Remote Access Server Second default policy is named Connections to other access servers

29 Troubleshooting Remote Access Providing remote access is very complex Most problems are due to software configuration errors introduced by users and administrators Best troubleshooting tools include: –Log files –Error messages –Network Monitor –Ipconfig Hardware errors can also cause problems

30 Software Configuration Errors Common software configuration errors: –Incorrect phone numbers and IP addresses –Incorrect authentication settings –Incorrectly configured remote access policies –Name resolution is not configured –Clients receive incorrect IP options The fact that the remote access server leases 10 IP addresses from DHCP at startup is NOT an error

31 Hardware Errors Common hardware troubleshooting tips: –Ensure hardware is on the Microsoft hardware compatibility list –Use ping to determine if the address is reachable –See if you can dial in to a different remote access server –Ensure there is a link light on the network card

32 Troubleshooting Tools Ping utility is used to determine if a host is reachable Ipconfig utility used to confirm that the correct IP settings are being delivered to the remote access client Network Monitor can be used to perform packet captures which may provide some further clues as to the cause of some error Logging – Check event log if RRAS is unable to start or is not performing as expected – Can configure detailed connection logs

33 Network Address Translation Allows you to shield internal IP address ranges from public networks by allowing internal clients to access the Internet through a shared IP address 33

34 Introduction to Network Policy Server Network Policy Server (NPS) –Role service that provides a framework for creating and enforcing network access policies for client health –Can be used to perform: Configure a RADIUS server Configure a RADIUS proxy Configure and implement Network Access Protection (NAP) 34

35 Windows Server 2008 Editions and the NPS Console NPS Console –Central utility for managing RADIUS clients and remote RADIUS servers Network health and access policies NAP settings for NAP scenarios Logging settings 35


Download ppt "Objectives Configure routing in Windows Server 2008 Configure Routing and Remote Access Services in Windows Server 2008 Network Address Translation 1."

Similar presentations


Ads by Google