Windows Server 2003 RRAS ????????? - PowerPoint PPT Presentation

About This Presentation
Title:

Windows Server 2003 RRAS ?????????

Description:

IGMP Router and Proxy. NAT / Basic Firewall. Open ... Trailer. L2TP/IPSec. Encrypted by IPSec. Signed. Private. Network. Configuring Inbound Connections ... – PowerPoint PPT presentation

Number of Views:281
Avg rating:3.0/5.0
Slides: 47
Provided by: Micro244
Category:
Tags: rras | server | trailer | windows

less

Transcript and Presenter's Notes

Title: Windows Server 2003 RRAS ?????????


1
Windows Server 2003RRAS ?????????
  • ???
  • jeffl_at_ms11.hinet.net

2
Routing and Remote Access
  • Routing
  • DHCP Relay Agent
  • IGMP Router and Proxy
  • NAT / Basic Firewall
  • Open Shortest Path First (OSPF)
  • RIP Version 2 for Internet Protocol
  • Remote Access
  • Dial-up
  • VPN

3
How Dial-up Network Access Works
Dial-up networking is the process of a remote
access client making a temporary dial-up
connection to a physical port on a remote access
server by using the service of a
telecommunications provider
Remote Access Server
Domain Controller
Dial-up Client
4
Connecting to a Virtual Private Network
Corporate Network
Network Adapter Connected to the Internet
Network Adapter Connected to the Local Network
VPN Server
Internet
Tunnel
VPN Client
5
How a VPN Connection Works
A VPN extends the capabilities of a private
network to encompass links across shared or
public networks, such as the Internet, in a
manner that emulates a point-to-point link
VPN Server
Domain Controller
VPN Client
Transit Network
6
Encryption Protocols for a VPN Connection
Category Description
MPPE PPTP Employs user-level Point-to-Point Protocol (PPP) authentication methods and Microsoft Point-to-Point Encryption (MPPE) for data encryption
IPSec L2TP Employs user-level PPP authentication methods over a connection that is encrypted with IPSec Recommended authentication method for VPN network access is L2TP/IPSec with certificates
Examples of Remote Access Server Using VPN
7
Selecting a Tunneling Protocol
PPP Frame
PPTP
RemoteResource Server
Secure Tunnelover ExistingNetwork
Private Network
RemoteAccessServer
Client
L2TP/IPSec
PPP Frame
IPHeader
IPSecESPHeader
UDPHeader
L2TPHeader
PPPHeader
PPP Payload(IP Datagram, IPX Datagram)
IPSec ESPTrailer
IPSecAuthTrailer
Encrypted by IPSec
Signed
8
Configuring Inbound Connections
9
Configuring a Remote Access Server
10
Configuring a RRAS Port
11
Configuring Server Properties
12
Bandwidth Allocation Protocol
Multilink Without BAP
Remote Access Server
A
Client C Cannot Connect
B
C
Multilink with BAP
Remote Access Server
A
Client C Can Connect
B
C
Connection Switches on Demand
13
What Is a Remote Access Policy?
A remote access policy is a named rule that
consists of the following elements
  • Conditions. One or more attributes that are
    compared to the settings of the connection
    attempt
  • Remote access permission. If all conditions of a
    remote access policy are met, remote access
    permission is either granted or denied
  • Profile. A set of properties that are applied to
    a connection when it is authorized (either
    through the user account or policy permission
    settings)

14
Following Policy Evaluation Logic
15
User Account Dial-in Properties
Dial-In Properties
16
Remote Access Policy Conditions
Attributes
17
What Is a Remote Access Policy Profile?
Remote Access User
18
Authenticating Remote Access Clients
Select When Providing Encrypted Authentication
MS-CHAP For Windows 95, Windows 98, or Windows NT 4.0
MS-CHAP V2 For Windows 2000, Windows XP, Windows Server 2003
EAP-TLS By using a smart card and the remote access clients are equipped with smart card readers
CHAP For a mixture of operating systems (UNIX, Mac)
SPAP For Shiva LAN Rover remote access clients
PAP When no other protocol is supported
19
Extensible Authentication Protocols
  • Allows the Client and Server to Negotiate the
    Authentication Method That They Will Use
  • Supports Authentication by Using
  • MD5-CHAP
  • Transport Layer Security
  • Additional third-party authentication methods
  • Ensures Support of Future Authentication Methods
    Through an API

20
Remote Authentication Dial-In User Service
21
What Is RADIUS?
RADIUS is a widely deployed protocol, based on a
client/server model, that enables centralized
authentication, authorization, and accounting for
network access
  • RADIUS is the standard for managing network
    access for VPN, dial-up, and wireless networks
  • Use RADIUS to manage network access centrally
    across many types of network access
  • RADIUS servers receive and process connection
    requests or accounting messages from RADIUS
    clients or proxies

22
What Is IAS?
IAS, a Windows Server 2003 component, is an
industry-standard compliant RADIUS server. IAS
performs centralized authentication,
authorization, auditing, and accounting of
connections for VPN, dial-up, and wireless
connections
23
IAS as an Authentication Server
  • Centralized remote access policies
  • Authentication provider

ISP
RRAS
IAS
Internet
RRAS
CentralOffice
Remote Office
Windows Server 2003 Domain Controller
24
How Centralized Authentication Works
Remote Access Server
Remote Access Client
RADIUS Server
25
Wireless Solution Considerations
26
Configuring an IAS Server
Use an IP address, if possible
Select Microsoft if using Routing and Remote
Access
27
Configuring a RRAS to Use RADIUS
Change to RADIUS Authentication
Enter the Server Name
28
Routing and Remote Access Logging
Type of logging Description
Event logging Records remote access server errors, warnings, and other detailed information in the system event log
Local authentication and account logging Tracks usage and authentication attempts on the local remote access server
RADIUS-based authentication and account logging Tracks remote access usage and authentication attempts centrally on the RADIUS server
29
What Are Routing Interfaces?
A routing interface is an interface over which IP
packets are forwarded


30
What is IP Routing?
  • The Process of Sending Packets Through Routers to
    Other Networks
  • A Routing Table Defines Paths to Other Networks

31
Build Routing Tables
32
What Are Routing Tables?
A routing table is a series of entries called
routes that contain information about the
location of the network IDs in the internetwork
33
Example of Routing Table
10.7.0.0/16 10.7.1.253 10.0.0.0/8 10.7.1.1
Default Gateway 10.7.1.254
34
Configuring Static IP Routes
35
Examining the Role of Demand-Dial
Routing
36
Creating a Demand-Dial Interface
37
Static vs. Dynamic IP Routing
  • Static Routing
  • Routers do not share routing information.
  • Routing tables are built manually.
  • Dynamic Routing
  • Routers share routing information automatically.
  • Routing tables are built dynamically.
  • Requires a routing protocol, such as RIP or OSPF.

38
What Are Routing Protocols?
A routing protocol is a set of messages that
routers use to determine the appropriate path to
forward data
RIP
OSPF
  • Designed for small to medium-size networks
  • Uses a routing table
  • Easier to configure and manage
  • Does not scale well
  • Designed for large to very large networks
  • Uses a link-state database
  • Complex to configure and manage
  • Operates efficiently in large networks

39
Routing and Routed Protocols
  • Routing Protocols
  • RIP, OSPF, EGP, BGP, HELO
  • SAP (IPX/SPX), RTMP (AppleTalk)
  • Routed Protocols
  • TCP/IP, IPX/SPX, AppleTalk

40
What Is Packet Filtering?
  • Packet filtering specifies what type of traffic
    is allowed into and out of a router
  • A packet filter is a TCP/IP configuration setting
    that is designed to allow or deny inbound or
    outbound packets

Router
Inbound Filter
Outbound Filter
Use packet filtering to
  • Prevent access by unauthorized users
  • Prevent access to resources
  • Improve performance by preventing unnecessary
    packets from traveling over a slow connection

41
How Packet Filters Are Applied
Packet
Router




Component Example
Source network
Destination network
Protocol
192.168.0.48
Inbound Exclusion Filter
192.168.0.32
Component Example
Source network
Destination network
Protocol
UDP
Any
192.168.0.32
UDP
Action Drop
42
Configuring Network Address Translation
43
What Is a DHCP Relay Agent?
A DHCP relay agent is a computer or router
configured to listen for DHCP/BOOTP broadcasts
from DHCP clients and then relay those messages
to DCHP servers on different subnets
DHCP Server
DHCP Relay Agent
Unicast
Broadcast
Broadcast
Subnet A
Subnet B
Routers Non-RFC 1542 Compliant
Client
Client
Client
Client
44
DHCP Relay Agent Hop Count
The hop count threshold is the number of routers
that the packet can be transmitted through before
being discarded
DHCP Relay Agent 2
Hop Count 2
DHCP Relay Agent 1
DHCP Server
45
DHCP Relay Agent Boot Threshold
The boot threshold is the length of time in
seconds that the DHCP Relay Agent will wait for a
local DHCP server to respond to client requests
before forwarding the request
DHCP Server 2
Boot Threshold 10 seconds
DHCP Relay Agent
Local DHCP Server
DHCP Server 3
46
Including the IGMP Routing Protocol
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Windows Server 2003 RRAS ?????????" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!