Microsoft Windows 2000: Routing and Remote Access Configuration and Troubleshooting Clay Seymour Sup

1
Microsoft Windows 2000 Routing and Remote
Access Configuration and Troubleshooting Clay
SeymourSupport ProfessionalMicrosoft Platforms
SupportMicrosoft Corporation
2
What is Routing and Remote Access?

• Successor to Microsoft Windows NT 4.0 Remote
  Access Service (RAS)
• Add-on feature for Windows NT 4.0 also called
  Routing and Remote Access (RRAS)
• High performance service that allows one computer
  to handle remote users through dial-up or VPN,
  routing between branch offices, routing to the
  Internet, and routing between network segments

3
Configuring an RRAS Server

• Open the Routing and Remote Access tool from
  Administrative Tools
• Right-click on your server name to run the wizard

4
Options for Configuring RRAS

• The wizard will prompt to choose from one of the
  five options below, covered in the following
  slides

5
Internet Connection Server

• This option walks you through setting up Network
  Address Translation
• If you are not in a domain, it will ask if you
  want to set up simple ICS instead
• Allows you to create a demand dial connection to
  your ISP
• Asks if you want to set up the DHCP Allocator and
  DNS Proxy

6
Address Pool

• Configured after the wizard
• Properties of external network interface

7
Address Pool (2)

• IP to IP mapping Terminal Server,
  multipurpose server

8
Special Ports

• Configured after wizard
• Properties of external network interface
• Port to IP mapping FTP server, WWW server

9
Remote Access Server

• This option helps configure a RAS server
• If you are not in a domain, it will ask if you
  want to set up simple incoming connections
  instead
• Allows you to select how you want to handle IP
  address assignment
• Asks if you want to use a radius server for
  authentication (IAS)

10
Remote Access Server (2)

• It will set up all modem and ISDN devices for
  dial-in, and also five PPTP and five L2TP
  connections (you can add more later)
• Configures DHCP relay agent automatically so RAS
  clients will use DHCP inform
• Configures IGMP so RAS clients can run multicast
  applications over their connection
• Configures a default Remote Access Policy

11
Virtual Private Network Server

• This option helps configure a VPN server
• Asks similar questions to RAS server setup
• Asks for which interface is your Internet
  connection
• Must have an Internet connection through a
  network card
• Will not work if you have only one network card
  in the computer

12
Virtual Private Network Server (2)

• Configures 128 PPTP and 128 L2TP connections (you
  can change this later)
• Configures DHCP Relay, IGMP, and RAS policies
  just like RAS server
• Configures IP filters on the selected Internet
  interface so it accepts only PPTP and L2TP
  connections

13
Network Router

• Configures a basic IP or IPX network router
• Allows you to configure for demand-dial
  connections
• You must add and configure routing protocols
  later (IGMP, NAT, DHCP, RIP, OSPF)

14
Manually Configured Server

• Use this option if you just want to start RRAS
  with default options
• Routing for LAN and demand-dial is turned on
• RAS server with default settings is installed
• Configures DHCP Relay, IGMP, and RAS policies,
  just like RAS server
• Configures for five PPTP and five L2TP connections

15
Important to Remember

• After you have run the RRAS wizard and configured
  your server, you can still change it later
• You can easily make a VPN-only server a RAS
  server or router later on by removing the IP
  filters
• You can add additional routing protocols after
  you are configured for NAT

16
Remote Access Server Setup with PPTP, L2TP, ISDN,
and Modems
17
Troubleshooting Common Issues

• General issues
• VPN/routing Issues
• NAT issues

18
General Issues

• Manually configured server
• Remote registry service
• DOD static route
• Browsing

19
VPN/Routing Issues

• Firewalls/routers must allow GRE traffic on port
  1723
• Use the same IP scheme as the local network for
  RRAS
• PPP logging - Q234014

20
VPN/Routing Issues (2)

• Set adapter to use internal interface

21
Troubleshooting NAT

• NAT address assignment and name resolution

22
Troubleshooting NAT (2)

• Internet connection sharing cannot be used in
  conjunction with NAT
• Public and private interface
• Obvious but common be sure the adapters
  selected are correct

23
Where To Go for More Information

• Windows 2000 Help
• Easily accessed in Windows 2000
• Also available online at http//www.microsoft.com/
  windows2000/techinfo/proddoc/default.asp
• Windows 2000 Resource Kit documentation
• Windows 2000 white papers at http//www.microsoft.
  com/technet/win2000
• More information on Windows 2000 can be found at
  http//www.microsoft.com/windows2000
• Older information on RRAS, RAS, VPN at
  http//www.microsoft.com/ntserver/techresources/co
  mmnet/default.asp

24
Thank you for joining us for todays Microsoft
Support WebCast. For information about all
upcoming Support WebCasts and access to the
archived content (streaming media files,
PowerPoint slides, and transcripts), please
visit http//support.microsoft.com/webcasts/ We
sincerely appreciate your feedback. Please send
any comments or suggestions regarding the
Support WebCasts to feedback_at_microsoft.com and
include Support WebCasts in the subject line.