Download A Guide to Designing and Implementing Local and Wide Area

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

Document related concepts
no text concepts found
Transcript
Routing and Remote
Access Service
(Week 15, Friday 4/21/2006)
© Abdou Illia, Spring 2006
1
Learning Objectives
Introducing RRAS
 Enabling RRAS
 Configuring RRAS
 Monitoring RRAS
 Creating Remote Access Policies

2
Remote Access Service
Remote Access Server
Remote Access Server
3
Routing & Remote Access Service
Modem
W2K
Server
LAN
NIC NIC
Client PC
Internet
VPN
Modem
ISP
4
Enabling RRAS
RRAS automatically installed during W2K
server installation
 But RRAS is disabled by default
 You must enable RRAS and configure it to:

 Setup
a network router
 Setup a RAS server
 Setup a Virtual Private Network (VPN) server
5
Enabling RRAS
1.
2.
3.
4.
5.
6.
7.
8.
Click Start/Programs/Administrative Tools
Click Routing and Remote Access
In the console tree, select the server on which you want
to activate RRAS
Click Action/Configure and Enable Routing and Remote
Access to open the RRAS setup wizard
Click Next to open the Common Configurations screen
Click Manually Configured Server to enable the server
with default settings
Click Next, then Finish
When asked “Do you want to start the RRAS?”, click
Yes.
6
Configuring RRAS
When RRAS is manually enabled, the
default settings apply.
 You can configure RRAS according to your
requirements at a later date.
 To configure RRAS, you use the Properties
dialog box (Right-click server, click
Properties)

7
Configuring RRAS
Note: Tabs depend on
protocols installed on
your server
8
Configuring RRAS
General
Security
IP
PPP
Event
Logging
Used to specify whether server will be configured
as a router for LAN only, as a router for a LAN
and demand-dial routing, as a RAS, or both a
router and a RAS
Used to choose one of two types of authentication
providers to validate remote access clients
Used to specify settings for the IP protocols (e.g.
method for distributing IP addresses to remote
clients.
Used to configure Point-to-Point Protocol to
specify whether a remote client can establish
multilink connections
Used to manage and monitor a RRAS server by
selecting the type of event to record.
9
Configuring RRAS
1.
2.
3.
4.
5.
6.
7.
Open Routing and Remote Access console if necessary
Right-click RRAS server and click Properties
Notice the default selections in the General tab.
Click the IP tab. Make sure that the Enable IP routing and the
Allow IP-based remote access and demand-dial connections
check boxes are selected. Note: if you allow IP routing, dialup clients can access the entire LAN. If you only want to allow
dial-up clients to access resources on the RRAS server, clear
this check box.
Click the Security tab. Windows Authentication is the default
provider and Windows accounting is the accounting provider
by default.
Click the Event Logging tab. You should select the Log the
maximum amount of information option button and the Enable
Point-to-Point (PPP) logging check box if you want to
troubleshoot connection problems.
10
Click OK to close the Properties dialog box.
Monitoring RRAS

In the server Status node in the Routing and
Remote Access console, you can verify:
 the
state of the server (started, Stopped, Paused)
 The type of server
 The number of ports in use
 The Up time (length of time server has been running
since RRAS server was last started).

The log files that contains the monitoring data
are stored by default in the
%systemroot%\systems32\LogFiles folder,
11
Monitoring RRAS
1.
2.
3.
4.
5.
6.
7.
8.
Open Routing and Remote Access console if necessary
Double-click the RRAS server to expand the node. Select
Remote Access Logging.
Right-click Local File in the Details pane and click Properties
On the Settings tab of the Local File Properties dialog box,
select Log Accounting Requests to capture accounting
requests and responses
Select Log Authentication requests to capture authentication
requests such as access-accept packets, and access-reject
packets.
Click the Local File tab to specify a time period for the log file.
Click the Monthy option button in the New Log Time Period
section
Click OK to close the Local File Properties dialog box.
Note: Can use the Net Shell (Netsh) command-line utility to manage and troubleshoot RRAS.
12
Creating a Remote Access Policy

Remote Access Policies are used to:
 Control
what connections attempts will be rejected
 Determine which users can access the network and to
prevent unauthorized access.
 Determine connection time, etc.

Three components in Remote Access Policy:
 Conditions,

Permissions, and Profile.
Remote Access Policies are usually stored
locally on the RRAS server. They are not stored
in Active Directory.
13
Creating a Remote Access Policy
1.
2.
3.
4.
5.
6.
7.
Open Routing and Remote Access console if necessary
Double-click the RRAS server to expand the node, if
necessary, and select the Remote Access policies node.
Notice that there is a default policy named Allow access if
dial-in permission is enabled.
Click Action/New Remote Access Policy to open the Add
Remote Access Policy wizard.
Type Srvdcxx Remote Access Policy in the Policy Friendly
name text box.
Click Next to open the Conditions screen. Click Add… to
open the Select Attribute dialog box.
Select Day-and-Time restrictions in the name column and
click Add… to open the Time of day constraints dialog
box.
Restrict access to the RRAS to M-F from 9AM to 6PM.
14
Creating a Remote Access Policy (cont.)
8.
9.
10.
11.
12.
13.
14.
15.
Click OK
Click Add… to reopen the Select Attribute dialog box.
Double-click Windows-Groups to open the Groups dialog
box.
Click Add... To open the Select Groups dialog box. Select
Domain Users group of your domain and click Add…
Click OK to close the Select Groups dialog box. Click OK
to close the Groups dialog box.
Click Next to open the Permissions screen.
Select the Grant remote access permission option button.
Click Next to open the User profile screen.
Click Finish because we will not create the profile in this
exercise.
Note: Can use the Net Shell (Netsh) command-line utility to manage and troubleshoot RRAS.
15