Implementing Remote Access and Virtual Private Networks

March 25, 2006

Routing and Remote Access Service (RRAS) enables remote network clients to establish a remote connection with a RRAS server. After the connection is established, the remote client functions just like a locally connected network client. The user can browse the network, use permitted resources, connect to other servers — anything a locally connected client can do — provided that the RRAS client has appropriate permissions. In recent years, RRAS has grown in importance as increasing numbers of users work from laptops in different locations.

Enabling remote access
The Setup program installs RRAS by default on Windows 2000 servers when you perform an initial installation. However, Setup does not enable RRAS. In order to set up and implement RRAS, you have to enable it by using the Routing and Remote Access Server Setup wizard.

1. Click Start –> Programs –> Administrative Tools –> Routing and Remote Access.

2. In the console, select your server and then choose Action –> Configure and Enable Routing and Remote Access.

3. Click Next on the wizard’s welcome screen.

4. In the wizard’s Common Configurations dialog box, select the type of remote access server you want to install and then click Next.

5. Verify the required protocols in the list provided.
Typically, you need TCP/IP, but you may need others depending on your network clients. Click Next.

6. In the IP Address Assignment dialog box, specify how you want IP addresses assigned to remote clients — either automatically or from a specified range — and then click Next.

If you choose to have IP addresses assigned automatically, remote clients get an IP address through DHCP. If you want to have the addresses assigned from a specified range, enter an IP address range to assign to remote clients.

7. Indicate whether you want to enable RADIUS and then click Next.

Remote Authentication Dial-In User Service (RADIUS) provides a central authentication database for multiple remote access servers and collects accounting information about remote connections. You can set up this remote access server to use an existing RADIUS server if you so choose.

8. Click Finish.

Windows 2000 starts the Routing and Remote Access Service.After you enable RRAS, you can further configure the server by accessing its Properties dialog box. In the Routing and Remote Access console, select your server and then choose Action –> Properties.

Configuring the General tab
The General tab in the server’s Properties dialog box gives you two options. First, you can choose to enable your server as a router. If you select this option, you can choose to allow only local LAN routing, or you can choose to allow LAN and demand-dial routing. Next, you can choose to enable your server as a remote access server. These options simply enable you to use your server as both a routing server and a remote access server, or either one, as desired.

Configuring the Security tab
On the Security tab in the server’s Properties dialog box, you can select the security and accounting provider. You can select either Windows authentication and accounting or RADIUS authentication and accounting. If you choose to implement RADIUS, click Configure to connect to a RADIUS server.

For Windows authentication, click Authentication Methods and then select the type of Windows authentication you want to use for remote access. You have the following options, and you need to know them for the exam:

Extensible authentication protocol (EAP): Allows the use of third-party authentication software and is also used for smart-card logon.
MS-CHAP V2: Generates encryption keys during RRAS authentication negotiation.
MS-CHAP: An earlier version of CHAP that provides secure logon.
Shiva Password Authentication Protocol (SPAP): Used by Shiva clients connecting to a Windows 2000 RRAS Server. SPAP is more secure than clear text, but less secure than CHAP.
Unencrypted password (PAP): No encryption required.
Unauthenticated access: No authentication used.

Configuring the IP tab

On the IP tab in the server’s Properties dialog box, you can enable IP routing and allow IP-based remote access and demand-dial connections. You can choose to implement DHCP IP leases for remote clients or you can enter a static IP address pool. These are the same options you configure with the RRAS Setup wizard, but you can use this tab to make changes as necessary.
Configuring the PPP tab

The PPP tab in the server’s Properties dialog box gives you three main check boxes for Point to Point Protocol features you can enable.
Configuring the Event Logging tab

The Event Logging tab in the server’s Properties dialog box provides an effective way to monitor your remote access server through the use of log files.
The Event Logging tab has several radio buttons so you can choose to log the kind of information desired, such as errors, warnings, and PPP logging. If you are experiencing problems with your remote access server, these different logging options can help you pinpoint the problem.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: