chapter 12 chapter 12: remote access and virtual private networks
TRANSCRIPT
Chapter 12
Chapter 12:Chapter 12:Remote Access and Virtual Remote Access and Virtual
Private NetworksPrivate Networks
Chapter 12:Chapter 12:Remote Access and Virtual Remote Access and Virtual
Private NetworksPrivate Networks
Chapter 12
Learning ObjectivesLearning ObjectivesLearning ObjectivesLearning Objectives
Explain how remote access and virtual Explain how remote access and virtual private network (VPN) services workprivate network (VPN) services work
Explain how to implement remote Explain how to implement remote access communications devices and access communications devices and protocolsprotocols
Configure remote access services, Configure remote access services, security, dial-up connectivity, and client security, dial-up connectivity, and client accessaccess
Chapter 12
Learning Objectives (continued)Learning Objectives (continued)Learning Objectives (continued)Learning Objectives (continued)
Configure VPN services, security, dial-Configure VPN services, security, dial-up connectivity, and client accessup connectivity, and client access
Troubleshoot remote access, VPN Troubleshoot remote access, VPN services, and client connectivityservices, and client connectivity
Chapter 12
Early Remote Access MethodsEarly Remote Access MethodsEarly Remote Access MethodsEarly Remote Access Methods
An early method for accessing a An early method for accessing a network, which is still used, is to network, which is still used, is to connect to a workstation through remote connect to a workstation through remote access software such as Carbon Copyaccess software such as Carbon Copy
Chapter 12
Accessing a Workstation Accessing a Workstation Remotely Remotely
Accessing a Workstation Accessing a Workstation Remotely Remotely
Figure 12-1 Remotely accessing a workstations on a networkFigure 12-1 Remotely accessing a workstations on a network
M odem
Ethernet
W orkstation W orkstation
Server
M odem
W orkstation
Telephone line
Chapter 12
Microsoft Remote Access Microsoft Remote Access Microsoft Remote Access Microsoft Remote Access
A modern way to access a network A modern way to access a network remotely is by using Microsoft Remote remotely is by using Microsoft Remote Access Services (RAS) in Windows Access Services (RAS) in Windows 2000 Server2000 Server
Chapter 12
Using RASUsing RASUsing RASUsing RAS
Figure 12-2 Figure 12-2 Remotely accessing a Remotely accessing a
network through network through Microsoft RASMicrosoft RAS
M odem
Telephone line
Ethernet
C lientworkstation
C lientworkstation
M odem
M odem
M odem
Telephone line
W indows 2000 serverwith RASNetW are server
Chapter 12
Virtual Private NetworkVirtual Private NetworkVirtual Private NetworkVirtual Private Network
Virtual private network: A private Virtual private network: A private network that is like a tunnel through a network that is like a tunnel through a larger network – such as the Internet, larger network – such as the Internet, an enterprise network, or both – that is an enterprise network, or both – that is restricted only to designated member restricted only to designated member clientsclients
Chapter 12
Planning TipPlanning TipPlanning TipPlanning Tip
Use a VPN to save money on modems Use a VPN to save money on modems and telephone lines for remote access to and telephone lines for remote access to a networka network
Chapter 12
VPN ArchitectureVPN ArchitectureVPN ArchitectureVPN Architecture
Figure 12-3 Figure 12-3 VPN network VPN network
architecturearchitecture
Subnet 177.28.44
Subnet 177.28.23Subnet 177.28.7
Subnet 177.28.19
Modem
W indows 2000 Serverwith VPN/IIS
Modem
T-3 line
Frame relay line
Internet
In ternet
W indows 2000servers
W eb server
Telephone line
Telephone line
Router
Router Router
VPN tunnels
VPN tunnel
177.28.44.129
177.28.23.10
VPN Tunnels
Chapter 12
Operating Systems Than Can Operating Systems Than Can Connect to RAS Connect to RAS
Operating Systems Than Can Operating Systems Than Can Connect to RAS Connect to RAS
MS-DOSMS-DOS Windows 3.1 and 3.11Windows 3.1 and 3.11 Windows NT (all versions)Windows NT (all versions) Windows 95Windows 95 Windows 98Windows 98 Windows 2000 Server and ProfessionalWindows 2000 Server and Professional
Chapter 12
Connection Types Connection Types Supported by RASSupported by RAS Connection Types Connection Types Supported by RASSupported by RAS
Asynchronous modemsAsynchronous modems Synchronous modems through an access Synchronous modems through an access
serverserver Null modem connectionsNull modem connections Regular dial-up telephone linesRegular dial-up telephone lines Leased telecommunications lines, such Leased telecommunications lines, such
as T-carrieras T-carrier
Chapter 12
Connection Types Connection Types Supported by RAS (continued)Supported by RAS (continued)
Connection Types Connection Types Supported by RAS (continued)Supported by RAS (continued)
ISDN lines (and digital modems)ISDN lines (and digital modems) X.25 linesX.25 lines DSL linesDSL lines Frame relay linesFrame relay lines
Chapter 12
T-CarrierT-CarrierT-CarrierT-Carrier
T-carrier: A dedicated leased telephone T-carrier: A dedicated leased telephone line that can be used for data line that can be used for data communications over multiple channels communications over multiple channels for speeds of up to 44.736 Mbps and for speeds of up to 44.736 Mbps and beyondbeyond
Two common varieties of T-carrier are:Two common varieties of T-carrier are: T-1 at 1.544 MbpsT-1 at 1.544 Mbps T-3 at 44.736 MbpsT-3 at 44.736 Mbps
Chapter 12
Frame Relay Frame Relay Frame Relay Frame Relay
Frame relay: A WAN communications Frame relay: A WAN communications technology that relies on packet technology that relies on packet switching and virtual connection switching and virtual connection techniques to transmit at from 56 Kbps techniques to transmit at from 56 Kbps to 45 Mbpsto 45 Mbps
Chapter 12
ISDNISDNISDNISDN
Integrated Services Digital Network Integrated Services Digital Network (ISDN): A telecommunications standard (ISDN): A telecommunications standard for delivering data services over digital for delivering data services over digital telephone lines with a current practical telephone lines with a current practical limit of 1.536 Mbps and a theoretical limit of 1.536 Mbps and a theoretical limit of 622 Mbpslimit of 622 Mbps
Chapter 12
X.25X.25X.25X.25
An older packet-switching protocol for An older packet-switching protocol for connecting remote networks at speeds connecting remote networks at speeds up to 2.048 Mbpsup to 2.048 Mbps
Chapter 12
DSLDSL
Digital subscriber line (DSL): A Digital subscriber line (DSL): A technology that uses advanced technology that uses advanced modulation technologies on regular modulation technologies on regular telephone lines for high-speed telephone lines for high-speed networking at speeds of up to 60 Mbps networking at speeds of up to 60 Mbps between subscribers and a between subscribers and a telecommunications companytelecommunications company
Chapter 12
Telephony InterfacesTelephony Interfaces
RAS supports telephony interfaces that RAS supports telephony interfaces that include:include: Universal Modem Driver: A modem driver Universal Modem Driver: A modem driver
standard used on recently developed modemsstandard used on recently developed modems Telephone Application Programming Interface: Telephone Application Programming Interface:
An interface for communication line devices An interface for communication line devices (such as modems) that provides line device (such as modems) that provides line device functions, such as call holding, call receiving, functions, such as call holding, call receiving, call hang-up, and call forwardingcall hang-up, and call forwarding
Chapter 12
Transport and Remote Communication Protocols
Transport and Remote Communication Protocols
RAS supports protocols such as:RAS supports protocols such as: TCP/IPTCP/IP NWLink NWLink NetBEUINetBEUI PPPPPP PPTPPPTP L2TPL2TP
Chapter 12
Using ModemsUsing Modems
One of the most common ways to One of the most common ways to connect through RAS is by using connect through RAS is by using modems either at the RAS server end, modems either at the RAS server end, the client end, or boththe client end, or both
Cable TV modems are another Cable TV modems are another possibility, but verify that the end-to-end possibility, but verify that the end-to-end connections can be made secureconnections can be made secure
Chapter 12
ISDN ConnectivityISDN Connectivity
Digital “modems” can be used to connect Digital “modems” can be used to connect a RAS server to ISDN, but these are a RAS server to ISDN, but these are really terminal adapters (TAs) and not really terminal adapters (TAs) and not modems, because ISDN is digital and modems, because ISDN is digital and does not use modulation/demodulationdoes not use modulation/demodulation
A design advantage of ISDN is that you A design advantage of ISDN is that you can aggregate multiple lines to appear as can aggregate multiple lines to appear as one super fast connectionone super fast connection
Chapter 12
Access ServerAccess Server
An effective way to connect different An effective way to connect different telecommunications and WAN media to RAS telecommunications and WAN media to RAS is through an access serveris through an access server
For example, an access server can provide For example, an access server can provide the following types of connectivity:the following types of connectivity: ModemsModems ISDNISDN X.25X.25 T-carrierT-carrier
Chapter 12
Access Server ArchitectureAccess Server Architecture
Figure 12-4 Figure 12-4 Using an Using an
access serveraccess server
Ethernet
Modem
W indows 2000 Serverwith RAS
Modem
ISDN line
X.25 line
Modular access server
Telecom m unicationsnetwork
Telecom m unicationsnetwork
ISD
N li
ne
Leasedtelecom m unications
connection
Leasedtelecom m unications
connection
T-1 line
Chapter 12
Remote Access ProtocolsRemote Access Protocols
Serial Line Internet Protocol (SLIP): An older Serial Line Internet Protocol (SLIP): An older remote communications protocol that is used remote communications protocol that is used by UNIX computers. The modern by UNIX computers. The modern compressed SLIP (CSLIP) version uses compressed SLIP (CSLIP) version uses header compression to reduce header compression to reduce communications overhead.communications overhead.
Point-to-Point Protocol (PPP):Point-to-Point Protocol (PPP): A widely used A widely used remote communication protocol that supports remote communication protocol that supports IPX/SPX, NetBEUI, and TCP/IP for point-to-IPX/SPX, NetBEUI, and TCP/IP for point-to-point communication.point communication.
Chapter 12
SLIP and PPP ComparedSLIP and PPP Compared
Feature SLIP PPPNetwork protocol support TCP/IP TCT/IP, IPX/SPX, and
NetBEUIAsynchronous communications support Yes YesSynchronous communications support No YesSimultaneous network configurationnegotiation and automatic connection withmultiple levels of the OSI model between thecommunicating nodes
No Yes
Support for connection authentication to guardaginst eavesdroppers
No Yes
Table 12-1 SLIP and PPP Compared
Chapter 12
Remote Access Protocols (continued)
Remote Access Protocols (continued)
Point-to-Point Tunneling Protocol Point-to-Point Tunneling Protocol (PPTP): A remote communication (PPTP): A remote communication protocol that enables connectivity to a protocol that enables connectivity to a network through the Internet and network through the Internet and connectivity through intranets and VPNsconnectivity through intranets and VPNs
Chapter 12
Remote Access Protocols (continued)
Remote Access Protocols (continued)
Layer Two Tunneling Protocol (L2TP): A Layer Two Tunneling Protocol (L2TP): A protocol that transports PPP over a VPN, protocol that transports PPP over a VPN, intranet, or Internet. L2TP works similarly intranet, or Internet. L2TP works similarly to PPTP, but unlike PPTP, L2TP uses an to PPTP, but unlike PPTP, L2TP uses an additional network communications additional network communications standard, called Layer Two Forwarding, standard, called Layer Two Forwarding, that enables forwarding on the basis of that enables forwarding on the basis of MAC addressingMAC addressing
Chapter 12
General RAS Configuration Steps
General RAS Configuration Steps
Configure a Windows 2000 server with Configure a Windows 2000 server with RAS, including the appropriate protocolsRAS, including the appropriate protocols
Configure a DHCP Relay Agent (if IP Configure a DHCP Relay Agent (if IP addresses are assigned via DHCP)addresses are assigned via DHCP)
Configure RAS securityConfigure RAS security Configure a dial-up and remote connectionConfigure a dial-up and remote connection Configure RAS on client workstationsConfigure RAS on client workstations
Chapter 12
Configuring RASConfiguring RAS
Use the Routing and Remote Access tool Use the Routing and Remote Access tool to install RASto install RAS
Chapter 12
Installing RASInstalling RAS
Figure 12-5 Configuring routing and RASFigure 12-5 Configuring routing and RAS
Chapter 12
Installing RAS (continued)Installing RAS (continued)
Figure 12-6 Selecting the option to install RASFigure 12-6 Selecting the option to install RAS
Chapter 12
Routing and Remote Access Options
Routing and Remote Access Options
Option Description
Internet connection server Use this option so that networked computers in addition to the server can connect to the
Internet, which is especially useful in a small office environment in which all users need
Internet access, but there is only one dial-up, ISDN, or other outside line to an ISP
Remote access server Use this option to set up remote access services to the network through the Windows
2000 server
Virtual private network
(VPN) server
Use this option when you have an intranet (VPN) that you want users to be able to
access through a remote connection or the Internet
Network router Use this option to have Windows 2000 Server function as a router on the network –
directing traffic to other networks or subnetworks
Manually configure the
server
Use this option when you want to customize the routing and remote access capabilities
Chapter 12
Installing RAS (continued)Installing RAS (continued)
Figure 12-7 IP address assignment optionsFigure 12-7 IP address assignment options
Chapter 12
RAS Installation TipRAS Installation Tip
If you configure RAS for AppleTalk, then If you configure RAS for AppleTalk, then users access RAS through the Guest users access RAS through the Guest account, which cannot have a passwordaccount, which cannot have a password
Chapter 12
RAS PropertiesRAS Properties
You can configure RAS properties after You can configure RAS properties after RAS is installed by right-clicking the RAS is installed by right-clicking the RAS server in the tree of the Routing RAS server in the tree of the Routing and Remote Access tool and then and Remote Access tool and then clicking Propertiesclicking Properties
Chapter 12
Viewing a RAS Server’s Properties
Viewing a RAS Server’s Properties
Figure 12-8 RAS server propertiesFigure 12-8 RAS server properties
Chapter 12
DHCP Relay AgentDHCP Relay Agent
If you configure RAS to use DHCP to assign IP If you configure RAS to use DHCP to assign IP addresses, then you must configure a DHCP addresses, then you must configure a DHCP Relay Agent:Relay Agent: Double-click the RAS server in the tree of the Double-click the RAS server in the tree of the
Routing and Remote Access toolRouting and Remote Access tool Click IP Routing in the treeClick IP Routing in the tree Right-click DHCP Relay Agent and click PropertiesRight-click DHCP Relay Agent and click Properties Enter the IP address of the RAS server, click Add, Enter the IP address of the RAS server, click Add,
and then click OKand then click OK
Chapter 12
MultilinkMultilink
If you plan to use an aggregated If you plan to use an aggregated connection, such as for ISDN or multiple connection, such as for ISDN or multiple modems, configure Multilink and modems, configure Multilink and Bandwidth Allocation Protocol in the RAS Bandwidth Allocation Protocol in the RAS Properties PPP tabProperties PPP tab
Chapter 12
Multilink and BAPMultilink and BAP
Multilink: A capability of RAS to aggregate multiple data Multilink: A capability of RAS to aggregate multiple data streams into one logical network connection for the streams into one logical network connection for the purpose of using more than one modem, ISDN channel, purpose of using more than one modem, ISDN channel, or other communication line in a single logical or other communication line in a single logical connectionconnection
Bandwidth Allocation Protocol (BAP): A protocol that Bandwidth Allocation Protocol (BAP): A protocol that works with Multilink in Windows 2000 Server that works with Multilink in Windows 2000 Server that enables the bandwidth or speed of a remote connection enables the bandwidth or speed of a remote connection to be allocated on the basis of the needs of an to be allocated on the basis of the needs of an application, with the maximum allocation equal to the application, with the maximum allocation equal to the maximum speed of all channels aggregated via Multilinkmaximum speed of all channels aggregated via Multilink
Chapter 12
BACPBACP
Bandwidth Allocation Control Protocol: Bandwidth Allocation Control Protocol: Similar to BAP, but BACP is able to select a Similar to BAP, but BACP is able to select a preferred client when two or more clients vie preferred client when two or more clients vie for the same bandwidthfor the same bandwidth
Chapter 12
Configuring Multilink and BAP/BACP
Configuring Multilink and BAP/BACP
Figure 12-9 Configuring Multilink and BAPFigure 12-9 Configuring Multilink and BAP
Chapter 12
Security Set at the ClientSecurity Set at the Client
Set up security on the client’s account Set up security on the client’s account properties via the Dial-in tab, including properties via the Dial-in tab, including whether to use a remote access policy for whether to use a remote access policy for security and callback securitysecurity and callback security
Chapter 12
Callback Options Callback Options
No Callback:No Callback: access is allowed on the access is allowed on the first dial-up attemptfirst dial-up attempt
Set By Caller:Set By Caller: the server calls back a the server calls back a number provided by the remote number provided by the remote computercomputer
Always Callback to:Always Callback to: the server calls the server calls back a number that has already been back a number that has already been entered in the Dial-in tabentered in the Dial-in tab
Chapter 12
Configuring Dial-in SecurityConfiguring Dial-in Security
Figure 12-10 Configuring dial-in security for a user accountFigure 12-10 Configuring dial-in security for a user account
Chapter 12
Remote Access PoliciesRemote Access Policies
Configure remote access policies and a Configure remote access policies and a profile to secure the RAS server and to profile to secure the RAS server and to manage access including:manage access including: Dial-in constraintsDial-in constraints IP address assignment rulesIP address assignment rules AuthenticationAuthentication EncryptionEncryption Allowing Multilink connectionsAllowing Multilink connections
Chapter 12
Configuring Remote Access Policies
Configuring Remote Access Policies
Figure 12-11 Granting remote access as a RAS policyFigure 12-11 Granting remote access as a RAS policy
Chapter 12
Authentication OptionsAuthentication Options
There are several authentication options There are several authentication options that can be set in a remote access that can be set in a remote access policies profile:policies profile: Extensible Authentication Protocol (EAP):Extensible Authentication Protocol (EAP):
An authentication protocol employed by An authentication protocol employed by network clients that use special security network clients that use special security devices such as smart cards, token cards, devices such as smart cards, token cards, and others that use certificate and others that use certificate authenticationauthentication
Chapter 12
Authentication Options (continued)
Authentication Options (continued)
Challenge Handshake Authentication Protocol (CHAP): Challenge Handshake Authentication Protocol (CHAP): An encrypted handshake protocol designed for An encrypted handshake protocol designed for standard IP- or PPP-based exchange of passwords. It standard IP- or PPP-based exchange of passwords. It provides a reasonably secure, standard, cross-platform provides a reasonably secure, standard, cross-platform method for sender and receiver to negotiate a method for sender and receiver to negotiate a connection.connection.
CHAP with Microsoft extensions (MS-CHAP): A CHAP with Microsoft extensions (MS-CHAP): A Microsoft-enhanced version of CHAP that can Microsoft-enhanced version of CHAP that can negotiate encryption levels and that uses the highly negotiate encryption levels and that uses the highly secure RSA RC4 encryption algorithm to encrypt secure RSA RC4 encryption algorithm to encrypt communications between client and hostcommunications between client and host
Chapter 12
Authentication Options (continued)
Authentication Options (continued)
CHAP with Microsoft extensions version 2 (MS-CHAP with Microsoft extensions version 2 (MS-CHAP v2): An enhancement of MS-CHAP that CHAP v2): An enhancement of MS-CHAP that provides better authentication and data provides better authentication and data encryption and that is especially well suited for encryption and that is especially well suited for VPNsVPNs
Password Authentication Protocol (PAP): A non-Password Authentication Protocol (PAP): A non-encrypted plain-text password authentication encrypted plain-text password authentication protocol. This represents the lowest level of protocol. This represents the lowest level of security for exchanging passwords via PPP or security for exchanging passwords via PPP or TCP/IP TCP/IP
Chapter 12
Authentication Options (continued)
Authentication Options (continued)
Silva’s Password Authentication Protocol Silva’s Password Authentication Protocol (SPAP): A version of PAP that is used for (SPAP): A version of PAP that is used for authenticating remote access devices and authenticating remote access devices and network equipment manufactured by Silva (now network equipment manufactured by Silva (now Intel Network Systems, Inc.)Intel Network Systems, Inc.)
Chapter 12
Configuring AuthenticationConfiguring Authentication
Figure 12-12 Configuring authenticationFigure 12-12 Configuring authentication
Chapter 12
Encryption OptionsEncryption Options
The RAS encryption options incorporate The RAS encryption options incorporate IPSec and Microsoft Point-to-Point IPSec and Microsoft Point-to-Point Encryption (MPPE)Encryption (MPPE)
MPPE: A starting to ending point MPPE: A starting to ending point encryption technique that uses special encryption technique that uses special encryption keys varying in length from encryption keys varying in length from 40 to 128 bits40 to 128 bits
Chapter 12
Encryption SelectionsEncryption Selections
No Encryption:No Encryption: Clients do not employ Clients do not employ data encryptiondata encryption
Basic:Basic: Intended for clients using 40-bit Intended for clients using 40-bit encryption key MPPE or IPSecencryption key MPPE or IPSec
Strong:Strong: Intended for clients using 56-bit Intended for clients using 56-bit encryption key MPPE or IPSecencryption key MPPE or IPSec
Chapter 12
Encryption NoteEncryption Note
Originally the beta version of Windows Originally the beta version of Windows 2000 Server included 2000 Server included strongest strongest encryption for 128-key MPPE or IPSec encryption for 128-key MPPE or IPSec encryption, but this option is omitted in encryption, but this option is omitted in the first release of Windows 2000 the first release of Windows 2000 Server. Expect strongest encryption to Server. Expect strongest encryption to be included later in an update.be included later in an update.
Chapter 12
Dial-in and VPN Remote Access Tabs
Dial-in and VPN Remote Access Tabs
Option Description Advanced Used to designate connection attributes, such as RADIUS, frame types, AppleTalk zones, special
filters, and many others
Authentication Used to select the type or types of authentication methods such as EAP, CHAP, MS-CHAP, MS-CHAP v2, PAP, and SPAP (or no authentication)
Dial-in constraints Used to set dial-in limitations, such as times of the day and days of the week when the RAS servers can be accessed, amount of time a connection can be idle before it is disconnected, maximum session time, dial-in number, and media through which to dial in (such as ISDN, X.25, modem, and fax).
Encryption Used to designate encryption levels: no encryption, basic, strong IP Used to define how TCP/IP dial-in clients obtain an IP address, such as by using the server user
account settings; and to set up packet filters to limit which IP addresses can access the RAS servers Multilink Used to enable Multilink connections, when RAS is set up for Multilink and to specify Multilink
BAP settings
Chapter 12
Configuring a Dial-up Connection for a RAS Server
Configuring a Dial-up Connection for a RAS Server
Use the Network and Dial-up Connections Use the Network and Dial-up Connections tool to configure a new dial-up connection tool to configure a new dial-up connection for a RAS serverfor a RAS server
Chapter 12
Creating a New ConnectionCreating a New Connection
Figure 12-13 Creating a new connectionFigure 12-13 Creating a new connection
Chapter 12
General Steps to Configure a VPNGeneral Steps to Configure a VPN
Set up the network connectivity, such as Set up the network connectivity, such as through a WAN adapter, access server, or through a WAN adapter, access server, or routerrouter
Install the Routing and Remote Access Service, Install the Routing and Remote Access Service, configuring it as a VPN serverconfiguring it as a VPN server
Establish the remote access policies and Establish the remote access policies and profile, including setting up EAP authenticationprofile, including setting up EAP authentication
Configure the number of PPTP and L2TP portsConfigure the number of PPTP and L2TP ports
Chapter 12
Design TipDesign Tip
If you select to use a static pool of IP If you select to use a static pool of IP addresses when you install the VPN addresses when you install the VPN server, the upper limit of addresses that server, the upper limit of addresses that can be assigned is 253can be assigned is 253
Chapter 12
Static Address Set UpStatic Address Set Up
Figure 12-14 Providing a range of addresses for a VPN serverFigure 12-14 Providing a range of addresses for a VPN server
Chapter 12
Configuring VPN Server Remote Access Policies
Configuring VPN Server Remote Access Policies
Configure VPN remote access policies Configure VPN remote access policies and a profile using the same steps as and a profile using the same steps as for configuring a RAS serverfor configuring a RAS server
Chapter 12
Configuring PortsConfiguring Ports
Configure the number of ports to equal Configure the number of ports to equal those available through the WAN those available through the WAN connectionconnection
Chapter 12
Steps for Configuring PortsSteps for Configuring Ports
To configure the number of ports:To configure the number of ports: Right-click Ports in the tree under the server Right-click Ports in the tree under the server
in the Routing and Remote Access toolin the Routing and Remote Access tool Click PropertiesClick Properties Double-click WAN Miniport (PPTP) and set Double-click WAN Miniport (PPTP) and set
the number of portsthe number of ports Double-click WAN Miniport (L2TP) and set Double-click WAN Miniport (L2TP) and set
the number of portsthe number of ports
Chapter 12
Steps for Configuring Ports (continued)
Steps for Configuring Ports (continued)
Figure 12-15 Configuring the number of portsFigure 12-15 Configuring the number of ports
Chapter 12
Hardware Troubleshooting Tips for RAS and VPN Servers
Hardware Troubleshooting Tips for RAS and VPN Servers
Use the Add/Remove Hardware tool or the Use the Add/Remove Hardware tool or the Device Manager to test modems and WAN Device Manager to test modems and WAN adaptersadapters
Use the Network and Dial-up Connections Use the Network and Dial-up Connections tool to check dial-up and WAN connectionstool to check dial-up and WAN connections
Make sure access servers are workingMake sure access servers are working Make sure modem lines are properly Make sure modem lines are properly
connected and workingconnected and working
Chapter 12
Software Troubleshooting Tips for RAS and VPN Servers
Software Troubleshooting Tips for RAS and VPN Servers
Make sure that the Remote Access Auto Make sure that the Remote Access Auto Connection Manager and Remote Access Connection Manager and Remote Access Connection Manager services are startedConnection Manager services are started
Make sure the RAS or VPN server is Make sure the RAS or VPN server is enabledenabled
Use the Ports option to check the status of Use the Ports option to check the status of portsports
Make sure all IP parameters are properly Make sure all IP parameters are properly configuredconfigured
Chapter 12
RAS and VPN Client Troubleshooting TipsRAS and VPN Client Troubleshooting Tips
Check the dial-up networking and RAS setup Check the dial-up networking and RAS setup on the clienton the client
Make sure that clients are using the right Make sure that clients are using the right protocolsprotocols
Check the dial-in security on the client’s user Check the dial-in security on the client’s user accountaccount
Check the client’s modem to make sure it is Check the client’s modem to make sure it is working and set for compatible working and set for compatible communications with the servercommunications with the server
Chapter 12
Chapter SummaryChapter Summary
RAS and VPN servers enable clients to RAS and VPN servers enable clients to remotely access Windows 2000 Server, remotely access Windows 2000 Server, such as those who telecommutesuch as those who telecommute
Remote access can be configured Remote access can be configured through many types of WAN through many types of WAN connectivity, such as dial-up telephone connectivity, such as dial-up telephone lines, high-speed lines, Internet lines, high-speed lines, Internet connections, and routersconnections, and routers
Chapter 12
Chapter SummaryChapter Summary
RAS and VPN servers are compatible RAS and VPN servers are compatible with remote access protocols such as with remote access protocols such as PPP, PPTP, and L2TPPPP, PPTP, and L2TP
Manage RAS and VPN servers using Manage RAS and VPN servers using remote access policies and profilesremote access policies and profiles