Configuring Remote Access Servers
description
Transcript of Configuring Remote Access Servers
-
(RRAS)
1. Click Start, and then click Manage Your Server.
2. Select the Add or remove a role option.
3. The Configure Your Server Wizard starts.
4. On the Preliminary Steps page, click Next.
5. A message appears, informing you that the Configure Your Server Wizard is detecting
network settings and server information.
6. When the Server Role page appears, select the Remote Access/VPN Serveroption and
then click Next.
7. On the Summary of Selections page, click Next.
8. The Welcome to the Routing and RemoteAccess Server Setup Wizard page is displayed
Configuring Remote Access Servers
Installing and Configuring RRAS as a VPN Server
How to install the Routing and Remote Access Services
http://www.tech-faq.com/configuring-remote-access-servers.htmlhttp://www.tech-faq.com/routing.htmlhttp://www.tech-faq.com/configuring-remote-access-servers.html -
1. Click Start, Administrative Tools, and then click Routing And Remote Access to open the
Routing And Remote Access management console.
2. In the console tree, select the server that you want to configure.
3. Right-click the server, and then click Configure And Enable Routing And Remote Access
from the shortcut menu.
4. The Routing and Remote Access Server Setup Wizard starts.
5. Click Next on the Routing and Remote Access Server Setup Wizard Welcome page.
6. On the Common Configuration page, select the Remote Access (Dial-Up Or VPN) option.
Click Next.
7. On the Remote Access page, select the VPN server checkbox and the Dial-up server
checkbox (optional) and then click Next.
8. On the Macintosh Guest Authentication page, select the Allow Unauthenticated Access
For All Remote Clients option if you have Macintosh File and Print services installed and
you want the remote access server to allow anonymous remote access.
9. On the IP Address Assignment page, select the Automatically option if you want use a
DHCP server for IP address assignment for remote clients; or select the From A Specified
Range Of Addresses option if you want to specify your own address range.
10. If you chose the From A Specified Range Of Addresses option, proceed to specify the
address range for remote clients. Click Next.
11. On the Managing Multiple Remote Access Servers page, select the No, Use Routing And
Remote Access To Authenticate Connection Requests option. Click Next.
12. Click Finish when the Completing the Routing and Remote Access Server Setup Wizard
page appears.
13. You will be notified that the DHCP Relay Agent has to be configured with the IP address
of the DHCP server so that DHCP messages can be allowed from your remote clients.
14. Click OK to acknowledge this notification.
You can increase the number of clients that are allowed to concurrently connect to the VPN
server, and you can enable and disable the use of PPTP or L2TP. You add more L2TP ports
or PPTP ports in the Routing And Remote Access management console, through the Ports
Properties dialog box for the remote access server.
To configure additional PPTP ports or L2TP ports,
How to configure RRAS as a VPN Server
How to configure VPN ports for the remote access server
http://www.tech-faq.com/configuring-remote-access-servers.htmlhttp://www.tech-faq.com/configuring-remote-access-servers.htmlhttp://www.tech-faq.com/ip-address.htmlhttp://www.tech-faq.com/relay.html -
1. Click Start, Administrative Tools, and then click Routing And Remote Access to open the
Routing And Remote Access management console.
2. In the console tree, expand the node for the server that you want to configure.
3. Right-click Ports and then select Properties from the shortcut menu to open the Ports
Properties dialog box.
4. Select WAN Miniport (PPTP) or select WAN Miniport (L2TP).
5. Click the Configure button.
6. The Configure Device dialog box opens.
7. In the Maximum Ports box, specify the number of connections that the port type which
you have selected can support. The default configuration setting when the RRAS is
installed is 5 PPTP ports and 5 L2TP ports.
8. If you want to specify the IP address of the public interface to which VPN clients connect,
use the Phone Number For This Device box on the Configure Device dialog box.
9. If you want to disable connections for the port type, select the Use the Remote Access
Connections (Inbound Only) checkbox on the Configure Device dialog box.
10. If you do not want to allow the specific VPN type to be used for demand-dial connections,
deselect the Demand-Dial Routing Connections (Inbound And Outbound) checkbox.
11. Click OK to close the Configure Device dialog box.
12. Click OK to close the Ports Properties dialog box.
1. On the client computer open Control Panel.
2. Right-click Network Connections and then select open from the shortcut menu.
3. Click New Connection Wizard to start the New Connection Wizard.
4. Click Next on the Welcome to the New Connection Wizard page.
5. On the Network Connection Type page, select Connect to the network at my workplace,
and then click Next.
6. Click Virtual Private Network Connection, and click Next.
7. Enter a name for the connection and click Next.
8. Specify the external IP address of the VPN server, or the FQDN of the VPN server, and
then click Next.
9. Select the Anyones use If you want the connection to be available to everyone who
uses the computer and then click Next.
10. When the Completing the New Connection Wizard page appears, click Finish.
How to configure the VPN client computer
http://www.tech-faq.com/configuring-remote-access-servers.html -
11. The logon dialog box is displayed after you click the Finish button to complete the New
Connection Wizard.
1. Click Start, Administrative Tools, and then click Computer Management to open the
Computer Management console.
2. Double-click Local Users and Groups.
3. Double-click Users.
4. Double-click the specific user account that you want to grant access for to open the
Properties dialog box of the user.
5. Click the Dial-in tab.
6. Click Allow access, and then click OK.
7. On the client computer, access the Network Connections folder, and then double-click
the VPNconnection that you want to configure.
8. Specify the user account credentials, and then click Connect.
The DHCP Relay Agent is automatically installed when you install the Windows Server 2003
Routing And Remote Access Service (RRAS).
You can though manually install the DHCP Relay Agent,
1. Click Start, Administrative Tools, and then select Routing And Remote Access to open the
Routing And Remote Access console.
2. In the console tree, expand the Server node of the server that you want to install the
DHCP Relay Agent for.
3. Expand the IP Routing node.
4. Right-click the General node, and then select New Routing Protocol from the shortcut
menu.
5. The New Routing Protocol dialog box opens.
6. Select DHCP Relay Agent.
7. Click OK.
8. The DHCP Relay Agent node appears beneath the IP Routing node in the console tree of
the Routing And Remote Access management console.
How to grant dial-in permission for user accounts
How to manually install the DHCP Relay Agent
http://www.tech-faq.com/configuring-remote-access-servers.html -
be forwarded to
1. Click Start, All Programs, Administrative Tools and then click Routing and Remote Access
to open the Routing And Remote Access management console.
2. Expand the IP Routing node and in the console tree.
3. Right-click the DHCP Relay Agent node, and then select Properties from the shortcut
menu to access the DHCP Relay Agent Properties dialog box.
4. On the General tab, enter the IP address of the DHCP server that DHCP requests should
be forwarded to in the Server Address text box, and click Add.
5. Repeat the above process for each DHCP server that you want DHCP requests forwarded
to.
6. Click OK.
interface
1. Click Start, All Programs, Administrative Tools and then click Routing and Remote Access
to open the Routing And Remote Access console.
2. Expand the IP Routing node in the console tree.
3. Right-click the DHCP Relay Agent node and then select NewInterface from the shortcut
menu.
4. The New Interface For DHCP Relay Agent dialog box opens, showing the interfaces that
the DHCP Relay Agent can be attached to.
5. Select the interface that is on the same subnet as the DHCP clients.
6. Click OK.
7. In the DHCP Relay Properties dialog box, ensure that the Relay DHCP Packets checkbox
is selected on the General tab.
8. You can change the Hop-Count Threshold and Boot Threshold values.
9. Click OK.
A VPN gateway or VPN router is simply a router that connects to another VPN gateway, or
to multiple VPN gateways. VPN routers are usually created to provide an extension to the
LAN.
How to add the DHCP server that DHCP requests should
How to configure the DHCP Relay Agent on a network
How to configure a VPN Gateway/Router
-
To configure a VPN router to enable connectivity between LANs,
1. Click Start, Administrative Tools, and then click Routing And Remote Access to open the
Routing And Remote Access management console.
2. In the console tree, select the server that you want to configure.
3. Right-click the server, and then click Configure And Enable Routing And Remote Access
from the shortcut menu.
4. The Routing and Remote Access Server Setup Wizard starts.
5. Click Next on the Routing and Remote Access Server Setup Wizard Welcome page.
6. On the Common Configuration page, select the Remote Access (Dial-Up Or VPN) option.
Click Next.
7. On the Remote Access page, select the VPN server checkbox and then click Next.
8. On the VPN Connection page select the network interface for connecting the server to the
Internet.
9. Leave the default setting that enables security on the selected interface unchanged, and
then click Next.
10. On the Address Assignment page, select the From A Specified Range Of Addresses option
and click Next.
11. On the Address Range Assignment page click New and then proceed to specify an
address range for the remote VPN gateway. Click Next.
12. On the Managing Multiple Remote Access Servers page, select the No, Use Routing And
Remote Access To Authenticate Connection Requests option. Click Next.
13. Click Finish when the Completing the Routing and Remote Access Server Setup Wizard
page appears.
14. You will be notified that the DHCP Relay Agent has to be configured with the IP address
of the DHCP server so that DHCP relay messages can be allowed from your remote
clients.
15. Click OK to acknowledge this notification.
16. To configure the demand-dial interface, in the console tree of the Routing and Remote
Access console, select Network Interfaces.
17. From the Action menu, click New Demand-dial Interface.
18. The Demand-dial Interface Wizard starts.
19. Click Next on the Demand-dial Interface Wizard Welcome page.
20. Enter a name for the demand-dial VPN interface and then click Next.
21. On the Connection Type page, choose the Connect using virtual private networking (VPN)
option and click Next.
http://www.tech-faq.com/configuring-remote-access-servers.htmlhttp://www.tech-faq.com/configuring-remote-access-servers.html -
22. On the VPN Type page, select the VPN protocol which you want to use and then click
Next. You can leave the Automatic selection default option unchanged.
23. On the Destination Address page, provide the IP address that corresponds to the public
interface of the remote gateway and then click Next.
24. On the Protocols And Security Page, select the Route IP packets on this interface
checkbox, and click Next.
25. On the Static Routes For Remote Networks page, click the Add button and then enter the
LAN subnet address for the remote LAN on the Static Route dialog box.
26. Click OK and then click Next.
27. Specify the username, password and domain for authentication purposes and click Next.
28. Click Finish on the Completing the Demand-dial Interface Wizard page.
29. You now have to configure the interface for a persistent connection.
30. In the console tree of the Routing and Remote Access console, select the demand-dial
interface that you want to configure, and then select the Action menu. Click the Options
command on the Action menu.
31. lick Persistent Connection and click OK.
32. In the console tree of the Routing and Remote Access console, expand the IP Routing
node.
33. Select Static Routes to verify that the static route to the remote LAN subnet is
configured. The static route should be displayed in the Details pane.
34. To configure packet filtering properties, select the demand-dial interface and select
Properties from the shortcut menu.
35. On the General tab, select Inbound Filters and then select New.
36. Specify the appropriate LAN subnet information. Click OK.
37. Select the Drop all packets except those that meet the criteria below option and then
click OK.
38. Select the demand-dial interface and select Properties from the shortcut menu.
39. On the General tab, select Outbound Filters and then select New.
40. Specify the appropriate LAN subnet information. Click OK.
41. Select the Drop all packets except those that meet the criteria below option and then
click OK.
42. Click OK again.
43. In the console tree of the Routing and Remote Access console, select the demand-dial
circuit from Network Interfaces, and then select the Connect command from the Action
menu.
http://www.tech-faq.com/static-route.htmlhttp://www.tech-faq.com/filters.html -
44. Examine the information in the Status column and Connection State column to verify the
status and state of the tunnel.
access server
1. Click Start, Administrative Tools, and then select Routing And Remote Access to open the
Routing And Remote Access console.
2. In the console tree right-click the server that you want to configure and then select
Properties from the shortcut menu.
3. Click the Logging tab.
4. The logging options logging options which you can set are:
o Log errors only
o Log errors and warnings
o Log all events
o Do not log any events
5. Click OK.
Configuring RRAS LAN Routing and Packet Filters
1. Click Start, Administrative Tools, and then click Routing And Remote Access to open the
Routing And Remote Access management console.
2. In the console tree, select the server that you want to configure.
3. From the Action menu, select Configure And Enable Routing And Remote Access.
4. The Routing And Remote Access Server Setup Wizard starts.
5. Click Next on the initial page of the Routing And Remote Access Server Setup Wizard.
6. On the Configuration page, select the Custom Configuration option and then click Next.
7. On the Custom Configuration page, select the LAN Routing checkbox and then click Next.
8. On the Completing The Routing And Remote Access Server Setup Wizard page, click
Finish.
9. Click Yes in the message box that appears, asking whether the Routing and Remote
Access service should be started.
10. To configure the routing protocol, in the console tree of the Routing And Remote Access
console, expand the IP Routing node.
How to specify server log file properties for the remote
How to configure RRAS LAN Routing
-
11. Select the General subnode.
12. From the Action menu, click the New Routing Protocol command.
13. The New Routing Protocol dialog box opens.
14. Select RIP Version 2 For Internet Protocol from the Routing Protocols list. Click OK.
15. A RIP node is added beneath the IP Routing node in the console tree of the Routing And
Remote Access console
16. Select the RIP node in the console tree of the Routing And Remote Access server.
17. From the Action menu, click the New Interface command.
18. The New Interface For RIP Version 2 For Internet Protocol dialog box opens.
19. Using the Interfaces list, select the interface which connects the computer to the LAN
and then click OK.
20. The RIP Properties dialog box for the interface which you have selected is displayed next.
21. On the General tab, specify whether the RIP version 1 or RIP version 2 packet format
must be used for outgoing messages.
22. Specify whether broadcasts or multicasts should be used.
Specify whether incoming messages using the RIP version 1 format; or RIP version 2
format; or whether both of these formats should be processed.
23. Click the Advanced tab.
24. Set the value in the Periodic Announcement Interval (Seconds) setting to 300 seconds.
This is the frequency at which the router transmits RIP messages.
25. Set the value in the Time Before Routes Expire (Seconds) setting to 1800 seconds.
26. Set the value in the Time Before Route Is Removed (Seconds) setting to 1200 seconds.
27. Click OK.
1. Click Start, Administrative Tools, and then click Routing And Remote Access to open the
Routing And Remote Access management console.
2. Right-click the server in the console tree, and then select Configure And Enable Routing
And Remote Access from the shortcut menu.
3. The Routing and Remote Access Server Setup Wizard starts.
4. Click Next on the initial page of the Routing and Remote Access Server Setup Wizard.
5. Select the Custom Configuration option. Click Next
6. Click LAN routing and then click Next.
7. Click Finish.
8. Click Yes to enable LAN routing.
How to configure RRAS packet filters
http://www.tech-faq.com/routing-protocols.html -
9. Proceed to enable the RIP Version 2 for Internet Protocol.
10. Once RIP Version 2 is enabled, right-click RIP in the console tree, and then select New
Interface from the shortcut menu.
11. Select the interface.
12. The default setting for RIP if you are running Windows Server 2003 is:
o Outgoing packet protocol: dropdown list = RIP version 2 broadcast
o Incoming packet protocol: dropdown list = RIP version 1 and 2
13. The following configuration is recommended if you are using RIP version 2;
and Ethernet as the transport medium:
o Outgoing packet protocol: dropdown list = RIP version 2 multicast
o Incoming packet protocol: dropdown list = RIP version 2 only
14. Click OK
1. Click Start, Administrative Tools, and then click Routing And Remote Access to open the
Routing And Remote Access management console.
2. In the console tree, select the server that you want to configure.
3. From the Action menu, select Configure And Enable Routing And Remote Access.
4. The Routing And Remote Access Server Setup Wizard starts.
5. Click Next on the initial page of the Routing And Remote Access Server Setup Wizard.
6. On the Configuration page, select the Custom Configuration option and then click Next.
7. On the Custom Configuration page, select the Dial-Up Access checkbox and then click
Next.
8. On the Completing The Routing And Remote Access Server Setup Wizard page, click
Finish
9. Click Yes in the message box that appears, asking whether the Routing and Remote
Access service should be started.
10. To configure modem ports, in the console tree of the Routing And Remote Access
console, expand the node for the server that you want to configure.
11. Right-click Ports and then select Properties from the shortcut menu to open the Ports
Properties dialog box.
12. Select the specific device and then click the Configure button.
How to configure a RRAS Dial-Up server
Configuring a Remote Access Dial-Up Server
http://www.tech-faq.com/ethernet.html -
13. To enable remote access, select the Use the Remote Access Connections (Inbound Only)
checkbox and click OK.
1. Click Start, Administrative Tools, and then select Routing And Remote Access to open the
Routing And Remote Access console.
2. In the console tree, select the server that you want to configure, and then select
Properties from the Action menu.
3. Verify that the Remote access server checkbox is enabled on the General tab.
4. Click the Security tab.
5. In the Authentication Provider list, select the Windows Authentication option.
6. Choose the authentication protocol for you clients./li>
7. In the Accounting Provider list, select the Windows Accounting option.
8. Click the IP tab.
9. Select the Enable IP Routing checkbox.
10. Select the Allow IP-Based Remote Access And Demand Dial Connections checkbox.
11. The IP Address Assignment section of the IP tab is used to configure the manner in which
the IP addresses are assigned to remote access clients.
12. If you are using a DHCP server, then you can select the Dynamic Host Configuration
Protocol (DHCP) option.
13. In the Adapter list, choose the adapter for providing DNS, DHCP and WINS services for
dial-in clients.
14. Click OK.
You configure a Dial-Up Gateway by completing the following process:
Configure the user account, with the correct dial-in permissions, that the remote access
server would use to connect to the remote LAN.
Configure a demand dial interface to the remote network.
Configure a static route to point non-LAN traffic to the dial-up connection.
1. Click Start, Administrative Tools, and then select Active Directory Users and Computers
to open the Active Directory Users and Computers management console.
2. In the console tree, right-click the Users container and then select New and then User
from the shortcut menu.
How to configure properties for the RRAS Dial-Up server
How to configure a Dial-Up Gateway
http://www.tech-faq.com/dhcp.htmlhttp://www.tech-faq.com/what-is-dns.htmlhttp://www.tech-faq.com/active-directory.html -
3. In the New Object User dialog box, enter the correct account name information and
then click Next.
4. Enter the password information for the new user account in the Password and Confirm
Password textboxes.
5. Ensure that the User must change password at next logon checkbox is not selected and
then click Next to complete the creation of new user account.
6. In the console tree, select the Users container, right-click the user account which you
created and then select Properties from the shortcut menu.
7. When the Properties dialog box for the user account appears, click the Dial-in tab.
8. Click the Allow access option.
9. Click OK.
10. To configure the demand dial interface, click Start, Administrative Tools, and then select
Routing And Remote Access to open the Routing And Remote Access console.
11. In the console tree, right-click the server that you want to configure, and then select
Configure And Enable Routing And Remote Access.
12. The Routing And Remote Access Server Setup Wizard starts.
13. Click Next on the initial page of the Routing And Remote Access Server Setup Wizard.
14. On the Configuration page, select the Custom Configuration option and then click Next.
15. On the Custom Configuration page, select the Demand-dial connections (used for branch
office routing) checkbox and then click Next.
16. On the Completing The Routing And Remote Access Server Setup Wizard page, click
Finish
17. Click Yes in the message box that appears, asking whether the Routing and Remote
Access service should be started.
18. In the console tree of the Routing And Remote Access management console, right-click
Network Interfaces and then select New Demand-dial Interface from the shortcut menu.
19. The Demand-dial Interface Wizard starts.
20. Click Next on the Demand-dial Interface Wizard Welcome page.
21. Enter a name for the new demand-dial interface and then click Next.
22. On the Connection Type page, choose the Connect using a modem, ISDN adapter, or
other physical device option and click Next.
23. On the Protocols And Security Page, select the Route IP packets on this interface
checkbox, and click Next.
24. On the Static Routes For Remote Networks page, click the Add button to configure the
static route.
25. Click OK in the Static Route dialog box. Click Next.
http://www.tech-faq.com/object.html -
26. Specify the username, password and domain for authentication purposes on the Dial Out
Credentials page. Click Next
27. Click Finish on the Completing the Demand-dial Interface Wizard page.
28. This process has to be completed for the remote LAN as well.
1. Click Start, Administrative Tools, and then select Routing And Remote Access to open the
Routing And Remote Access console.
2. In the console tree, right-click the server that you want to configure and then click
Properties from the shortcut menu.
3. Click the PPP tab on the Server Properties dialog box.
4. Click the Dynamic bandwidth control using BAP and BACP to activate it.
1. Click Start, Administrative Tools, and then select Routing And Remote Access to open the
Routing And Remote Access console.
2. In the console tree, expand the server node to display the Remote Access Policies node.
3. Select Remote Access Policies.
4. In the details pane, double-click the remote access policy that should be configured.
5. Click Edit Profile.
6. Use the Multilink tab to configure properties for the Multilink policy.
7. Click OK.
system
1. Open Control Panel.
2. Click Network and Dial-up Connections.
3. Right-click the connection for multilink and then select Properties from the shortcut
menu.
4. Select Options and then Multiple devices.
Configuring the Remote Access Server to use
Multilink with Bandwidth Allocation Protocol (BAP)
How to enable BAP
How to enable Multilink
How to enable multiple device dialing on the client
-
5. If you want to dynamically dial and hang up devices click Dial devices only as needed
and then click Configure.
6. If you want to use all devices, click Dial all devices.
7. If you want to use only the first available device, click Dial only first available device.
8. Click OK.
Access Servers
You can configure remote access policies to control the access rights of remote users.
Remote access policies allow you to authenticate remote connections and enforce any
specific connection restrictions.
The following connection settings can be administered by configuring standard remote
access policy settings.
Authentication methods: The different authentication methods that can be configured are
listed below:
o EAP
o CHAP
o MS-CHAP
o MS-CHAP version 2
o PAP
o PEAP
o Unauthenticated access
Remote access permissions
Group membership
Time of day
Type of connection
The following connection settings can be administered by configuring advanced remote
access policy settings.
Access server identity
Access client phone number or MAC address
Specify to use user account dial-in properties
Specify that unauthenticated access be allowed
Configuring Remote Access Policies for Remote
-
After a remote access policy authorizes a connection, you can also configure that certain
constraints be enforced. Constraints are based on the following:
Encryption strength
IP packet filters
Idle timeout
Maximum session time
access server
1. Click Start, Administrative Tools, and then select Active Directory Users and Computers
to open the Active Directory Users and Computers management console.
2. In the console tree, select the Users container, right-click the user account which you
want to configure and then select Properties from the shortcut menu.
3. The Properties dialog box for the user account appears.
4. Click the Dial-in tab.
5. Ensure that the Remote Access Permission (Dial-in or VPN) option is specified as Control
Access Through Remote Access Policy.
6. To configure the remote access policy for the remote access server, click Start,
Administrative Tools, and then select Routing And Remote Access to open the Routing
And Remote Access console.
7. In the console tree, expand the servers node and then right-click Remote Access Policies
and select New Remote Access Policy from the shortcut menu.
8. Select the desired policy configuration settings through the various pages of the New
Remote Access Policy Wizard.
9. The different policy conditions that you can specify are listed below:
o Authentication Type; the authentication type, for instance PAP or CHAP.
o Called Station ID; the network access servers (NAS) phone number.
o Calling Station ID; the phone number used by the caller.
o Client-Friendly Name; the name of the RADIUS client requiring authentication.
o Client IP Address; the IP address of the RADIUS client.
o Client Vendor; the network access servers (NAS) vendor.
o Day and Time Restrictions; when a connection can be established.
o Framed Protocol; IAS uses this to determine the frame type of the incoming packets.
o MS RAS Vendor; the RADIUS client machines vendor.
How to configure a remote access policy for a remote
-
o NAS Identifier; the network access servers (NAS) name.
o NAS IP Address; IP address of the NAS.
o NAS Port Type; the media used by the client.
o Service Type; the type of service requested.
o Tunnel Type; the type of tunnel (PPTP, L2TP).
o Windows Groups; the groups to which the user establishing a connection belongs.
How to configure a remote access policy to authorize
access by user
1. Click Start, Administrative Tools, and then select Routing And Remote Access to open the
Routing And Remote Access console.
2. In the console tree, expand the servers node and then right-click Remote Access Policies
and select New Remote Access Policy from the shortcut menu.
3. The New Remote Access Policy Wizard starts.
4. Click Next on the New Remote Access Policy Wizard Welcome page.
5. On the Policy Configuration Method page, click the Use the wizard to set up a typical
policy option.
6. Enter a name in the Policy name box, and then click Next.
7. On the Access Method page, select between the following options and then click Next:
o Dial-up
o VPN
o Wireless
o Ethernet
8. On the User or Group Access page, click the User option and then click Next.
9. On the Authentication Methods page, specify the authentication methods which the policy
will accept and then click Next.
10. On the Policy Encryption Level page, specify the encryption types and then click Next.
11. Click Finish to create the new remote access policy.
How to configure a remote access policy to authorize
access by group
1. Click Start, Administrative Tools, and then select Routing And Remote Access to open the
Routing And Remote Access console.
http://www.tech-faq.com/ethernet.html -
2. In the console tree, right-click Remote Access Policies and then select New Remote
Access Policy from the shortcut menu.
3. The New Remote Access Policy Wizard starts.
4. Click Next on the New Remote Access Policy Wizard Welcome page.
5. When the Policy Configuration Method page appears, select the Use the wizard to set up
a typical policy option.
6. Enter a name in the Policy name box, and then click Next.
7. On the Access Method page, select between the following options and then click Next:
o Dial-up
o VPN
o Wireless
o Ethernet
8. On the User or Group Access page, select the Group option and then click Add to specify
the group name.
9. Using the Enter the object names to select box, specify the group and then click OK.
10. Click Next on the User or Group Access page.
11. On the Authentication Methods page, specify the authentication methods which the policy
will accept and then click Next.
12. On the Policy Encryption Level page, specify the encryption types and then click Next.
13. Click Finish to create the new remote access policy.
How to restrict remote access by connection type
1. Click Start, Administrative Tools, and then select Routing And Remote Access to open the
Routing And Rmote Access console.
2. In the console tree, expand the servers node and then right-click Remote Access Policies
and select New Remote Access Policy from the shortcut menu.
3. The New Remote Access Policy Wizard starts.
4. Click Next on the New Remote Access Policy Wizard Welcome page.
5. On the Policy Configuration Method page, click the Set up a custom policy option.
6. Enter a name in the Policy name box, and then click Next.
7. On the Policy Conditions page, click the add button to add a condition.
8. When the Select Attribute dialog box opens, specify the desired attribute and then click
the Add button.
9. Click Next on the Policy Conditions page.
-
10. On the Permissions page, click the Deny remote access permission option and then click
Next.
11. When the Profile page appears, use the Edit button if you want to change the profile.
Click Next.
12. Click Finish to create the new remote access policy.
-
Using Connection Manager
Connection Manager Overview
If you want to configure clients to connect to a RRAS server, you can use the Connection
Manager to do this. Using the network connection properties to configure clients to connect
to a RRAS server works well in situations where you need to configure a small number of
clients, and when the default security settings are being utilized.
Connection Manager is a Windows application and client dialer included in Windows 2000,
Windows XP Professional, and Windows Server 2003 that you can use to allow a client to
establish virtual private network (VPN) connections and dial-up connections to a RRAS
server. The advanced features of Connection Manager enable you to pass preconfigured
connections to network users. These advanced features are evident in the Connection
Manager Administration Kit (CMAK) and Connection Point Services (CPS). Both local
connections and remote connections to the service provider through a network of access
points are supported by Connection Manager. As mentioned, for secure connections over the
Internet, VPN connections can be established using Connection Manager.
With the Connection Manager Administration Kit (CMAK), you can perform the following
functions:
Configure a large numbers of clients by creating an executable file which can be deployed
to your users by means of a distribution package.
Manage dial-up and VPN Connection
Manager service profiles.
Customize Connection Manager to suit the
requirements of your organization.
Configure system policies for connections.
Configure restrictions for connections.
Configure executable files that run
automatically when a user attempts to
establish a connection.
Import existing connection settings so that
http://www.tech-faq.com/using-connection-manager.htmlhttp://www.tech-faq.com/using-connection-manager.html -
they can be modified, and then distribute these modifications.
When users run the distribution package, or executable file, a dial-up connection or VPN
connection using the required authentication methods and security settings is established. It
is even possible to automatically distribute the executable file by using a Group
Policy object. Any modifies to security settings can be done at a later stage by running the
Connection Manager Administration Kit (CMAK) once more, and then simply distributing the
executable file for users to run.
The main advantages and features of Connection Manager are listed here:
Users can run more than one Connection Manager service profile at the same time.
Connection Manager can also be used when users share computers. A user does not need
to provideuser credentials for each connection.
You can customize the following components within Connection Manager so that it
reflects the identity of the organization:
o Icons and graphics
o Help
o Phone book information
o Messages
Users can run more than one Connection Manager service profile at the same time.
The Connection Manager Administration Kit (CMAK) Wizard can be used to automatically
create a service profile so that users can run Connection Manager to establish VPN and
dial-up connections. The service profile takes the form of an executable file which can be
distributed using either of the following methods:
o Download to the client.
o Distributed via compact disc.
You can include custom functionality or programs that execute during the connections
process. For instance, you can run a program when the user logs on, and when the user
logs off.
You can configure monitored applications to automatically disconnect once the
application is closed.
http://www.tech-faq.com/using-connection-manager.htmlhttp://www.tutorials.tech-faq.com/group-policy.htmlhttp://www.tutorials.tech-faq.com/group-policy.htmlhttp://www.tutorials.tech-faq.com/group-policy.htmlhttp://www.tech-faq.com/using-connection-manager.html -
Connection logging, terminal window support and enhanced ISDN support are a few
additional features of Connection Manager.
Access points can be used to save commonly utilized connection settings. Connection
Manager includes help for Access Points and Dialing Rules.
Planning for Creating New Connection Manager
Service Profiles
The Connection Manager Administration Kit (CMAK) Wizard consists of a number of steps or
pages that need to be completed to create a new Connection Manager service profile. You
therefore need to plan upfront which items are going to be specified when you run the
CMAK Wizard.
The online CMAK Guide specifies six phases for creating a new Connection Manager service
profile. This process is detailed here:
Planning phase: Typical issues that should be determined in the planning phase are:
o Determine the connection which should be established.
o Determine which customizations you want graphics, Phone book information, and so
forth.
o Determine which programs should be applied at the connection establishment
process.
Developing custom elements phase: This is when you should create all custom graphics,
icons, and all other elements which you want to include for the new Connection Manager
service profile.
Running the CMAK Wizard phase: The Connection Manager Administration Kit (CMAK)
Wizard is initiated and run to create the new Connection Manager service profile for the
connection.
Preparing for delivery phase: The new Connection Manager service profile can be
distributed via CDROM, floppy disk, Web site, or a network share. It can also be
downloaded to the client.
Testing phase: It is important to test all new packages before users are allowed to
download these packages.
-
Providing support phase: It is recommended that you define a support strategy once the
new Connection Manager service profile is distributed to users.
Addressing Connection Manager Security
Concerns
Because the Connection Manager Administration Kit (CMAK) Wizard enables Administrators
to configure connection properties for creating connections to the network, a few a security
loopholes can be accidentally created as well.
A few common Connection Manager security concerns are listed here:
There is the risk of an unauthorized user establishing a connection and using it. This can
basically occur when a computer can be accessed by multiple users.
For users to run the existing installation of CMAK, they have to belong to the Power
Users group. The service profiles created by the CMAK Wizard are text files. Because of
this, a user that has access to the text files can simply use a text editor to change the
text files created by the CMAK Wizard.
When a Connection Manager service profile includes confidential information, there is a
threat that an unauthorized user can intercept this information and exploit it.
A few strategies that can be used to address Connection Manager security concerns are
listed below:
You can require that users utilize the more current Windows operating systems that
support the user certificates feature of Connection Manager.
Ensure that only those users who are authorized can download and obtain the
Connection Manager service profile.
For a computer that is utilized by more than one user, ensure that users cannot utilize
the Remember Password feature to store the password for the connection. To disable the
Remember Password feature, configure the HideRememberPassword option. The
HideRememberPassword option can be accessed in the last page of the CMAK Wizard by
clicking Edit Advanced Options.
-
Using the Connection Manager Administration Kit
(CMAK) Wizard
The Connection Manager Administration Kit (CMAK) is implemented through the CMAK
Wizard. The CMAK Wizard is used to create an executable file which can be distributed to
users so that they can establish virtualprivate network (VPN) connections and dial-up
connections to a RRAS server. When a user runs the executable file, the security settings
and other settings specified when the CMAK Wizard was run is used to establish the
connection.
The information that you need to supply when you run the CMAK Wizard is summarized
here:
Service Profile Source; indicate either of the following actions:
o Create a new Connection Manager service profile
o Modify an existing Connection Manager service profile
Service And File Names; provide the following details:
o A name for the service profile.
o A file name for the profile folder and files.
Realm Name; if required, provide a realm name. With Microsoft
Internet Authentication ServiceCommercial Edition, realm names can be utilized for
authentication.
Merging Profile Information; you can merge the settings of an existing service profile(s)
into the new Connection Manager service profile which you are creating, or in the service
profile which you are editing.
VPN Support; enables you to specify a VPN connection for the service profile which you
are configuring. For client IP address assignment, the following methods exist:
o Define a DNS server.
o Define a WINS server.
o Define that the server assigns IP addresses when the connection is established.
Phone Book; set whether a phone book is to be created with the service profile being
created or edited.
Phone Book Updates; define the method which will be used to pass phone book updates
to clients. You can specify a Connection Point Services server by means of a URL. The
http://www.tech-faq.com/using-connection-manager.htmlhttp://www.tech-faq.com/using-connection-manager.htmlhttp://www.tech-faq.com/what-is-dns.html -
Windows Server 2003 Connection Point Services (CPS) feature can be used to create and
update phone books.
Dial-Up Networking Entries; define the dial-up networking entries for the phone numbers
in the address book.
Routing Table Update; to update the Routing Table. A file containing routing table
information is then included.
Automatic Proxy Information; enables you to specify options which will be used to
configure proxy settings.
Custom Actions; define actions to occur at the following events:
o Prior to the connection being established.
o Once the connection is established.
o Before the connection is terminated.
Logon Bitmap; set the bitmap that should appear in the Logon dialog box.
Phone Book Bitmap; set the bitmap that should appear in the Phone Book dialog box.
Icons; set the icons which should be displayed for Connection Manager on your clients.
Notification Area Shortcut Menu; define the shortcut menu which is displayed when the
status area icon is right-clicked by users.
Help file; define the Help file for users by:
o Creating a custom Help file.
o Using the default Help file.
Support Information; define the support information for the service profile being created
or edited.
Connection Manager Software; for users to utilize the service profile they must have
Connection Manager installed. For users that do not have the Connection Manager
installed, you can specify that Connection Manager software be added with the service
profile you are creating or editing. Here, the user will perform the following actions:
o Download the package.
o Install the Connection Manager.
o Run the Connection Manager service profile.
License Agreement; you can require users to accept a license agreement by including it
in a text file.
http://www.tutorials.tech-faq.com/routing.html -
Additional Files; for adding any other files with the Connection Manager service profile
being created or edited.
With the CMAK, custom actions are supported. Through custom actions, you can configure
that certain programs should automatically run when the Connection Manager process
occurs.
The different actions which you can specify to run during the Connection Manager process
are summarized here:
Pre-init actions; run when the Connection Manager initiates.
Pre-connect actions; run prior to the connection being established.
Pre-dial actions; run prior to the connection being established.
Pre-tunnel actions; run prior to the connection being established.
Post-connect actions; run after the connection is successfully established.
On cancel actions; run when the user cancels a connection.
On error actions; run when there is an error during the connection establishment
process.
How to install the CMAK
1. Open Control Panel.
2. Double-click Add/Remove Programs, and then click Add/Remove Windows Components.
3. The Windows Components Wizard starts.
4. Click Management and Monitoring Tools, and then click Details.
5. In the Management and Monitoring Tools dialog box, select the checkbox for Connection
Manager Administration Kit.
6. Click OK. Click Next. Click Finish.
To start the Connection Manager Administration Kit (CMAK) Wizard,
1. Click Start, Administrative Tools, and then click Connection Manager Administration Kit to
initiate the CMAK Wizard.
-
How to create a new Connection Manager service
profile
1. Click Start, Administrative Tools, and then click Connection Manager Administration Kit to
initiate the CMAK Wizard.
2. The CMAK Wizard starts.
3. Click Next on the CMAK Wizard Welcome screen.
4. On the Service Profile Selection page, click the New profile option. Click Next.
5. On the Service And File Names page, enter a name for the service in the Service Name
text box, and enter a file name in the File name text box. This name will be used for the
connection and it will also be displayed in the various installation dialog boxes of
Connection Manager. Click Next.
6. On the Realm Name page, leave the default setting of Do Not Add A Realm Name To The
User Name enabled. Click Next.
7. On the Merging Profile Information page, you can merge information from other existing
profiles to add to this profile. Click Next.
8. On the VPN Support page, you can set that a VPN connection be established. Click the
Phone Book From This Profile checkbox. In the Enter the VPN Server Name or IP
Address section of the page, select one of the following options:
1.
Always Use the Same VPN Server option OR
Allow The User To Choose A VPN Server Before Connecting option.
9. Click Next.
10. On the VPN Entries page, perform either of these actions:
o Create a new VPN entry.
o Specify an existing VPN connection for the profile
11. Click Next.
12. On the Phone Book page, disable the Automatically Download Phone Book Updates
checkbox, and then click Next.
http://www.tech-faq.com/using-connection-manager.htmlhttp://www.tutorials.tech-faq.com/ip-address.htmlhttp://www.tutorials.tech-faq.com/ip-address.htmlhttp://www.tutorials.tech-faq.com/ip-address.htmlhttp://www.tech-faq.com/using-connection-manager.html -
13. On the Dial-Up Networking Entries page, perform either of these actions
o Create a new dial-up networking entry.
o Specify an existing dial-up networking entry for the profile.
13. Click Next.
14. On the Routing Table Update page, click Next.
15. On the Automatic Proxy Configuration, set any settings for a proxy server that should
be utilized with the connection, and then click Next.
16. On the Custom Actions page, click Next.
17. On the Logon Bitmap page, specify your own graphics or accept the default graphic
and then click Next.
18. On the Phone Bok Bitmap page, specify your own graphic or select a default graphic,
and then click Next.
19. On the Icons page, select your icons for the connection or use the default settings.
Click Next.
20. On the Notification Area Shortcut Menu page, specify the items which should be
displayed on the shortcut menu, and then click Next.
21. On the Help File page, specify your custom Help file. Click Next.
22. On the Support Information page, provide your support details in the Support
Information text box, and then click Next.
23. On the Connection Manager Software page, you can select the Install Connection
Manager option if users do not have the Connection Manager installed. Click Next.
24. On the License Agreement page, specify the text file that includes the license
agreement, and then click Next.
25. On the Additional Files page include all other files which should be added with the new
service profile. Click Next.
26. On the Ready To Build The Service Profile page, click Next to start the creation of the
new service profile.
27. The CMAK Wizard creates the new customized Connection Manager service profile.
-
28. Click Finish.
How to deploy CMAK packages
When you have completed all the necessary pages of the CMAK Wizard, the Connection
Manager service profile is created. The connection package is compressed as well. The final
screen of the CMAK Wizard displays the location of your newly Connection Manager service
profile.
The service profile is by default stored in the following directory:
C:Program FilesCMAKProfiles directory. The directory is automatically created for the
service profile by CMAK.
To distribute the new service profile package files, use either of these methods:
Copy the files in the CMAK directory to a:
o CDROM
o Floppy disk.
o Web site
Share the CMAK directory and provide users with the path information.
-
Configuring Remote Access Clients
Remote Access Overview
The Routing and Remote Access service (RRAS) is integrated in Windows 2000 and Windows
Server 2003 and provides connectivity for remote users and remote offices to the corporate
network. RRAS make it possible for remote users to perform their tasks as though they are
actually physically connected to the corporate network. A remote access connection enables
services such as file and print sharing to be available to remote users. To access network
resources, remote access clients can use standard Windows tools.
Dial-up networking allows a remote access client to establish a dial-up connection to a port
on a remote access server. The configuration of the dial-up networking server determines
what resources the remote user can access. Users that connect through a dial-up
networking server, connect to the network much like a standard LAN user accessing
resources.
Remote access VPNs provides a common
environment where many different sources
such as intermediaries, clients and off-site
employees can access information via web
browsers or email. Many companies supply
their own VPN connections via the Internet.
Through their ISPs, remote users running
VPN client software are assured private
access in a publicly shared environment. By
using analog, ISDN, DSL, cable technology,
dial and mobile IP; VPNs are implemented
over extensive shared infrastructures. Email, database and office applications use these
secure remote VPN connections.
The different remote access client types are listed below:
Dial-up client: A dial-up client uses a physical connection to the remote access server to
establish a connection to it. A dial-up client can access resources in much the same
manner as if they are actually physically connected to the network. Dial-up clients can:
o Access network resources and services.
o Share files.
http://www.tech-faq.com/configuring-remote-access-clients.htmlhttp://whatwww.tech-faq.com/routing.html -
o Map network drives, and perform other operations, based on the access that is
allowed.
You should utilize a dial-up client when the following conditions are present:
o The Internet cannot be used to access resources on the corporate network because of
security issues.
o The throughput provide by a dial-up connection adequately meets the requirements of
remote access clients they are able to perform the various functions which they
need to.
o The expense of phone lines and modems are affordable.
VPN client: A VPN client utilizes the Internet, tunneling and TCP/IP protocols to establish
a connection to the network.
Wireless client: These clients connect to the network through radio frequencies such as
infrared frequencies.
When determining user requirements for remote access, a few issues that need to be
initially addressed are:
Determine what operating systems are being used by clients.
Determine the computers which are being used by clients.
Determine what the bandwidth needs of users are.
Determine what connections can be supported.
Determine whether clients current Internet connections can be used for VPN
connections.
Determine how often users will need to connect to the network.
Configuring Dial-up RAS clients and VPN clients
The process for configuring a dial-up remote access client and a VPN client are almost
similar. The primary difference between configuring a dial-up remote access client and a
VPN client are explained below:
When configuring a dial-up remote access client, you specify the phone number of the
remote access server.
When configuring a VPN client, you specify the IP address of the server.
After a connection is established, you can change the connections properties through the
connections Properties dialog box. The configuration settings that you can configure
through the various tabs on the Dial-Up Connection Properties dialog box are:
http://whatwww.tech-faq.com/tcp-ip.html -
General tab: The configuration settings that you can configure on the General tab are:
o Configure the VPN servers IP address or hostname
o Specify the phone number to use with the specific connection.
o Specify the connection which should be established prior to the VPN connection being
established.
o Modify the settings of the existing modem that the connection uses
o Modify the modem that the connection uses.
o Specify whether the dialing rules apply for RAS connections.
o Specify whether the connection shows a status icon when the connection is active. For
dial-up connections, the Show Icon In Taskbar When Connected checkbox is enabled
by default.
Options tab: The configuration settings that you can configure on the Options tab pertain
to the dialing and redialing of the connection. The settings on the Options tab are
organized into two sections, namely the Dialing Options section and the Redialing
Options:
o Dialing Options: The dialing options that you can set are listed below. These settings
control the dial-up networkings interface actions:
Display Progress While Connecting checkbox; tracks the progress of the attempted
connection. This option is enabled by default.
Prompt For Name And Password, Certificate, Etc. checkbox; prompts for any
credentials needed to authenticate the connection to the server. The option is
enabled by default.
Include Windows Logon Domain checkbox; the domain name of the domain
currently logged on to is included with the authentication credentials. The option is
disabled by default.
Prompt For Phone Number checkbox; shows the phone number in the connection
dialog box so that it can be edited prior to dialing.
o Redialing Options: These settings control the activities that occur when the remote
end is busy. The redialing options that you can set are:
Redial Attempts box; for specifying the number of attempts that occur to establish
the connection before abandoning it. The default value for the Redial Attempts
setting is 3.
Time Between Redial Attempts setting; for indicating the wait period before
reattempting the connection.
Idle Time Before Hanging Up setting; for specifying the idle time for the connection
before the call is terminated.
-
Redial If Line Is Dropped checkbox; when enabled, the number is automatically
redialed when you are disconnected.
Security tab: The configuration settings that you can configure on the Security tab
control the security of the connection. This includes options for authentication protocols
and encryption. The settings on the Security tab are also organized into two sections,
namely the Security Options section and the Advanced Security Settings:
o Security Options: The settings that you can configure when you select the Typical
(Recommended Settings) option are:
Validate My Identity As Follows; used to specify whether secured passwords,
unsecured passwords, or smart card authentication is used. The default setting is
unsecured passwords.
Automatically Use My Windows Logon Name And Password checkbox; for secured
passwords, provides the remote end with the logon credentials used to log on to
the domain/computer.
Require Data Encryption checkbox; for secured passwords and smart card
authentication, specifies whether an encryption method should be negotiated
between the remote server and the client.
o Advanced Security Settings: The settings that you can configure when you select the
Advanced (Custom Settings) option are listed below. The Advanced Security Settings
dialog box is accessed by clicking the Settings button after you have selected the
Advanced (Custom Settings) option:
Data Encryption drop down list; includes options that specify whether to encrypt
either end of network connections through IPSec. The options are No Encryption
Allowed the server will drop the connection if the client cannot provide
encryption; Optional Encryption the call continues if encryption cannot be
provided; Require Encryption the client has to request encryption, and is not
allowed to connect if the remote server cannot provide it; Maximum Strength
Encryption a connection can only be established if the client and server support
the same level of encryption.
Logon Security setting; specifies the authentication protocols which the client
utilizes. The available options are Use Extensible Authentication Protocol (EAP)
and Smart Card Or Other Certificate.
Allow These Protocols setting; specifies the authentication protocols that the client
can use. Authentication protocols options include CHAP, MS-CHAPv1, MS-CHAPv2,
PAP and SPAP. The authentication protocols that are by default selected when the
Allow These Protocols option is enabled are CHAP, MS-CHAPv1 and MS-CHAPv2.
http://whatwww.tech-faq.com/smart-card.html -
o Networking tab: The configuration settings that you can configure on the Networking
tab are explained below:
Type Of Dial-Up Server I Am Calling setting; specifies the type of server being
called. The options are PPP and SLIP, with PPP being the default setting.
You can select the Install, Uninstall, and Properties buttons to control the protocols
installed on the machine, and to control the settings of the protocols. The typically
selected options are Internet Protocol (TCP/IP) and Client For Microsoft Networks.
o Sharing tab: The configuration settings that you can configure on the Sharing tab are
for RAS clients only:
Enable Internet Connection Sharing For This Connection
Enable On-Demand Dialing
How to install the Routing and Remote Access
Services (RRAS)
1. Click Start, Administrative Tools, and then select Routing And Remote Access to open the
Routing And Remote Access management console.
2. In the console tree, select the remote access server that you want to configure. Select
the Action menu, and then select the Configure and Enable Routing and Remote Access.
Alternatively, you can right-click the server that you want to configure, and then select
Configure and Enable Routing and Remote Access from the shortcut menu.
3. The Routing and Remote Access Server Setup Wizard initiates.
4. On the initial page of the Routing and Remote Access Server Setup Wizard, click Next.
5. On the Configuration page, select the Remote Access (Dial-Up Or VPN) option and then
click Next.
6. On the Remote Access page, select either the VPN server checkbox, or the dial-up server
checkbox, or both of these checkboxes. Click Next.
7. When the Macintosh Guest Authentication page is displayed, click the Allow
Unauthenticated Access For All Remote Clients option if you want the RRAS server to
accept anonymous remote access. Click Next.
8. On the IP Address Assignment page, accept the default setting of Automatically, or select
the From A Specified Range Of Addresses button. Click Next.
9. On the Managing Multiple Remote Access Servers page, select the No, Use Routing And
Remote Access To Authenticate Connection Requests option, and then click Next.
10. On the Summary page, click Finish.
http://whatwww.tech-faq.com/ip-address.html -
11. The RRAS service starts.
How to configure the VPN client
1. On the client computer open Control Panel.
2. Right-click Network Connections and then select open from the shortcut menu.
3. Click New Connection Wizard to start the New Connection Wizard.
4. Click Next on the Welcome to the New Connection Wizard page.
5. On the Network Connection Type page, select Connect to the network at my workplace,
and then click Next.
6. Click Virtual Private Network Connection, and click Next.
7. Enter a name for the connection and click Next.
8. Specify the external IP address of the VPN server, or the FQDN of the VPN server, and
then click Next.
9. Select the Anyones use If you want the connection to be available to everyone who
uses the computer and then click Next.
10. When the Completing the New Connection Wizard page appears, click Finish.
11. The logon dialog box is displayed after you click the Finish button to complete the New
Connection Wizard.
How to allow multilink connections from remote
access clients
1. Click Start, Administrative Tools, and then select Routing And Remote Access to open the
Routing And Remote Access console.
2. In the console tree, right-click the server that you want to work with, and then click
Properties from the shortcut menu.
3. The server Properties dialog box opens.
4. Switch to the PPP tab.
5. Select the Multilink Connections checkbox to allow multilink connections from remote
access clients.
6. If you do not want to allow multilink connections, simply disable the Multilink
Connections checkbox.
7. If you select the Multilink Connections checkbox, it is recommended that you enable the
Dynamic Bandwidth Control Using BAP Or BACP checkbox. This allows the server to add
or drop PPP connections based on the rise and fall in available bandwidth.
-
8. Click OK.
How to grant dial-in permission for user accounts
1. Click Start, Administrative Tools, and then click Computer Management to open the
Computer Management console.
2. Double-click Local Users and Groups.
3. Double-click Users.
4. Double-click the specific user account that you want to grant access for to open the
Properties dialog box of the user.
5. Click the Dial-in tab.
6. Click Allow access, and then click OK.
7. On the client computer, access the Network Connections folder, and then double-click the
VPN connection that you want to configure.
8. Specify the user account credentials, and then click Connect.
How to enable remote access for specific user
1. Click Start, Administrative Tools, and then click Active Directory Users and Computers to
open the Active Directory Users and Computers management console.
2. In the console tree, expand the domain that contains the user account that you want to
enable remote access for.
3. Select the Users container.
4. In the right pane, locate the user account that you want to configure.
5. Right-click the specific user account and then select Properties from the shortcut menu.
6. The Properties dialog box of the user opens.
7. Click the Dial-in tab.
8. In the Remote Access Permission area, click the Allow Access option.
9. Click OK.
How to enable remote access based on remote
access policy
1. Click Start, Administrative Tools, and then click Active Directory Users and Computers to
open the Active Directory Users and Computers management console.
http://whatwww.tech-faq.com/active-directory.html -
2. In the console tree, expand the domain that contains the user account that you want to
enable remote access for.
3. Select the Users container.
4. In the right pane, locate the user account that you want to configure.
5. Right-click the specific user account and then select Properties from the shortcut menu.
6. The Properties dialog box of the user opens.
7. Click the Dial-in tab.
8. In the Remote Access Permission area, click the Control Access Through Remote Access
Policy option.
9. Click OK.
How to configure inbound dial-up connections on a
computer running Windows 2000 Professional
1. Click Start, Settings and then click Network And Dial-Up Connections.
2. When the Network And Dial-Up Connections dialog box opens, double-click Make New
Connection.
3. The Network Connection Wizard starts.
4. Click Next on the Welcome to the Network Connection Wizard page.
5. On the Network Connection Type page, click the Accept Incoming Connections option and
then click Next.
6. On the Devices For Incoming Connections page, in the Connection Devices list, choose
the modem device for the computer. Click Next./li>
7. On the Incoming Virtual Private Connection page, click the Allow Virtual Private
Connections option and then click Next.
8. On the Allowed Users page, select the Administrator option and then proceed to click the
Properties button.
9. The Administrator Properties dialog box opens.
10. Switch to the Callback tab.
11. Verify that the correct settings are specified on the tab. Click OK and click Next.
12. On the Networking Components page, select the Internet Protocol TCP/IP option and
then click the Properties button.
13. When the Incoming TCP/IP Properties dialog box opens, select Specify TCP/IP addresses.
14. Specify the appropriate address in the From box and in the To box, and then click OK and
click Next.
-
15. Click Finish.
How to configure outbound connections on a
computer running Windows 2000 Professional
1. Click Start, Settings and then click Network And Dial-Up Connections.
2. When the Network And Dial-Up Connections dialog box opens, double-click Make New
Connection.
3. The Network Connection Wizard starts.
4. Click Next on the Welcome to the Network Connection Wizard page.
5. On the Network Connection Type page, click the Connect To A Private Network Through
The Internet option. Click Next.
6. On the Destination Address page, enter the appropriate address and then click Next.
7. On the Connection Availability page, click the Only For Myself option and then click Next.
8. Click Finish to complete the Network Connection Wizard.
9. The Connect Virtual Private Connection dialog box automatically opens.
10. Provide the proper use name and password details.
11. Click the Connect button.
How to manage remote access clients
You can use the Routing And Remote Access console to both examine and manage remote
access clients that have established connections to the remote access server. The various
activities that you can perform are:
View and examine the status of connected remote access clients.
Send a message to one or multiple remote access clients.
Disconnect remote access clients.
How to view the status of connected remote access clients
1. Click Start, Administrative Tools, and then select Routing And Remote Access to open the
Routing And Remote Access console.
2. In the console tree, select Remote Access Clients.
3. All currently connected remote access clients are displayed in the details pane of the
Routing And Remote Access console.
4. Right-click the user name that you want to examine, and then select Status from the
shortcut menu to view the status of the connection.
How to send a message to a remote access client
-
1. Click Start, Administrative Tools, and then select Routing And Remote Access to open the
Routing And Remote Access console.
2. In the console tree, select Remote Access Clients.
3. In the details pane, right-click the user name that you want to send the message to, and
then select Send Message from the shortcut menu.
4. The Send Message dialog box opens.
5. Type the message that you want to send to the user name that you have selected.
6. Click OK.
How to send a message to all remote access clients
1. Click Start, Administrative Tools, and then select Routing And Remote Access to open the
Routing And Remote Access console.
2. In the console tree, right-click Remote Access Clients and then select Send To All from
the shortcut menu.
3. When the Send Message dialog box opens, type up the message that you want to send to
all connected remote access clients.
4. Click OK.
How to disconnect remote access clients
1. Click Start, Administrative Tools, and then select Routing And Remote Access to open the
Routing And Remote Access console.
2. In the console tree, select Remote Access Clients.
3. In the details pane, right-click the user name that you want to disconnect, and then
select Disconnect from the shortcut menu.
Troubleshooting Dial-Up Remote Access
Connections
A few guidelines for troubleshooting dial-up remote access connections are listed below:
For a dial-up remote access connection to be established between a remote access
server and remote access clients, the Remote Access Server option should be enabled on
the General tab of the Properties dialog box of the remote access server. You can use the
Routing And Remote Access management console to verify that the Remote Access
Server option is enabled.
Ensure that the settings of the remote access policy and the settings configured in the
properties of the remote access server are not conflicting.
-
The remote access server, the remote access policy, and the dial-up remote client should
all be configured to minimally use one common authentication protocol. You can view
this information on the Security tab of the Dial-Up Connection Properties dialog box.
If MS-CHAP v1 is the authentication protocol being used, ensure that the user password
is not more than 14 characters.
The remote access server, the remote access policy, and the dial-up remote client should
all be configured to minimally use one common encryption strength. You can verify this
information on the Security tab of the Dial-Up Connection Properties dialog box.
Ensure that the number of modem devices specified in the Ports node of the Routing And
Remote Access management console can cope with the specified number of concurrent
remote access connections.
The remote access server either assigns addresses to clients from a predefined static
address pool or through a DHCP server on the network.
o For address assignment from the static address pool, ensure that the address pool can
handle the required concurrent client connections.
o For address assignment through the DHCP server, ensure that the DHCP servers
scope can handle the blocks of 10 addresses needed by your remote access server.
The dial-up remote access connection must have the correct permissions for the
connection to be established. You can verify the permissions specified for the connection
by examining the remote access policies and the dial-in properties of the specific user
account.
A few guidelines for troubleshooting modems that are not operating:
o Ensure that the modem cable is not faulty.
o Check whether the modem is compatible.
o Verify that the modem is connected correctly to the computers port. Verify that the
power is turned on.
o Check that the correct number was dialed.
o Check whether the phone lines support the speed of the modem. Try using a lower
bps rate.
o The issue might be that the modem cannot work with the modem of the remote
access server. Here, you might need to use the same modem type being used by
remote access server.
o Verify that you have the necessary remote access permission, and that your user
account is valid.
o Check whether the remote access server is running.
-
If you continuously receive an error message, indicating that the remote access server is
not responding, a few guidelines to solve this issue are listed below:
o Check whether you can connect to the server from a different workstation to ascertain
whether the issue is specific to one workstation.
o Check whether the remote access server is running and operating correctly.
o Verify whether the modem vendor has released new software updates. There might be
an issue with the version of the modem software that you are using.
o If the modem and telephone line appear to not be operating as they should be, use
modem diagnostics to verify that the modem is operating as it should. There might
also be excessive static on the phone line.
o There could be a switching mechanism between the remote access client and server
which is preventing the connection from being established. You should attempt using
a lower bps rate.
o The issue might be that the modem you are using is conflicting with the modem of the
server. You should attempt using a lower bps rate.
o If the modem is experiencing a problem connecting and there is quite some static on
the telephone line, attempt using a lower bps rate. The issue might be that the
modem cannot connect at a higher data rate.
o You can verify the quality of your phone line with the telephone company.
If you receive a no answer message when attempting to connect via ISDN, try the
following strategies. A few possible causes for this type of issue is also listed:
o Try dialing later. The line might be too busy or an existing poor line condition could be
hindering the connection.
o Check that the ISDN adapters are installed and that they are set up correctly.
o Check whether the phone number is configured correctly. You can contact the
telephone company to determine the numbers that the ISDN line owns.
o Verify that the remote access server is up and running, and verify that the modem is
connected.
o Verify that your DigiBoard adapter is current.
o Verify that the Service Profile Identifier (SPID) is configured correctly.
o You should enable line-type negotiation.
If remote access client connections to the remote access server are continuously being
dropped, try the following strategies:
o Check whether the modem cable is connected correctly. It could have been
disconnected.
o Verify that the modem settings are correct.
-
o Verify whether the modem vendor has released new software updates. There might be
an issue with the version of the modem software that you are using.
o It could be that the phone has call waiting, and this is hindering the connection.
Disable call waiting and then try again.
o You could have been disconnected because of an inactivity period. Try once more.
o If somebody picked up the phone, you would have been automatically disconnected.
Try calling once more.
-
How to Setup a Remote Desktop Web Connection
The Remote Desktop Web Connection is a Win32-based ActiveX control (COM object) that
can be used to run Remote Desktop sessions from within a browser like Internet Explorer. It
is a useful alternative to the regular Remote Desktopbecause it can be used without
installing any software on the client machine. Remote Desktopdemands the user to install
software on the clients machine, which can be sometimes infeasible.
Remote Desktop Web Connection is able to do this because the Remote Desktop runs within
a web browser such as Internet Explorer. The web browser on the host computer must
supportActive-X controls to implement Remote Desktop Web Connection.
Configuring the Host Computer
Enabling the Remote Desktop Web Connection on the host computer is the foremost step.
Follow the steps listed below carefully:
Open Control Panel, click on the Add or
Remove Programs icon, and then click
on Add/Remove Windows
Components option.
Click on Internet Information Services,
and then click on the Details option.
In the Subcomponents of Internet
Information Services list, click on World Wide Web Service, and then click on
the Details option.
In the Subcomponents of World Wide Web Service list, select the Remote Desktop Web
Connectioncheck box, and then click OK.
In the Windows Components Wizard, click on Next.
Click Finish when the wizard has completed.
Configuring IIS (Internet Information Services)
TCP port number 80 acts as the default port number to identify Internet Information
Services (IIS). In order to avoid external harmful attacks, these steps change the default
http://www.tech-faq.com/remote-desktop.htmlhttp://www.tech-faq.com/how-to-setup-a-remote-desktop-web-connection.htmlhttp://www.tech-faq.com/remote-desktop.htmlhttp://www.tech-faq.com/remote-desktop.htmlhttp://www.tech-faq.com/how-to-setup-a-remote-desktop-web-connection.htmlhttp://www.tech-faq.com/remote-desktop.htmlhttp://www.tech-faq.com/active-x-controls.html -
port number. The steps listed below are optional but implementing them will highly improve
your machines security.
Note: TCP port number should not be changed if you are already using the machine as a
web server.
Open Control Panel, click on the Performance and Maintenance icon, and then click
onAdministrative Tools. Double-click on the Internet Information Services.
In the ISS snap-in, expand your computer name, expand Web Sites, right-click on
the Default Web Site, and then click on Properties.
On the Web Site tab, change the TCP Port value. Enter a number between 1000 and
65535 that you remember well. This port number will be used for future connections.
Click OK, and close the Internet Information Services snap-in.
Configuring Remote Desktop
A user account with a password is necessary to connect using Remote Desktop. Create an
account if you do not have one. Follow the listed steps carefully to activate Remote Desktop
Right-click on My Computer from the desktop, and select the Properties option.
Select the Remote tab, and then click on the Allow users to connect remotely to
this computercheck box.
Click Select Remote Users, and then click Add.
In the Select Users dialog box, type the name of the user and then click on OK. Click
on OK again to return to the System Properties dialog box, and then click on OK to close
it.
Connect to the Remote Computer
Finally, you can now connect to the remote configured computer via the Internet. In order
to connect, the IP address of the target computer should be known (you could use What Is
My IP or What Is My IP.com to identify the IP address). Now, simply follow the listed steps
carefully in order to connect:
Open Internet Explorer browser, and enter the URL http://ipaddress:port/tsweb/
Example: http://192.168.1.120:1374/tsweb/
http://www.tech-faq.com/remote-desktop.htmlhttp://www.tech-faq.com/remote-desktop.htmlhttp://www.tech-faq.com/how-to-setup-a-remote-desktop-web-connection.htmlhttp://www.whatismyip.org/http://www.whatismyip.org/http://www.whatismyip.org/http://www.whatismyip.com/http://www.tech-faq.com/192-168.html -
Your browser may not be installed with the Remote Desktop ActiveX control, hence if it
prompts you to install it, click Yes.
On the Remote Desktop Web Connection page, click on Connect. You dont need to fill in
the Server field. If you leave the Size field set to Full-screen, the remote desktop will
take over your local desktop.
Enter your user name and password at the Windows logon prompt, and then click OK.
Youll see your desktop completely.
http://www.tech-faq.com/how-to-setup-a-remote-desktop-web-connection.html -
Routing and Remote Access Service
Routing and Remote Access Service Overview
The Routing and Remote Access service (RRAS) is a multi-protocol software router
integrated in Windows 2000 and Windows Server 2003 that provides connectivity for remote
users and remote offices to the corporate network. RRAS make it possible for remote users
to perform their tasks as though they are actually physically connected to the corporate
network. A remote access connection enables services such as file and print sharing to be
available to remote users. To access network resources, remote access clients can use
standard Windows tools.
The Routing and Remote Access service (RRAS) includes integrated support for the following
dynamic routing protocols:
Routing Information Protocol (RIP) version 2
Open Shortest Path First (OSPF)
Routing and Remote Access service can be configured for:
LAN-to-LAN routing
LAN-to-WAN routing
Virtual private network (VPN) routing
Network Address Translation (NAT) routing
Routing features, including
o IP multicasting
o Packet filtering
o Demand-dial routing
o DHCP relay
A computer running Windows 2000
Server or Windows Server 2003 with
Routing and Remote Access service
enabled and configured is called a
remote access server.
A remote access server provides the
following two types of remote access
connectivity:
http://www.tech-faq.com/routing-information-protocol.htmlhttp://www.tech-faq.com/nat-network-address-translation.html -
Dial-up networking (DUN)
Virtual private networking
The Routing and Remote Access features are summarized below:
Router discovery, defined in RFC 1256 provides the means for configuring and
discovering default gateways. Router discovery makes it possible for clients to:
o Dynamically discover routers.
o Use alternate or backup routers when necessary, for instance when a network failure
occurs.
Router discovery consists of the following types of packets