Configuring Remote Access Servers

(RRAS)

1. Click Start, and then click Manage Your Server.

2. Select the Add or remove a role option.

3. The Configure Your Server Wizard starts.

4. On the Preliminary Steps page, click Next.

5. A message appears, informing you that the Configure Your Server Wizard is detecting

network settings and server information.

6. When the Server Role page appears, select the Remote Access/VPN Serveroption and

then click Next.

7. On the Summary of Selections page, click Next.

8. The Welcome to the Routing and RemoteAccess Server Setup Wizard page is displayed

Configuring Remote Access Servers

Installing and Configuring RRAS as a VPN Server

How to install the Routing and Remote Access Services
http://www.tech-faq.com/configuring-remote-access-servers.htmlhttp://www.tech-faq.com/routing.htmlhttp://www.tech-faq.com/configuring-remote-access-servers.html

1. Click Start, Administrative Tools, and then click Routing And Remote Access to open the

Routing And Remote Access management console.

2. In the console tree, select the server that you want to configure.

3. Right-click the server, and then click Configure And Enable Routing And Remote Access

from the shortcut menu.

4. The Routing and Remote Access Server Setup Wizard starts.

5. Click Next on the Routing and Remote Access Server Setup Wizard Welcome page.

6. On the Common Configuration page, select the Remote Access (Dial-Up Or VPN) option.

Click Next.

7. On the Remote Access page, select the VPN server checkbox and the Dial-up server

checkbox (optional) and then click Next.

8. On the Macintosh Guest Authentication page, select the Allow Unauthenticated Access

For All Remote Clients option if you have Macintosh File and Print services installed and

you want the remote access server to allow anonymous remote access.

9. On the IP Address Assignment page, select the Automatically option if you want use a

DHCP server for IP address assignment for remote clients; or select the From A Specified

Range Of Addresses option if you want to specify your own address range.

10. If you chose the From A Specified Range Of Addresses option, proceed to specify the

address range for remote clients. Click Next.

11. On the Managing Multiple Remote Access Servers page, select the No, Use Routing And

Remote Access To Authenticate Connection Requests option. Click Next.

12. Click Finish when the Completing the Routing and Remote Access Server Setup Wizard

page appears.

13. You will be notified that the DHCP Relay Agent has to be configured with the IP address

of the DHCP server so that DHCP messages can be allowed from your remote clients.

14. Click OK to acknowledge this notification.

You can increase the number of clients that are allowed to concurrently connect to the VPN

server, and you can enable and disable the use of PPTP or L2TP. You add more L2TP ports

or PPTP ports in the Routing And Remote Access management console, through the Ports

Properties dialog box for the remote access server.

To configure additional PPTP ports or L2TP ports,

How to configure RRAS as a VPN Server

How to configure VPN ports for the remote access server
http://www.tech-faq.com/configuring-remote-access-servers.htmlhttp://www.tech-faq.com/configuring-remote-access-servers.htmlhttp://www.tech-faq.com/ip-address.htmlhttp://www.tech-faq.com/relay.html



2. In the console tree, expand the node for the server that you want to configure.

3. Right-click Ports and then select Properties from the shortcut menu to open the Ports

Properties dialog box.

4. Select WAN Miniport (PPTP) or select WAN Miniport (L2TP).

5. Click the Configure button.

6. The Configure Device dialog box opens.

7. In the Maximum Ports box, specify the number of connections that the port type which

you have selected can support. The default configuration setting when the RRAS is

installed is 5 PPTP ports and 5 L2TP ports.

8. If you want to specify the IP address of the public interface to which VPN clients connect,

use the Phone Number For This Device box on the Configure Device dialog box.

9. If you want to disable connections for the port type, select the Use the Remote Access

Connections (Inbound Only) checkbox on the Configure Device dialog box.

10. If you do not want to allow the specific VPN type to be used for demand-dial connections,

deselect the Demand-Dial Routing Connections (Inbound And Outbound) checkbox.

11. Click OK to close the Configure Device dialog box.

12. Click OK to close the Ports Properties dialog box.

1. On the client computer open Control Panel.

2. Right-click Network Connections and then select open from the shortcut menu.

3. Click New Connection Wizard to start the New Connection Wizard.

4. Click Next on the Welcome to the New Connection Wizard page.

5. On the Network Connection Type page, select Connect to the network at my workplace,

and then click Next.

6. Click Virtual Private Network Connection, and click Next.

7. Enter a name for the connection and click Next.

8. Specify the external IP address of the VPN server, or the FQDN of the VPN server, and

then click Next.

9. Select the Anyones use If you want the connection to be available to everyone who

uses the computer and then click Next.

10. When the Completing the New Connection Wizard page appears, click Finish.

How to configure the VPN client computer
http://www.tech-faq.com/configuring-remote-access-servers.html

11. The logon dialog box is displayed after you click the Finish button to complete the New

Connection Wizard.

1. Click Start, Administrative Tools, and then click Computer Management to open the

Computer Management console.

2. Double-click Local Users and Groups.

3. Double-click Users.

4. Double-click the specific user account that you want to grant access for to open the

Properties dialog box of the user.

5. Click the Dial-in tab.

6. Click Allow access, and then click OK.

7. On the client computer, access the Network Connections folder, and then double-click

the VPNconnection that you want to configure.

8. Specify the user account credentials, and then click Connect.

The DHCP Relay Agent is automatically installed when you install the Windows Server 2003

Routing And Remote Access Service (RRAS).

You can though manually install the DHCP Relay Agent,

1. Click Start, Administrative Tools, and then select Routing And Remote Access to open the

Routing And Remote Access console.

2. In the console tree, expand the Server node of the server that you want to install the

DHCP Relay Agent for.

3. Expand the IP Routing node.

4. Right-click the General node, and then select New Routing Protocol from the shortcut

menu.

5. The New Routing Protocol dialog box opens.

6. Select DHCP Relay Agent.

7. Click OK.

8. The DHCP Relay Agent node appears beneath the IP Routing node in the console tree of

the Routing And Remote Access management console.

How to grant dial-in permission for user accounts

How to manually install the DHCP Relay Agent
http://www.tech-faq.com/configuring-remote-access-servers.html

be forwarded to

1. Click Start, All Programs, Administrative Tools and then click Routing and Remote Access

to open the Routing And Remote Access management console.

2. Expand the IP Routing node and in the console tree.

3. Right-click the DHCP Relay Agent node, and then select Properties from the shortcut

menu to access the DHCP Relay Agent Properties dialog box.

4. On the General tab, enter the IP address of the DHCP server that DHCP requests should

be forwarded to in the Server Address text box, and click Add.

5. Repeat the above process for each DHCP server that you want DHCP requests forwarded

to.

6. Click OK.

interface

1. Click Start, All Programs, Administrative Tools and then click Routing and Remote Access

to open the Routing And Remote Access console.

2. Expand the IP Routing node in the console tree.

3. Right-click the DHCP Relay Agent node and then select NewInterface from the shortcut

menu.

4. The New Interface For DHCP Relay Agent dialog box opens, showing the interfaces that

the DHCP Relay Agent can be attached to.

5. Select the interface that is on the same subnet as the DHCP clients.

6. Click OK.

7. In the DHCP Relay Properties dialog box, ensure that the Relay DHCP Packets checkbox

is selected on the General tab.

8. You can change the Hop-Count Threshold and Boot Threshold values.

9. Click OK.

A VPN gateway or VPN router is simply a router that connects to another VPN gateway, or

to multiple VPN gateways. VPN routers are usually created to provide an extension to the

LAN.

How to add the DHCP server that DHCP requests should

How to configure the DHCP Relay Agent on a network

How to configure a VPN Gateway/Router

To configure a VPN router to enable connectivity between LANs,




3. Right-click the server, and then click Configure And Enable Routing And Remote Access



5. Click Next on the Routing and Remote Access Server Setup Wizard Welcome page.

6. On the Common Configuration page, select the Remote Access (Dial-Up Or VPN) option.

Click Next.

7. On the Remote Access page, select the VPN server checkbox and then click Next.

8. On the VPN Connection page select the network interface for connecting the server to the

Internet.

9. Leave the default setting that enables security on the selected interface unchanged, and

then click Next.

10. On the Address Assignment page, select the From A Specified Range Of Addresses option

and click Next.

11. On the Address Range Assignment page click New and then proceed to specify an

address range for the remote VPN gateway. Click Next.


Remote Access To Authenticate Connection Requests option. Click Next.

13. Click Finish when the Completing the Routing and Remote Access Server Setup Wizard

page appears.

14. You will be notified that the DHCP Relay Agent has to be configured with the IP address

of the DHCP server so that DHCP relay messages can be allowed from your remote

clients.

15. Click OK to acknowledge this notification.

16. To configure the demand-dial interface, in the console tree of the Routing and Remote

Access console, select Network Interfaces.

17. From the Action menu, click New Demand-dial Interface.

18. The Demand-dial Interface Wizard starts.

19. Click Next on the Demand-dial Interface Wizard Welcome page.

20. Enter a name for the demand-dial VPN interface and then click Next.

21. On the Connection Type page, choose the Connect using virtual private networking (VPN)

option and click Next.
http://www.tech-faq.com/configuring-remote-access-servers.htmlhttp://www.tech-faq.com/configuring-remote-access-servers.html

22. On the VPN Type page, select the VPN protocol which you want to use and then click

Next. You can leave the Automatic selection default option unchanged.

23. On the Destination Address page, provide the IP address that corresponds to the public

interface of the remote gateway and then click Next.

24. On the Protocols And Security Page, select the Route IP packets on this interface

checkbox, and click Next.

25. On the Static Routes For Remote Networks page, click the Add button and then enter the

LAN subnet address for the remote LAN on the Static Route dialog box.

26. Click OK and then click Next.

27. Specify the username, password and domain for authentication purposes and click Next.

28. Click Finish on the Completing the Demand-dial Interface Wizard page.

29. You now have to configure the interface for a persistent connection.

30. In the console tree of the Routing and Remote Access console, select the demand-dial

interface that you want to configure, and then select the Action menu. Click the Options

command on the Action menu.

31. lick Persistent Connection and click OK.

32. In the console tree of the Routing and Remote Access console, expand the IP Routing

node.

33. Select Static Routes to verify that the static route to the remote LAN subnet is

configured. The static route should be displayed in the Details pane.

34. To configure packet filtering properties, select the demand-dial interface and select

Properties from the shortcut menu.

35. On the General tab, select Inbound Filters and then select New.

36. Specify the appropriate LAN subnet information. Click OK.

37. Select the Drop all packets except those that meet the criteria below option and then

click OK.

38. Select the demand-dial interface and select Properties from the shortcut menu.

39. On the General tab, select Outbound Filters and then select New.

40. Specify the appropriate LAN subnet information. Click OK.

41. Select the Drop all packets except those that meet the criteria below option and then

click OK.

42. Click OK again.

43. In the console tree of the Routing and Remote Access console, select the demand-dial

circuit from Network Interfaces, and then select the Connect command from the Action

menu.
http://www.tech-faq.com/static-route.htmlhttp://www.tech-faq.com/filters.html

44. Examine the information in the Status column and Connection State column to verify the

status and state of the tunnel.

access server



2. In the console tree right-click the server that you want to configure and then select


3. Click the Logging tab.

4. The logging options logging options which you can set are:

o Log errors only

o Log errors and warnings

o Log all events

o Do not log any events

5. Click OK.

Configuring RRAS LAN Routing and Packet Filters




3. From the Action menu, select Configure And Enable Routing And Remote Access.

4. The Routing And Remote Access Server Setup Wizard starts.

5. Click Next on the initial page of the Routing And Remote Access Server Setup Wizard.

6. On the Configuration page, select the Custom Configuration option and then click Next.

7. On the Custom Configuration page, select the LAN Routing checkbox and then click Next.

8. On the Completing The Routing And Remote Access Server Setup Wizard page, click

Finish.

9. Click Yes in the message box that appears, asking whether the Routing and Remote

Access service should be started.

10. To configure the routing protocol, in the console tree of the Routing And Remote Access

console, expand the IP Routing node.

How to specify server log file properties for the remote

How to configure RRAS LAN Routing

11. Select the General subnode.

12. From the Action menu, click the New Routing Protocol command.

13. The New Routing Protocol dialog box opens.

14. Select RIP Version 2 For Internet Protocol from the Routing Protocols list. Click OK.

15. A RIP node is added beneath the IP Routing node in the console tree of the Routing And

Remote Access console

16. Select the RIP node in the console tree of the Routing And Remote Access server.

17. From the Action menu, click the New Interface command.

18. The New Interface For RIP Version 2 For Internet Protocol dialog box opens.

19. Using the Interfaces list, select the interface which connects the computer to the LAN

and then click OK.

20. The RIP Properties dialog box for the interface which you have selected is displayed next.

21. On the General tab, specify whether the RIP version 1 or RIP version 2 packet format

must be used for outgoing messages.

22. Specify whether broadcasts or multicasts should be used.

Specify whether incoming messages using the RIP version 1 format; or RIP version 2

format; or whether both of these formats should be processed.

23. Click the Advanced tab.

24. Set the value in the Periodic Announcement Interval (Seconds) setting to 300 seconds.

This is the frequency at which the router transmits RIP messages.

25. Set the value in the Time Before Routes Expire (Seconds) setting to 1800 seconds.

26. Set the value in the Time Before Route Is Removed (Seconds) setting to 1200 seconds.

27. Click OK.



2. Right-click the server in the console tree, and then select Configure And Enable Routing

And Remote Access from the shortcut menu.


4. Click Next on the initial page of the Routing and Remote Access Server Setup Wizard.

5. Select the Custom Configuration option. Click Next

6. Click LAN routing and then click Next.

7. Click Finish.

8. Click Yes to enable LAN routing.

How to configure RRAS packet filters
http://www.tech-faq.com/routing-protocols.html

9. Proceed to enable the RIP Version 2 for Internet Protocol.

10. Once RIP Version 2 is enabled, right-click RIP in the console tree, and then select New

Interface from the shortcut menu.

11. Select the interface.

12. The default setting for RIP if you are running Windows Server 2003 is:

o Outgoing packet protocol: dropdown list = RIP version 2 broadcast

o Incoming packet protocol: dropdown list = RIP version 1 and 2

13. The following configuration is recommended if you are using RIP version 2;

and Ethernet as the transport medium:

o Outgoing packet protocol: dropdown list = RIP version 2 multicast

o Incoming packet protocol: dropdown list = RIP version 2 only

14. Click OK




3. From the Action menu, select Configure And Enable Routing And Remote Access.




7. On the Custom Configuration page, select the Dial-Up Access checkbox and then click

Next.


Finish



10. To configure modem ports, in the console tree of the Routing And Remote Access

console, expand the node for the server that you want to configure.

11. Right-click Ports and then select Properties from the shortcut menu to open the Ports

Properties dialog box.

12. Select the specific device and then click the Configure button.

How to configure a RRAS Dial-Up server

Configuring a Remote Access Dial-Up Server
http://www.tech-faq.com/ethernet.html

13. To enable remote access, select the Use the Remote Access Connections (Inbound Only)

checkbox and click OK.



2. In the console tree, select the server that you want to configure, and then select

Properties from the Action menu.

3. Verify that the Remote access server checkbox is enabled on the General tab.

4. Click the Security tab.

5. In the Authentication Provider list, select the Windows Authentication option.

6. Choose the authentication protocol for you clients./li>

7. In the Accounting Provider list, select the Windows Accounting option.

8. Click the IP tab.

9. Select the Enable IP Routing checkbox.

10. Select the Allow IP-Based Remote Access And Demand Dial Connections checkbox.

11. The IP Address Assignment section of the IP tab is used to configure the manner in which

the IP addresses are assigned to remote access clients.

12. If you are using a DHCP server, then you can select the Dynamic Host Configuration

Protocol (DHCP) option.

13. In the Adapter list, choose the adapter for providing DNS, DHCP and WINS services for

dial-in clients.

14. Click OK.

You configure a Dial-Up Gateway by completing the following process:

Configure the user account, with the correct dial-in permissions, that the remote access

server would use to connect to the remote LAN.

Configure a demand dial interface to the remote network.

Configure a static route to point non-LAN traffic to the dial-up connection.

1. Click Start, Administrative Tools, and then select Active Directory Users and Computers

to open the Active Directory Users and Computers management console.

2. In the console tree, right-click the Users container and then select New and then User


How to configure properties for the RRAS Dial-Up server

How to configure a Dial-Up Gateway
http://www.tech-faq.com/dhcp.htmlhttp://www.tech-faq.com/what-is-dns.htmlhttp://www.tech-faq.com/active-directory.html

3. In the New Object User dialog box, enter the correct account name information and

then click Next.

4. Enter the password information for the new user account in the Password and Confirm

Password textboxes.

5. Ensure that the User must change password at next logon checkbox is not selected and

then click Next to complete the creation of new user account.

6. In the console tree, select the Users container, right-click the user account which you

created and then select Properties from the shortcut menu.

7. When the Properties dialog box for the user account appears, click the Dial-in tab.

8. Click the Allow access option.

9. Click OK.

10. To configure the demand dial interface, click Start, Administrative Tools, and then select

Routing And Remote Access to open the Routing And Remote Access console.

11. In the console tree, right-click the server that you want to configure, and then select

Configure And Enable Routing And Remote Access.




15. On the Custom Configuration page, select the Demand-dial connections (used for branch

office routing) checkbox and then click Next.


Finish



18. In the console tree of the Routing And Remote Access management console, right-click

Network Interfaces and then select New Demand-dial Interface from the shortcut menu.

19. The Demand-dial Interface Wizard starts.

20. Click Next on the Demand-dial Interface Wizard Welcome page.

21. Enter a name for the new demand-dial interface and then click Next.

22. On the Connection Type page, choose the Connect using a modem, ISDN adapter, or

other physical device option and click Next.

23. On the Protocols And Security Page, select the Route IP packets on this interface

checkbox, and click Next.

24. On the Static Routes For Remote Networks page, click the Add button to configure the

static route.

25. Click OK in the Static Route dialog box. Click Next.
http://www.tech-faq.com/object.html

26. Specify the username, password and domain for authentication purposes on the Dial Out

Credentials page. Click Next

27. Click Finish on the Completing the Demand-dial Interface Wizard page.

28. This process has to be completed for the remote LAN as well.



2. In the console tree, right-click the server that you want to configure and then click


3. Click the PPP tab on the Server Properties dialog box.

4. Click the Dynamic bandwidth control using BAP and BACP to activate it.



2. In the console tree, expand the server node to display the Remote Access Policies node.

3. Select Remote Access Policies.

4. In the details pane, double-click the remote access policy that should be configured.

5. Click Edit Profile.

6. Use the Multilink tab to configure properties for the Multilink policy.

7. Click OK.

system

1. Open Control Panel.

2. Click Network and Dial-up Connections.

3. Right-click the connection for multilink and then select Properties from the shortcut

menu.

4. Select Options and then Multiple devices.

Configuring the Remote Access Server to use

Multilink with Bandwidth Allocation Protocol (BAP)

How to enable BAP

How to enable Multilink

How to enable multiple device dialing on the client

5. If you want to dynamically dial and hang up devices click Dial devices only as needed

and then click Configure.

6. If you want to use all devices, click Dial all devices.

7. If you want to use only the first available device, click Dial only first available device.

8. Click OK.

Access Servers

You can configure remote access policies to control the access rights of remote users.

Remote access policies allow you to authenticate remote connections and enforce any

specific connection restrictions.

The following connection settings can be administered by configuring standard remote

access policy settings.

Authentication methods: The different authentication methods that can be configured are

listed below:

o EAP

o CHAP

o MS-CHAP

o MS-CHAP version 2

o PAP

o PEAP

o Unauthenticated access

Remote access permissions

Group membership

Time of day

Type of connection

The following connection settings can be administered by configuring advanced remote

access policy settings.

Access server identity

Access client phone number or MAC address

Specify to use user account dial-in properties

Specify that unauthenticated access be allowed

Configuring Remote Access Policies for Remote

After a remote access policy authorizes a connection, you can also configure that certain

constraints be enforced. Constraints are based on the following:

Encryption strength

IP packet filters

Idle timeout

Maximum session time

access server

1. Click Start, Administrative Tools, and then select Active Directory Users and Computers

to open the Active Directory Users and Computers management console.

2. In the console tree, select the Users container, right-click the user account which you

want to configure and then select Properties from the shortcut menu.

3. The Properties dialog box for the user account appears.


5. Ensure that the Remote Access Permission (Dial-in or VPN) option is specified as Control

Access Through Remote Access Policy.

6. To configure the remote access policy for the remote access server, click Start,

Administrative Tools, and then select Routing And Remote Access to open the Routing

And Remote Access console.

7. In the console tree, expand the servers node and then right-click Remote Access Policies

and select New Remote Access Policy from the shortcut menu.

8. Select the desired policy configuration settings through the various pages of the New

Remote Access Policy Wizard.

9. The different policy conditions that you can specify are listed below:

o Authentication Type; the authentication type, for instance PAP or CHAP.

o Called Station ID; the network access servers (NAS) phone number.

o Calling Station ID; the phone number used by the caller.

o Client-Friendly Name; the name of the RADIUS client requiring authentication.

o Client IP Address; the IP address of the RADIUS client.

o Client Vendor; the network access servers (NAS) vendor.

o Day and Time Restrictions; when a connection can be established.

o Framed Protocol; IAS uses this to determine the frame type of the incoming packets.

o MS RAS Vendor; the RADIUS client machines vendor.

How to configure a remote access policy for a remote

o NAS Identifier; the network access servers (NAS) name.

o NAS IP Address; IP address of the NAS.

o NAS Port Type; the media used by the client.

o Service Type; the type of service requested.

o Tunnel Type; the type of tunnel (PPTP, L2TP).

o Windows Groups; the groups to which the user establishing a connection belongs.

How to configure a remote access policy to authorize

access by user





3. The New Remote Access Policy Wizard starts.

4. Click Next on the New Remote Access Policy Wizard Welcome page.

5. On the Policy Configuration Method page, click the Use the wizard to set up a typical

policy option.

6. Enter a name in the Policy name box, and then click Next.

7. On the Access Method page, select between the following options and then click Next:

o Dial-up

o VPN

o Wireless

o Ethernet

8. On the User or Group Access page, click the User option and then click Next.

9. On the Authentication Methods page, specify the authentication methods which the policy

will accept and then click Next.

10. On the Policy Encryption Level page, specify the encryption types and then click Next.

11. Click Finish to create the new remote access policy.

How to configure a remote access policy to authorize

access by group


http://www.tech-faq.com/ethernet.html

2. In the console tree, right-click Remote Access Policies and then select New Remote

Access Policy from the shortcut menu.



5. When the Policy Configuration Method page appears, select the Use the wizard to set up

a typical policy option.


7. On the Access Method page, select between the following options and then click Next:

o Dial-up

o VPN

o Wireless

o Ethernet

8. On the User or Group Access page, select the Group option and then click Add to specify

the group name.

9. Using the Enter the object names to select box, specify the group and then click OK.

10. Click Next on the User or Group Access page.

11. On the Authentication Methods page, specify the authentication methods which the policy

will accept and then click Next.

12. On the Policy Encryption Level page, specify the encryption types and then click Next.


How to restrict remote access by connection type


Routing And Rmote Access console.





5. On the Policy Configuration Method page, click the Set up a custom policy option.


7. On the Policy Conditions page, click the add button to add a condition.

8. When the Select Attribute dialog box opens, specify the desired attribute and then click

the Add button.

9. Click Next on the Policy Conditions page.

10. On the Permissions page, click the Deny remote access permission option and then click

Next.

11. When the Profile page appears, use the Edit button if you want to change the profile.

Click Next.


Using Connection Manager

Connection Manager Overview

If you want to configure clients to connect to a RRAS server, you can use the Connection

Manager to do this. Using the network connection properties to configure clients to connect

to a RRAS server works well in situations where you need to configure a small number of

clients, and when the default security settings are being utilized.

Connection Manager is a Windows application and client dialer included in Windows 2000,

Windows XP Professional, and Windows Server 2003 that you can use to allow a client to

establish virtual private network (VPN) connections and dial-up connections to a RRAS

server. The advanced features of Connection Manager enable you to pass preconfigured

connections to network users. These advanced features are evident in the Connection

Manager Administration Kit (CMAK) and Connection Point Services (CPS). Both local

connections and remote connections to the service provider through a network of access

points are supported by Connection Manager. As mentioned, for secure connections over the

Internet, VPN connections can be established using Connection Manager.

With the Connection Manager Administration Kit (CMAK), you can perform the following

functions:

Configure a large numbers of clients by creating an executable file which can be deployed

to your users by means of a distribution package.

Manage dial-up and VPN Connection

Manager service profiles.

Customize Connection Manager to suit the

requirements of your organization.

Configure system policies for connections.

Configure restrictions for connections.

Configure executable files that run

automatically when a user attempts to

establish a connection.

Import existing connection settings so that
http://www.tech-faq.com/using-connection-manager.htmlhttp://www.tech-faq.com/using-connection-manager.html

they can be modified, and then distribute these modifications.

When users run the distribution package, or executable file, a dial-up connection or VPN

connection using the required authentication methods and security settings is established. It

is even possible to automatically distribute the executable file by using a Group

Policy object. Any modifies to security settings can be done at a later stage by running the

Connection Manager Administration Kit (CMAK) once more, and then simply distributing the

executable file for users to run.

The main advantages and features of Connection Manager are listed here:

Users can run more than one Connection Manager service profile at the same time.

Connection Manager can also be used when users share computers. A user does not need

to provideuser credentials for each connection.

You can customize the following components within Connection Manager so that it

reflects the identity of the organization:

o Icons and graphics

o Help

o Phone book information

o Messages

Users can run more than one Connection Manager service profile at the same time.

The Connection Manager Administration Kit (CMAK) Wizard can be used to automatically

create a service profile so that users can run Connection Manager to establish VPN and

dial-up connections. The service profile takes the form of an executable file which can be

distributed using either of the following methods:

o Download to the client.

o Distributed via compact disc.

You can include custom functionality or programs that execute during the connections

process. For instance, you can run a program when the user logs on, and when the user

logs off.

You can configure monitored applications to automatically disconnect once the

application is closed.
http://www.tech-faq.com/using-connection-manager.htmlhttp://www.tutorials.tech-faq.com/group-policy.htmlhttp://www.tutorials.tech-faq.com/group-policy.htmlhttp://www.tutorials.tech-faq.com/group-policy.htmlhttp://www.tech-faq.com/using-connection-manager.html

Connection logging, terminal window support and enhanced ISDN support are a few

additional features of Connection Manager.

Access points can be used to save commonly utilized connection settings. Connection

Manager includes help for Access Points and Dialing Rules.

Planning for Creating New Connection Manager

Service Profiles

The Connection Manager Administration Kit (CMAK) Wizard consists of a number of steps or

pages that need to be completed to create a new Connection Manager service profile. You

therefore need to plan upfront which items are going to be specified when you run the

CMAK Wizard.

The online CMAK Guide specifies six phases for creating a new Connection Manager service

profile. This process is detailed here:

Planning phase: Typical issues that should be determined in the planning phase are:

o Determine the connection which should be established.

o Determine which customizations you want graphics, Phone book information, and so

forth.

o Determine which programs should be applied at the connection establishment

process.

Developing custom elements phase: This is when you should create all custom graphics,

icons, and all other elements which you want to include for the new Connection Manager

service profile.

Running the CMAK Wizard phase: The Connection Manager Administration Kit (CMAK)

Wizard is initiated and run to create the new Connection Manager service profile for the

connection.

Preparing for delivery phase: The new Connection Manager service profile can be

distributed via CDROM, floppy disk, Web site, or a network share. It can also be

downloaded to the client.

Testing phase: It is important to test all new packages before users are allowed to

download these packages.

Providing support phase: It is recommended that you define a support strategy once the

new Connection Manager service profile is distributed to users.

Addressing Connection Manager Security

Concerns

Because the Connection Manager Administration Kit (CMAK) Wizard enables Administrators

to configure connection properties for creating connections to the network, a few a security

loopholes can be accidentally created as well.

A few common Connection Manager security concerns are listed here:

There is the risk of an unauthorized user establishing a connection and using it. This can

basically occur when a computer can be accessed by multiple users.

For users to run the existing installation of CMAK, they have to belong to the Power

Users group. The service profiles created by the CMAK Wizard are text files. Because of

this, a user that has access to the text files can simply use a text editor to change the

text files created by the CMAK Wizard.

When a Connection Manager service profile includes confidential information, there is a

threat that an unauthorized user can intercept this information and exploit it.

A few strategies that can be used to address Connection Manager security concerns are

listed below:

You can require that users utilize the more current Windows operating systems that

support the user certificates feature of Connection Manager.

Ensure that only those users who are authorized can download and obtain the

Connection Manager service profile.

For a computer that is utilized by more than one user, ensure that users cannot utilize

the Remember Password feature to store the password for the connection. To disable the

Remember Password feature, configure the HideRememberPassword option. The

HideRememberPassword option can be accessed in the last page of the CMAK Wizard by

clicking Edit Advanced Options.

Using the Connection Manager Administration Kit

(CMAK) Wizard

The Connection Manager Administration Kit (CMAK) is implemented through the CMAK

Wizard. The CMAK Wizard is used to create an executable file which can be distributed to

users so that they can establish virtualprivate network (VPN) connections and dial-up

connections to a RRAS server. When a user runs the executable file, the security settings

and other settings specified when the CMAK Wizard was run is used to establish the

connection.

The information that you need to supply when you run the CMAK Wizard is summarized

here:

Service Profile Source; indicate either of the following actions:

o Create a new Connection Manager service profile

o Modify an existing Connection Manager service profile

Service And File Names; provide the following details:

o A name for the service profile.

o A file name for the profile folder and files.

Realm Name; if required, provide a realm name. With Microsoft

Internet Authentication ServiceCommercial Edition, realm names can be utilized for

authentication.

Merging Profile Information; you can merge the settings of an existing service profile(s)

into the new Connection Manager service profile which you are creating, or in the service

profile which you are editing.

VPN Support; enables you to specify a VPN connection for the service profile which you

are configuring. For client IP address assignment, the following methods exist:

o Define a DNS server.

o Define a WINS server.

o Define that the server assigns IP addresses when the connection is established.

Phone Book; set whether a phone book is to be created with the service profile being

created or edited.

Phone Book Updates; define the method which will be used to pass phone book updates

to clients. You can specify a Connection Point Services server by means of a URL. The
http://www.tech-faq.com/using-connection-manager.htmlhttp://www.tech-faq.com/using-connection-manager.htmlhttp://www.tech-faq.com/what-is-dns.html

Windows Server 2003 Connection Point Services (CPS) feature can be used to create and

update phone books.

Dial-Up Networking Entries; define the dial-up networking entries for the phone numbers

in the address book.

Routing Table Update; to update the Routing Table. A file containing routing table

information is then included.

Automatic Proxy Information; enables you to specify options which will be used to

configure proxy settings.

Custom Actions; define actions to occur at the following events:

o Prior to the connection being established.

o Once the connection is established.

o Before the connection is terminated.

Logon Bitmap; set the bitmap that should appear in the Logon dialog box.

Phone Book Bitmap; set the bitmap that should appear in the Phone Book dialog box.

Icons; set the icons which should be displayed for Connection Manager on your clients.

Notification Area Shortcut Menu; define the shortcut menu which is displayed when the

status area icon is right-clicked by users.

Help file; define the Help file for users by:

o Creating a custom Help file.

o Using the default Help file.

Support Information; define the support information for the service profile being created

or edited.

Connection Manager Software; for users to utilize the service profile they must have

Connection Manager installed. For users that do not have the Connection Manager

installed, you can specify that Connection Manager software be added with the service

profile you are creating or editing. Here, the user will perform the following actions:

o Download the package.

o Install the Connection Manager.

o Run the Connection Manager service profile.

License Agreement; you can require users to accept a license agreement by including it

in a text file.
http://www.tutorials.tech-faq.com/routing.html

Additional Files; for adding any other files with the Connection Manager service profile

being created or edited.

With the CMAK, custom actions are supported. Through custom actions, you can configure

that certain programs should automatically run when the Connection Manager process

occurs.

The different actions which you can specify to run during the Connection Manager process

are summarized here:

Pre-init actions; run when the Connection Manager initiates.

Pre-connect actions; run prior to the connection being established.

Pre-dial actions; run prior to the connection being established.

Pre-tunnel actions; run prior to the connection being established.

Post-connect actions; run after the connection is successfully established.

On cancel actions; run when the user cancels a connection.

On error actions; run when there is an error during the connection establishment

process.

How to install the CMAK

1. Open Control Panel.

2. Double-click Add/Remove Programs, and then click Add/Remove Windows Components.

3. The Windows Components Wizard starts.

4. Click Management and Monitoring Tools, and then click Details.

5. In the Management and Monitoring Tools dialog box, select the checkbox for Connection

Manager Administration Kit.

6. Click OK. Click Next. Click Finish.

To start the Connection Manager Administration Kit (CMAK) Wizard,

1. Click Start, Administrative Tools, and then click Connection Manager Administration Kit to

initiate the CMAK Wizard.

How to create a new Connection Manager service

profile

1. Click Start, Administrative Tools, and then click Connection Manager Administration Kit to

initiate the CMAK Wizard.

2. The CMAK Wizard starts.

3. Click Next on the CMAK Wizard Welcome screen.

4. On the Service Profile Selection page, click the New profile option. Click Next.

5. On the Service And File Names page, enter a name for the service in the Service Name

text box, and enter a file name in the File name text box. This name will be used for the

connection and it will also be displayed in the various installation dialog boxes of

Connection Manager. Click Next.

6. On the Realm Name page, leave the default setting of Do Not Add A Realm Name To The

User Name enabled. Click Next.

7. On the Merging Profile Information page, you can merge information from other existing

profiles to add to this profile. Click Next.

8. On the VPN Support page, you can set that a VPN connection be established. Click the

Phone Book From This Profile checkbox. In the Enter the VPN Server Name or IP

Address section of the page, select one of the following options:

1.

Always Use the Same VPN Server option OR

Allow The User To Choose A VPN Server Before Connecting option.

9. Click Next.

10. On the VPN Entries page, perform either of these actions:

o Create a new VPN entry.

o Specify an existing VPN connection for the profile

11. Click Next.

12. On the Phone Book page, disable the Automatically Download Phone Book Updates

checkbox, and then click Next.
http://www.tech-faq.com/using-connection-manager.htmlhttp://www.tutorials.tech-faq.com/ip-address.htmlhttp://www.tutorials.tech-faq.com/ip-address.htmlhttp://www.tutorials.tech-faq.com/ip-address.htmlhttp://www.tech-faq.com/using-connection-manager.html

13. On the Dial-Up Networking Entries page, perform either of these actions

o Create a new dial-up networking entry.

o Specify an existing dial-up networking entry for the profile.

13. Click Next.

14. On the Routing Table Update page, click Next.

15. On the Automatic Proxy Configuration, set any settings for a proxy server that should

be utilized with the connection, and then click Next.

16. On the Custom Actions page, click Next.

17. On the Logon Bitmap page, specify your own graphics or accept the default graphic


18. On the Phone Bok Bitmap page, specify your own graphic or select a default graphic,


19. On the Icons page, select your icons for the connection or use the default settings.

Click Next.

20. On the Notification Area Shortcut Menu page, specify the items which should be

displayed on the shortcut menu, and then click Next.

21. On the Help File page, specify your custom Help file. Click Next.

22. On the Support Information page, provide your support details in the Support

Information text box, and then click Next.

23. On the Connection Manager Software page, you can select the Install Connection

Manager option if users do not have the Connection Manager installed. Click Next.

24. On the License Agreement page, specify the text file that includes the license

agreement, and then click Next.

25. On the Additional Files page include all other files which should be added with the new

service profile. Click Next.

26. On the Ready To Build The Service Profile page, click Next to start the creation of the

new service profile.

27. The CMAK Wizard creates the new customized Connection Manager service profile.

28. Click Finish.

How to deploy CMAK packages

When you have completed all the necessary pages of the CMAK Wizard, the Connection

Manager service profile is created. The connection package is compressed as well. The final

screen of the CMAK Wizard displays the location of your newly Connection Manager service

profile.

The service profile is by default stored in the following directory:

C:Program FilesCMAKProfiles directory. The directory is automatically created for the

service profile by CMAK.

To distribute the new service profile package files, use either of these methods:

Copy the files in the CMAK directory to a:

o CDROM

o Floppy disk.

o Web site

Share the CMAK directory and provide users with the path information.

Configuring Remote Access Clients

Remote Access Overview

The Routing and Remote Access service (RRAS) is integrated in Windows 2000 and Windows

Server 2003 and provides connectivity for remote users and remote offices to the corporate

network. RRAS make it possible for remote users to perform their tasks as though they are

actually physically connected to the corporate network. A remote access connection enables

services such as file and print sharing to be available to remote users. To access network

resources, remote access clients can use standard Windows tools.

Dial-up networking allows a remote access client to establish a dial-up connection to a port

on a remote access server. The configuration of the dial-up networking server determines

what resources the remote user can access. Users that connect through a dial-up

networking server, connect to the network much like a standard LAN user accessing

resources.

Remote access VPNs provides a common

environment where many different sources

such as intermediaries, clients and off-site

employees can access information via web

browsers or email. Many companies supply

their own VPN connections via the Internet.

Through their ISPs, remote users running

VPN client software are assured private

access in a publicly shared environment. By

using analog, ISDN, DSL, cable technology,

dial and mobile IP; VPNs are implemented

over extensive shared infrastructures. Email, database and office applications use these

secure remote VPN connections.

The different remote access client types are listed below:

Dial-up client: A dial-up client uses a physical connection to the remote access server to

establish a connection to it. A dial-up client can access resources in much the same

manner as if they are actually physically connected to the network. Dial-up clients can:

o Access network resources and services.

o Share files.
http://www.tech-faq.com/configuring-remote-access-clients.htmlhttp://whatwww.tech-faq.com/routing.html

o Map network drives, and perform other operations, based on the access that is

allowed.

You should utilize a dial-up client when the following conditions are present:

o The Internet cannot be used to access resources on the corporate network because of

security issues.

o The throughput provide by a dial-up connection adequately meets the requirements of

remote access clients they are able to perform the various functions which they

need to.

o The expense of phone lines and modems are affordable.

VPN client: A VPN client utilizes the Internet, tunneling and TCP/IP protocols to establish

a connection to the network.

Wireless client: These clients connect to the network through radio frequencies such as

infrared frequencies.

When determining user requirements for remote access, a few issues that need to be

initially addressed are:

Determine what operating systems are being used by clients.

Determine the computers which are being used by clients.

Determine what the bandwidth needs of users are.

Determine what connections can be supported.

Determine whether clients current Internet connections can be used for VPN

connections.

Determine how often users will need to connect to the network.

Configuring Dial-up RAS clients and VPN clients

The process for configuring a dial-up remote access client and a VPN client are almost

similar. The primary difference between configuring a dial-up remote access client and a

VPN client are explained below:

When configuring a dial-up remote access client, you specify the phone number of the

remote access server.

When configuring a VPN client, you specify the IP address of the server.

After a connection is established, you can change the connections properties through the

connections Properties dialog box. The configuration settings that you can configure

through the various tabs on the Dial-Up Connection Properties dialog box are:
http://whatwww.tech-faq.com/tcp-ip.html

General tab: The configuration settings that you can configure on the General tab are:

o Configure the VPN servers IP address or hostname

o Specify the phone number to use with the specific connection.

o Specify the connection which should be established prior to the VPN connection being

established.

o Modify the settings of the existing modem that the connection uses

o Modify the modem that the connection uses.

o Specify whether the dialing rules apply for RAS connections.

o Specify whether the connection shows a status icon when the connection is active. For

dial-up connections, the Show Icon In Taskbar When Connected checkbox is enabled

by default.

Options tab: The configuration settings that you can configure on the Options tab pertain

to the dialing and redialing of the connection. The settings on the Options tab are

organized into two sections, namely the Dialing Options section and the Redialing

Options:

o Dialing Options: The dialing options that you can set are listed below. These settings

control the dial-up networkings interface actions:

Display Progress While Connecting checkbox; tracks the progress of the attempted

connection. This option is enabled by default.

Prompt For Name And Password, Certificate, Etc. checkbox; prompts for any

credentials needed to authenticate the connection to the server. The option is

enabled by default.

Include Windows Logon Domain checkbox; the domain name of the domain

currently logged on to is included with the authentication credentials. The option is

disabled by default.

Prompt For Phone Number checkbox; shows the phone number in the connection

dialog box so that it can be edited prior to dialing.

o Redialing Options: These settings control the activities that occur when the remote

end is busy. The redialing options that you can set are:

Redial Attempts box; for specifying the number of attempts that occur to establish

the connection before abandoning it. The default value for the Redial Attempts

setting is 3.

Time Between Redial Attempts setting; for indicating the wait period before

reattempting the connection.

Idle Time Before Hanging Up setting; for specifying the idle time for the connection

before the call is terminated.

Redial If Line Is Dropped checkbox; when enabled, the number is automatically

redialed when you are disconnected.

Security tab: The configuration settings that you can configure on the Security tab

control the security of the connection. This includes options for authentication protocols

and encryption. The settings on the Security tab are also organized into two sections,

namely the Security Options section and the Advanced Security Settings:

o Security Options: The settings that you can configure when you select the Typical

(Recommended Settings) option are:

Validate My Identity As Follows; used to specify whether secured passwords,

unsecured passwords, or smart card authentication is used. The default setting is

unsecured passwords.

Automatically Use My Windows Logon Name And Password checkbox; for secured

passwords, provides the remote end with the logon credentials used to log on to

the domain/computer.

Require Data Encryption checkbox; for secured passwords and smart card

authentication, specifies whether an encryption method should be negotiated

between the remote server and the client.

o Advanced Security Settings: The settings that you can configure when you select the

Advanced (Custom Settings) option are listed below. The Advanced Security Settings

dialog box is accessed by clicking the Settings button after you have selected the

Advanced (Custom Settings) option:

Data Encryption drop down list; includes options that specify whether to encrypt

either end of network connections through IPSec. The options are No Encryption

Allowed the server will drop the connection if the client cannot provide

encryption; Optional Encryption the call continues if encryption cannot be

provided; Require Encryption the client has to request encryption, and is not

allowed to connect if the remote server cannot provide it; Maximum Strength

Encryption a connection can only be established if the client and server support

the same level of encryption.

Logon Security setting; specifies the authentication protocols which the client

utilizes. The available options are Use Extensible Authentication Protocol (EAP)

and Smart Card Or Other Certificate.

Allow These Protocols setting; specifies the authentication protocols that the client

can use. Authentication protocols options include CHAP, MS-CHAPv1, MS-CHAPv2,

PAP and SPAP. The authentication protocols that are by default selected when the

Allow These Protocols option is enabled are CHAP, MS-CHAPv1 and MS-CHAPv2.
http://whatwww.tech-faq.com/smart-card.html

o Networking tab: The configuration settings that you can configure on the Networking

tab are explained below:

Type Of Dial-Up Server I Am Calling setting; specifies the type of server being

called. The options are PPP and SLIP, with PPP being the default setting.

You can select the Install, Uninstall, and Properties buttons to control the protocols

installed on the machine, and to control the settings of the protocols. The typically

selected options are Internet Protocol (TCP/IP) and Client For Microsoft Networks.

o Sharing tab: The configuration settings that you can configure on the Sharing tab are

for RAS clients only:

Enable Internet Connection Sharing For This Connection

Enable On-Demand Dialing

How to install the Routing and Remote Access

Services (RRAS)



2. In the console tree, select the remote access server that you want to configure. Select

the Action menu, and then select the Configure and Enable Routing and Remote Access.

Alternatively, you can right-click the server that you want to configure, and then select

Configure and Enable Routing and Remote Access from the shortcut menu.

3. The Routing and Remote Access Server Setup Wizard initiates.

4. On the initial page of the Routing and Remote Access Server Setup Wizard, click Next.

5. On the Configuration page, select the Remote Access (Dial-Up Or VPN) option and then

click Next.

6. On the Remote Access page, select either the VPN server checkbox, or the dial-up server

checkbox, or both of these checkboxes. Click Next.

7. When the Macintosh Guest Authentication page is displayed, click the Allow

Unauthenticated Access For All Remote Clients option if you want the RRAS server to

accept anonymous remote access. Click Next.

8. On the IP Address Assignment page, accept the default setting of Automatically, or select

the From A Specified Range Of Addresses button. Click Next.


Remote Access To Authenticate Connection Requests option, and then click Next.

10. On the Summary page, click Finish.
http://whatwww.tech-faq.com/ip-address.html

11. The RRAS service starts.

How to configure the VPN client

1. On the client computer open Control Panel.

2. Right-click Network Connections and then select open from the shortcut menu.

3. Click New Connection Wizard to start the New Connection Wizard.

4. Click Next on the Welcome to the New Connection Wizard page.

5. On the Network Connection Type page, select Connect to the network at my workplace,


6. Click Virtual Private Network Connection, and click Next.

7. Enter a name for the connection and click Next.

8. Specify the external IP address of the VPN server, or the FQDN of the VPN server, and

then click Next.

9. Select the Anyones use If you want the connection to be available to everyone who

uses the computer and then click Next.

10. When the Completing the New Connection Wizard page appears, click Finish.

11. The logon dialog box is displayed after you click the Finish button to complete the New

Connection Wizard.

How to allow multilink connections from remote

access clients



2. In the console tree, right-click the server that you want to work with, and then click


3. The server Properties dialog box opens.

4. Switch to the PPP tab.

5. Select the Multilink Connections checkbox to allow multilink connections from remote

access clients.

6. If you do not want to allow multilink connections, simply disable the Multilink

Connections checkbox.

7. If you select the Multilink Connections checkbox, it is recommended that you enable the

Dynamic Bandwidth Control Using BAP Or BACP checkbox. This allows the server to add

or drop PPP connections based on the rise and fall in available bandwidth.

8. Click OK.

How to grant dial-in permission for user accounts

1. Click Start, Administrative Tools, and then click Computer Management to open the

Computer Management console.

2. Double-click Local Users and Groups.

3. Double-click Users.

4. Double-click the specific user account that you want to grant access for to open the

Properties dialog box of the user.


6. Click Allow access, and then click OK.

7. On the client computer, access the Network Connections folder, and then double-click the

VPN connection that you want to configure.

8. Specify the user account credentials, and then click Connect.

How to enable remote access for specific user

1. Click Start, Administrative Tools, and then click Active Directory Users and Computers to

open the Active Directory Users and Computers management console.

2. In the console tree, expand the domain that contains the user account that you want to

enable remote access for.

3. Select the Users container.

4. In the right pane, locate the user account that you want to configure.

5. Right-click the specific user account and then select Properties from the shortcut menu.

6. The Properties dialog box of the user opens.


8. In the Remote Access Permission area, click the Allow Access option.

9. Click OK.

How to enable remote access based on remote

access policy

1. Click Start, Administrative Tools, and then click Active Directory Users and Computers to

open the Active Directory Users and Computers management console.
http://whatwww.tech-faq.com/active-directory.html

2. In the console tree, expand the domain that contains the user account that you want to

enable remote access for.

3. Select the Users container.

4. In the right pane, locate the user account that you want to configure.

5. Right-click the specific user account and then select Properties from the shortcut menu.

6. The Properties dialog box of the user opens.


8. In the Remote Access Permission area, click the Control Access Through Remote Access

Policy option.

9. Click OK.

How to configure inbound dial-up connections on a

computer running Windows 2000 Professional

1. Click Start, Settings and then click Network And Dial-Up Connections.

2. When the Network And Dial-Up Connections dialog box opens, double-click Make New

Connection.

3. The Network Connection Wizard starts.

4. Click Next on the Welcome to the Network Connection Wizard page.

5. On the Network Connection Type page, click the Accept Incoming Connections option and

then click Next.

6. On the Devices For Incoming Connections page, in the Connection Devices list, choose

the modem device for the computer. Click Next./li>

7. On the Incoming Virtual Private Connection page, click the Allow Virtual Private

Connections option and then click Next.

8. On the Allowed Users page, select the Administrator option and then proceed to click the

Properties button.

9. The Administrator Properties dialog box opens.

10. Switch to the Callback tab.

11. Verify that the correct settings are specified on the tab. Click OK and click Next.

12. On the Networking Components page, select the Internet Protocol TCP/IP option and

then click the Properties button.

13. When the Incoming TCP/IP Properties dialog box opens, select Specify TCP/IP addresses.

14. Specify the appropriate address in the From box and in the To box, and then click OK and

click Next.

15. Click Finish.

How to configure outbound connections on a

computer running Windows 2000 Professional

1. Click Start, Settings and then click Network And Dial-Up Connections.

2. When the Network And Dial-Up Connections dialog box opens, double-click Make New

Connection.

3. The Network Connection Wizard starts.

4. Click Next on the Welcome to the Network Connection Wizard page.

5. On the Network Connection Type page, click the Connect To A Private Network Through

The Internet option. Click Next.

6. On the Destination Address page, enter the appropriate address and then click Next.

7. On the Connection Availability page, click the Only For Myself option and then click Next.

8. Click Finish to complete the Network Connection Wizard.

9. The Connect Virtual Private Connection dialog box automatically opens.

10. Provide the proper use name and password details.

11. Click the Connect button.

How to manage remote access clients

You can use the Routing And Remote Access console to both examine and manage remote

access clients that have established connections to the remote access server. The various

activities that you can perform are:

View and examine the status of connected remote access clients.

Send a message to one or multiple remote access clients.

Disconnect remote access clients.

How to view the status of connected remote access clients



2. In the console tree, select Remote Access Clients.

3. All currently connected remote access clients are displayed in the details pane of the


4. Right-click the user name that you want to examine, and then select Status from the

shortcut menu to view the status of the connection.

How to send a message to a remote access client




3. In the details pane, right-click the user name that you want to send the message to, and

then select Send Message from the shortcut menu.

4. The Send Message dialog box opens.

5. Type the message that you want to send to the user name that you have selected.

6. Click OK.

How to send a message to all remote access clients



2. In the console tree, right-click Remote Access Clients and then select Send To All from

the shortcut menu.

3. When the Send Message dialog box opens, type up the message that you want to send to

all connected remote access clients.

4. Click OK.

How to disconnect remote access clients




3. In the details pane, right-click the user name that you want to disconnect, and then

select Disconnect from the shortcut menu.

Troubleshooting Dial-Up Remote Access

Connections

A few guidelines for troubleshooting dial-up remote access connections are listed below:

For a dial-up remote access connection to be established between a remote access

server and remote access clients, the Remote Access Server option should be enabled on

the General tab of the Properties dialog box of the remote access server. You can use the

Routing And Remote Access management console to verify that the Remote Access

Server option is enabled.

Ensure that the settings of the remote access policy and the settings configured in the

properties of the remote access server are not conflicting.

The remote access server, the remote access policy, and the dial-up remote client should

all be configured to minimally use one common authentication protocol. You can view

this information on the Security tab of the Dial-Up Connection Properties dialog box.

If MS-CHAP v1 is the authentication protocol being used, ensure that the user password

is not more than 14 characters.

The remote access server, the remote access policy, and the dial-up remote client should

all be configured to minimally use one common encryption strength. You can verify this

information on the Security tab of the Dial-Up Connection Properties dialog box.

Ensure that the number of modem devices specified in the Ports node of the Routing And

Remote Access management console can cope with the specified number of concurrent

remote access connections.

The remote access server either assigns addresses to clients from a predefined static

address pool or through a DHCP server on the network.

o For address assignment from the static address pool, ensure that the address pool can

handle the required concurrent client connections.

o For address assignment through the DHCP server, ensure that the DHCP servers

scope can handle the blocks of 10 addresses needed by your remote access server.

The dial-up remote access connection must have the correct permissions for the

connection to be established. You can verify the permissions specified for the connection

by examining the remote access policies and the dial-in properties of the specific user

account.

A few guidelines for troubleshooting modems that are not operating:

o Ensure that the modem cable is not faulty.

o Check whether the modem is compatible.

o Verify that the modem is connected correctly to the computers port. Verify that the

power is turned on.

o Check that the correct number was dialed.

o Check whether the phone lines support the speed of the modem. Try using a lower

bps rate.

o The issue might be that the modem cannot work with the modem of the remote

access server. Here, you might need to use the same modem type being used by


o Verify that you have the necessary remote access permission, and that your user

account is valid.

o Check whether the remote access server is running.

If you continuously receive an error message, indicating that the remote access server is

not responding, a few guidelines to solve this issue are listed below:

o Check whether you can connect to the server from a different workstation to ascertain

whether the issue is specific to one workstation.

o Check whether the remote access server is running and operating correctly.

o Verify whether the modem vendor has released new software updates. There might be

an issue with the version of the modem software that you are using.

o If the modem and telephone line appear to not be operating as they should be, use

modem diagnostics to verify that the modem is operating as it should. There might

also be excessive static on the phone line.

o There could be a switching mechanism between the remote access client and server

which is preventing the connection from being established. You should attempt using

a lower bps rate.

o The issue might be that the modem you are using is conflicting with the modem of the

server. You should attempt using a lower bps rate.

o If the modem is experiencing a problem connecting and there is quite some static on

the telephone line, attempt using a lower bps rate. The issue might be that the

modem cannot connect at a higher data rate.

o You can verify the quality of your phone line with the telephone company.

If you receive a no answer message when attempting to connect via ISDN, try the

following strategies. A few possible causes for this type of issue is also listed:

o Try dialing later. The line might be too busy or an existing poor line condition could be

hindering the connection.

o Check that the ISDN adapters are installed and that they are set up correctly.

o Check whether the phone number is configured correctly. You can contact the

telephone company to determine the numbers that the ISDN line owns.

o Verify that the remote access server is up and running, and verify that the modem is

connected.

o Verify that your DigiBoard adapter is current.

o Verify that the Service Profile Identifier (SPID) is configured correctly.

o You should enable line-type negotiation.

If remote access client connections to the remote access server are continuously being

dropped, try the following strategies:

o Check whether the modem cable is connected correctly. It could have been

disconnected.

o Verify that the modem settings are correct.

o Verify whether the modem vendor has released new software updates. There might be

an issue with the version of the modem software that you are using.

o It could be that the phone has call waiting, and this is hindering the connection.

Disable call waiting and then try again.

o You could have been disconnected because of an inactivity period. Try once more.

o If somebody picked up the phone, you would have been automatically disconnected.

Try calling once more.

How to Setup a Remote Desktop Web Connection

The Remote Desktop Web Connection is a Win32-based ActiveX control (COM object) that

can be used to run Remote Desktop sessions from within a browser like Internet Explorer. It

is a useful alternative to the regular Remote Desktopbecause it can be used without

installing any software on the client machine. Remote Desktopdemands the user to install

software on the clients machine, which can be sometimes infeasible.

Remote Desktop Web Connection is able to do this because the Remote Desktop runs within

a web browser such as Internet Explorer. The web browser on the host computer must

supportActive-X controls to implement Remote Desktop Web Connection.

Configuring the Host Computer

Enabling the Remote Desktop Web Connection on the host computer is the foremost step.

Follow the steps listed below carefully:

Open Control Panel, click on the Add or

Remove Programs icon, and then click

on Add/Remove Windows

Components option.

Click on Internet Information Services,

and then click on the Details option.

In the Subcomponents of Internet

Information Services list, click on World Wide Web Service, and then click on

the Details option.

In the Subcomponents of World Wide Web Service list, select the Remote Desktop Web

Connectioncheck box, and then click OK.

In the Windows Components Wizard, click on Next.

Click Finish when the wizard has completed.

Configuring IIS (Internet Information Services)

TCP port number 80 acts as the default port number to identify Internet Information

Services (IIS). In order to avoid external harmful attacks, these steps change the default
http://www.tech-faq.com/remote-desktop.htmlhttp://www.tech-faq.com/how-to-setup-a-remote-desktop-web-connection.htmlhttp://www.tech-faq.com/remote-desktop.htmlhttp://www.tech-faq.com/remote-desktop.htmlhttp://www.tech-faq.com/how-to-setup-a-remote-desktop-web-connection.htmlhttp://www.tech-faq.com/remote-desktop.htmlhttp://www.tech-faq.com/active-x-controls.html

port number. The steps listed below are optional but implementing them will highly improve

your machines security.

Note: TCP port number should not be changed if you are already using the machine as a

web server.

Open Control Panel, click on the Performance and Maintenance icon, and then click

onAdministrative Tools. Double-click on the Internet Information Services.

In the ISS snap-in, expand your computer name, expand Web Sites, right-click on

the Default Web Site, and then click on Properties.

On the Web Site tab, change the TCP Port value. Enter a number between 1000 and

65535 that you remember well. This port number will be used for future connections.

Click OK, and close the Internet Information Services snap-in.

Configuring Remote Desktop

A user account with a password is necessary to connect using Remote Desktop. Create an

account if you do not have one. Follow the listed steps carefully to activate Remote Desktop

Right-click on My Computer from the desktop, and select the Properties option.

Select the Remote tab, and then click on the Allow users to connect remotely to

this computercheck box.

Click Select Remote Users, and then click Add.

In the Select Users dialog box, type the name of the user and then click on OK. Click

on OK again to return to the System Properties dialog box, and then click on OK to close

it.

Connect to the Remote Computer

Finally, you can now connect to the remote configured computer via the Internet. In order

to connect, the IP address of the target computer should be known (you could use What Is

My IP or What Is My IP.com to identify the IP address). Now, simply follow the listed steps

carefully in order to connect:

Open Internet Explorer browser, and enter the URL http://ipaddress:port/tsweb/

Example: http://192.168.1.120:1374/tsweb/
http://www.tech-faq.com/remote-desktop.htmlhttp://www.tech-faq.com/remote-desktop.htmlhttp://www.tech-faq.com/how-to-setup-a-remote-desktop-web-connection.htmlhttp://www.whatismyip.org/http://www.whatismyip.org/http://www.whatismyip.org/http://www.whatismyip.com/http://www.tech-faq.com/192-168.html

Your browser may not be installed with the Remote Desktop ActiveX control, hence if it

prompts you to install it, click Yes.

On the Remote Desktop Web Connection page, click on Connect. You dont need to fill in

the Server field. If you leave the Size field set to Full-screen, the remote desktop will

take over your local desktop.

Enter your user name and password at the Windows logon prompt, and then click OK.

Youll see your desktop completely.
http://www.tech-faq.com/how-to-setup-a-remote-desktop-web-connection.html

Routing and Remote Access Service

Routing and Remote Access Service Overview

The Routing and Remote Access service (RRAS) is a multi-protocol software router

integrated in Windows 2000 and Windows Server 2003 that provides connectivity for remote

users and remote offices to the corporate network. RRAS make it possible for remote users

to perform their tasks as though they are actually physically connected to the corporate

network. A remote access connection enables services such as file and print sharing to be

available to remote users. To access network resources, remote access clients can use

standard Windows tools.

The Routing and Remote Access service (RRAS) includes integrated support for the following

dynamic routing protocols:

Routing Information Protocol (RIP) version 2

Open Shortest Path First (OSPF)

Routing and Remote Access service can be configured for:

LAN-to-LAN routing

LAN-to-WAN routing

Virtual private network (VPN) routing

Network Address Translation (NAT) routing

Routing features, including

o IP multicasting

o Packet filtering

o Demand-dial routing

o DHCP relay

A computer running Windows 2000

Server or Windows Server 2003 with

Routing and Remote Access service

enabled and configured is called a


A remote access server provides the

following two types of remote access

connectivity:
http://www.tech-faq.com/routing-information-protocol.htmlhttp://www.tech-faq.com/nat-network-address-translation.html

Dial-up networking (DUN)

Virtual private networking

The Routing and Remote Access features are summarized below:

Router discovery, defined in RFC 1256 provides the means for configuring and

discovering default gateways. Router discovery makes it possible for clients to:

o Dynamically discover routers.

o Use alternate or backup routers when necessary, for instance when a network failure

occurs.

Router discovery consists of the following types of packets

Configuring Remote Access Servers

Documents

Transcript of Configuring Remote Access Servers