Professional Documents
Culture Documents
Remote Access and Virtual Private Networks
Remote Access and Virtual Private Networks
Chapter 12:
Remote Access and Virtual
Private Networks
Learning Objectives
Chapter 12
Figure 12-2
Remotely accessing a
network through M odem
W in d o w s 2 0 0 0 s e r v e r
N e tW a re s e rv e r w ith R A S
M odem
E th e rn e t
M odem
T e le p h o n e lin e
C lie n t C lie n t
w o r k s ta tio n w o r k s ta tio n
M odem
Virtual Private Network
Chapter 12
Figure 12-3 V P N tu n n e ls
architecture
In te rn e t
1 7 7 .2 8 .4 4 .1 2 9 W in d o w s 2 0 0 0 S e rv e r
W in d o w s 2 0 0 0 w ith V P N /IIS
s e rv e rs line
re lay
me
Fra
T-3
S u b n e t 1 7 7 .2 8 .4 4 line
S u b n e t 1 7 7 .2 8 .1 9
In te rn e t
R o u te r
T e le p h o n e lin e
V P N T u n n e ls
R o u te r R o u te r
M odem
S u b n e t 1 7 7 .2 8 .7
S u b n e t 1 7 7 .2 8 .2 3
V P N tu n n e l
W e b s e rv e r
1 7 7 .2 8 .2 3 .1 0
Operating Systems Than Can
Connect to RAS/VPN Chapter 12
■ MS-DOS
■ Windows 3.1 and 3.11
■ Windows NT (all versions)
■ Windows 95
■ Windows 98
■ Windows 2000 Server and Professional
■ Windows XP
Connection Types
Supported by RAS Chapter 12
W in d o w s 2 0 0 0 S e r v e r
w ith R A S
E th e rn e t
Figure 12-4
Using an M o d u la r a c c e s s s e rv e r
T-1 line
Leased
te le c o m m u n ic a tio n s
e
lin
DN Leased
IS
te le c o m m u n ic a tio n s
ine
c o n n e c tio n
Nl
ISD
M odem M odem
T e le c o m m u n ic a tio n s
n e tw o rk
T e le c o m m u n ic a tio n s
n e tw o rk
Remote Access Protocols
Chapter 12
the Internet, which is especially useful in a small office environment in which all users
need Internet access, but there is only one dial-up, ISDN, or other outside line to an
ISP
Remote access server Use this option to set up remote access services to the network through the Windows
2000 server
Virtual private network Use this option when you have an intranet (VPN) that you want users to be able to
(VPN) server access through a remote connection or the Internet
Network router Use this option to have Windows 2000 Server function as a router on the network –
directing traffic to other networks or subnetworks
Manually configure the Use this option when you want to customize the routing and remote access capabilities
server
Installing RAS (continued)
Chapter 12
Option Description
Advanced Used to designate connection attributes, such as RADIUS, frame types, AppleTalk zones, special
Authentication Used to select the type or types of authentication methods such as EAP, CHAP, MS-CHAP, MS-
CHAP v2, PAP, and SPAP (or no authentication)
Dial-in constraints Used to set dial-in limitations, such as times of the day and days of the week when the RAS servers
can be accessed, amount of time a connection can be idle before it is disconnected, maximum session
time, dial-in number, and media through which to dial in (such as ISDN, X.25, modem, and fax).
Encryption Used to designate encryption levels: no encryption, basic, strong
IP Used to define how TCP/IP dial-in clients obtain an IP address, such as by using the server user
account settings; and to set up packet filters to limit which IP addresses can access the RAS servers
Multilink Used to enable Multilink connections, when RAS is set up for Multilink and to specify Multilink
BAP settings
Configuring a Dial-up
Connection for a RAS Server Chapter 12