MCITP Guide to Microsoft Windows Server 2008 Server Administration (Exam #70-646) Chapter 10 Configuring Remote Access.

Slides:



Advertisements
Similar presentations
Encrypting Wireless Data with VPN Techniques
Advertisements

Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)
1.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.
11 TROUBLESHOOTING Chapter 12. Chapter 12: TROUBLESHOOTING2 OVERVIEW  Determine whether a network communications problem is related to TCP/IP.  Understand.
SCSC 455 Computer Security Virtual Private Network (VPN)
1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 11: Planning Network Access.
MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 14: Troubleshooting Remote Connections.
Hands-On Microsoft Windows Server 2003 Administration Chapter 11 Administering Remote Access Services.
70-270, MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Twelve Implementing Terminal.
Chapter 13 Chapter 13: Managing Internet and Network Interoperability.
Hands-On Microsoft Windows Server Connecting Through Terminal Services Terminal server – Enables clients to run services and software applications.
Remote Networking Architectures
1 Chapter Overview Introduction to Windows XP Professional Printing Setting Up Network Printers Connecting to Network Printers Configuring Network Printers.
Network Address Translation, Remote Access and Virtual Private Networks BSAD 146 Dave Novak Sources: Network+ Guide to Networks, Dean 2013.
Virtual Private Network (VPN) © N. Ganesan, Ph.D..
1 © J. Liebeherr, All rights reserved Virtual Private Networks.
Overview of Routing and Remote Access Service (RRAS) When RRAS was implemented in Microsoft Windows NT 4.0, it added support for a number of features.
Module 11: Supporting Remote Users. Overview Establishing Remote Access Connections Connecting to Virtual Private Networks Configuring Authentication.
Chapter 11: Dial-Up Connectivity in Remote Access Designs
MCTS GUIDE TO MICROSOFT WINDOWS 7 Chapter 14 Remote Access.
Network+ Guide to Networks 6 th Edition Chapter 10 Virtual Networks and Remote Access.
70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 10: Remote Access.
1 Microsoft Windows NT 4.0 Authentication Protocols Password Authentication Protocol (PAP) Challenge Handshake Authentication Protocol (CHAP) Microsoft.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 9 Network Policy and Access Services in Windows Server 2008.
Virtual Private Networks (Tunnels). When Are VPN Tunnels Used? VPN with PPTP tunnel Used if: All routers support VPN tunnels You are using MS-CHAP or.
Week #10 Objectives: Remote Access and Mobile Computing Configure Mobile Computer and Device Settings Configure Remote Desktop and Remote Assistance for.
NORTEL NETWORKS CONFIDENTIAL CallPilot 150 Modem Access Jan 03, 2005 Version 1.5.
Windows Server 2008 Chapter 9 Last Update
Networking Technologies
Network+ Guide to Networks 6 th Edition Chapter 10 Virtual Networks and Remote Access.
Guide to Operating System Security Chapter 9 Web, Remote Access, and VPN Security.
Configuring Routing and Remote Access(RRAS) and Wireless Networking
Chapter 7: Using Windows Servers to Share Information.
Chapter 12 Chapter 12: Remote Access and Virtual Private Networks.
Module 9: Planning Network Access. Overview Introducing Network Access Selecting Network Access Connection Methods Selecting a Remote Access Policy Strategy.
12-Sep-15 Virtual Private Network. Why the need To transmit files securely without disclosing sensitive information to others in the Internet.
A+ Guide to Software: Managing, Maintaining, and Troubleshooting, 5e
Chapter 13 – Network Security
Chapter 6 Configuring Windows Server 2008 Printing
Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.
Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.
11.59 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 11: Introducing WINS, DNS,
70-411: Administering Windows Server 2012
Objectives Configure routing in Windows Server 2008 Configure Routing and Remote Access Services in Windows Server 2008 Network Address Translation 1.
Module 8 Configuring Mobile Computing and Remote Access in Windows® 7.
1 Chapter Overview Installing the TCP/IP Protocols Configuring TCP/IP.
1 Chapter Overview Using the New Connection Wizard to configure network and Internet connections Using the New Connection Wizard to configure outbound.
1 Week 6 – NPS and RADIUS Install and Configure a Network Policy Server Configure RADIUS Clients and Servers NPS Authentication Methods Monitor and Troubleshoot.
1 Chapter 12: VPN Connectivity in Remote Access Designs Designs That Include VPN Remote Access Essential VPN Remote Access Design Concepts Data Protection.
Module 11: Remote Access Fundamentals
VIRTUAL PRIVATE NETWORK By: Tammy Be Khoa Kieu Stephen Tran Michael Tse.
11.59 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 11: Introducing WINS, DNS,
MCTS Guide to Microsoft Windows Server 2008 Applications Infrastructure Configuration (Exam # ) Chapter Four Windows Server 2008 Remote Desktop Services,
Hands-On Microsoft Windows Server Introduction to Remote Access Routing and Remote Access Services (RRAS) –Enable routing and remote access through.
5.1 © 2004 Pearson Education, Inc. Exam Designing a Microsoft ® Windows ® Server 2003 Active Directory and Network Infrastructure Lesson 5: Planning.
Page 1 TCP/IP Networking and Remote Access Lecture 9 Hassan Shuja 11/23/2004.
1 Chapter Overview Password Protection Security Models Firewalls Security Protocols.
NETWORKING FUNDAMENTALS. Network+ Guide to Networks, 4e2.
Network Infrastructure Microsoft Windows 2003 Network Infrastructure MCSE Study Guide for Exam
Remote Access and Long-Distance Communications. Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Typical Telephone.
Configure and Security Remote Acess. Chapter 8 Advance Computer Network Lecture Sorn Pisey
Windows Vista Configuration MCTS : Advanced Networking.
KAPLAN SCHOOL OF INFORMATION SYSTEMS AND TECHNOLOGY IT375 Window Enterprise Administration Course Name – IT Introduction to Network Security Instructor.
Module 9: Configuring Network Access
Microsoft Windows NT 4.0 Authentication Protocols
Network+ Guide to Networks 6th Edition
Chapter 12: Remote Access and Virtual Private Networks
Virtual Private Networks (VPN)
Presentation transcript:

MCITP Guide to Microsoft Windows Server 2008 Server Administration (Exam #70-646) Chapter 10 Configuring Remote Access

MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646) 2 Learning Objectives Understand Windows Server 2008 remote access services Implement and manage a virtual private network Configure a VPN server Configure a dial-up remote access server Troubleshoot virtual private network and dial-up remote access installations

Learning Objectives (cont’d.) Install and configure Terminal Services MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646) 3

Introduction to Remote Access Routing and Remote Access Services (RRAS) –Enable routing and remote access through virtual private networking and dialup networking Virtual private network (VPN) –Tunnel through a larger network that is restricted to designated member clients only Dial-up networking –Using a telecommunications line and a modem to dial into a network or specific computers on a network MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646) 4

Introduction to Remote Access (cont’d.) Modem –Modulator/demodulator –Converts a transmitted digital signal to an analog signal for a telephone line –Converts a received analog signal to a digital signal for use by a computer RRAS –Turns server into a dial-up Remote Access Services (RAS) server capable of handling hundreds of simultaneous connections MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646) 5

MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646) 6 Figure 10-1 A VPN network Courtesy Course Technology/Cengage Learning

Implementing a Virtual Private Network VPN –Uses LAN and tunneling protocols –Encapsulates data as it is sent across a public network Benefits of using a VPN –Users can connect through a local ISP to the local network –Ensures that any data sent across a public network is secure –Encrypted tunnel MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646) 7

Using Remote Access Protocols Function of the remote access protocol –Encapsulate a packet –TCP/IP is the most commonly used transport protocol Encapsulated in a remote access protocol for transport over a WAN Other legacy transport protocols –IPX for legacy NetWare networks –NetBEUI for legacy Microsoft networks –Not supported by Windows Server 2008 MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646) 8

Using Remote Access Protocols (cont’d.) Serial Line Internet Protocol (SLIP) –Originally designed for UNIX environments –Provides point-to-point communications using TCP/IP Compressed Serial Line Internet Protocol (CSLIP) –Newer version of SLIP –Compresses header information in each packet SLIP and CSLIP do not support –Network connection authentication MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646) 9

Using Remote Access Protocols (cont’d.) –SLIP and CSLIP do not support (cont’d.) Automatic negotiation of the network connection through multiple network connection layers at the same time Point-to-Point Protocol (PPP) –Has more capability than SLIP Remote access protocols –Point-to-Point Tunneling Protocol –Layer Two Tunneling Protocol –Secure Socket Tunneling Protocol MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646) 10

Using Remote Access Protocols (cont’d.) Point-to-Point Tunneling Protocol (PPTP) –Offers PPP-based authentication techniques –Encrypts data carried by PPTP through using Microsoft Point-to-Point Encryption Microsoft Point-to-Point Encryption (MPPE) –Starting-to-ending-point encryption technique that uses special encryption keys varying in length from 40 to 128 bits MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646) 11

Using Remote Access Protocols (cont’d.) Layer Two Tunneling Protocol (L2TP) –Works similarly to PPTP IP Security (IPsec) –IP-based secure communications and encryption standards created through the Internet Engineering Task Force (IETF) Secure Socket Tunneling Protocol (SSTP) –Employs PPP authentication techniques –Encapsulates data packet in the Hypertext Transfer Protocol (HTTP) MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646) 12

Using Remote Access Protocols (cont’d.) Secure Sockets Layer (SSL) –Data encryption technique employed between a server and a client PPP, PPTP, and L2TP are available in: –Windows 2000, Windows XP, Windows Vista, Windows 7 –Windows 2000 Server, Windows Server 2003, Windows Server 2008 SSTP is available in: –Windows Server 2008, Windows Vista, Windows 7 MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646) 13

Using Remote Access Protocols (cont’d.) MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646) 14 Table 10-1 Communications technologies

Configuring a VPN Server Install Network Policy and Access Services role Configure a Microsoft Windows Server 2008 server as a network’s VPN server –Configure protocols to provide VPN access to clients Configure a VPN server as a DHCP Relay Agent for TCP/IP communications Configure the VPN server properties Configure a remote access policy for security MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646) 15

Configuring a VPN Server (cont’d.) Windows Server 2008 requires at least two network interfaces in the computer: –One for the connection to the LAN –One for a connection to the physical VPN network Activity 10-1: Installing Network Policy and Access Services –Objective: Learn how to install Routing and Remote Access Services Activity 10-2: Setting Up a VPN Server –Objective: Set up a VPN server MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646) 16

Configuring a VPN Server (cont’d.) MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646) 17 Table 10-2 Routing and remote access options

Configuring a VPN Server (cont’d.) MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646) 18 Table 10-3 Ports to open in the Windows Firewall for a VPN

Configuring a DHCP Relay Agent DHCP Relay Agent –Broadcasts IP configuration information –Use Routing and Remote Access tool to configure VPN server as a DHCP Relay Agent Activity 10-3: Configuring a DHCP Relay Agent –Objective: Set up a DHCP Relay Agent Activity 10-4: Additional DHCP Relay Agent Configuration –Objective: Configure the DHCP Relay Agent hop count MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646) 19

Configuring VPN Properties Routing and Remote Access tool –Right-click the VPN server in the tree –Click Properties MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646) 20 Figure 10-9 Configuring the interface properties Courtesy Course Technology/Cengage Learning

Configuring VPN Properties (cont’d.) MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646) 21 Figure VPN server properties Courtesy Course Technology/Cengage Learning

Configuring VPN Properties (cont’d.) MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646) 22 Table 10-4 VPN server properties tabs

Configuring Multilink and Bandwidth Allocation Protocol Multilink –Combine or aggregate two or more communications channels so they appear as one large channel –Aggregated links Multilink must be implemented in the client as well as in the server –Older connection technology compared with DSL or wireless metropolitan area networks Bandwidth Allocation Protocol (BAP) –Ensure that a client’s connection has enough speed or bandwidth for a particular application MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646) 23

Configuring Multilink and Bandwidth Allocation Protocol (cont’d.) Windows Server 2008 version of Multilink PPP –Supports Bandwidth Allocation Control Protocol (BACP) –Selects a preferred client when two or more clients vie for the same bandwidth Activity 10-5: Using Multilink –Objective: Configure a VPN (or RAS) server to use Multilink MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646) 24

Configuring VPN Security When a user accesses a VPN server: –Access is protected by the account access security that already applies Through a group policy or the default domain security policy Elements of a Remote Access Policy –Access permission –Conditions –Constraints –Settings MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646) 25

Configuring VPN Security (cont’d.) Establishing a Remote Access Policy –Use Routing and Remote Access tool Accessed via Administrative Tools or as an MMC snap- in Activity 10-6: Configuring a Remote Access Policy –Objective: Configure a remote access policy MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646) 26

Configuring VPN Security (cont’d.) MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646) 27 Table 10-5 Authentication types

MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646) 28 Figure Encryption options Courtesy Course Technology/Cengage Learning

Configuring VPN Security (cont’d.) MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646) 29 Table 10-6 RAS encryption options

Configuring a Dial-Up Remote Access Server Dial-up remote access server compatible with: –Asynchronous modems –Synchronous modems –Null modem communications –Regular dial-up telephone lines –Leased telecommunication lines –ISDN lines (and digital ‘‘modems’’) –X.25 lines –DSL lines –Cable modem lines –Frame relay lines MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646) 30

Configuring a Dial-Up Remote Access Server (cont’d.) Install RAS using Routing and Remote Access tool –Steps very similar to installing a VPN server MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646) 31

Configuring Dial-Up Security Callback security –Server calls back the remote computer –Verify telephone number in order to discourage a hacker Options available in Windows Server 2008: –No Callback –Set by Caller (Routing and Remote Access Service only) –Always Callback to MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646) 32

Configuring Dial-Up Security (cont’d.) Control network access permission –Allow access –Deny access –Control access through NPS Network Policy Default selection MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646) 33

Configuring a Dial-Up Connection for a RAS Server Create other connections through the Network and Sharing Center Activity 10-7: Configuring a Dial-Up Network Connection –Objective: Configure a dial-up connection for a dial-up RAS server MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646) 34

Configuring Clients to Connect to RAS Through Dial-Up Access Common dial-up RAS clients –Windows 98, 2000, XP, Vista, and 7 Access a dial-up RAS server from other operating systems –Configure a dial-up connection on those clients MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646) 35

Configuring Clients to Connect to RAS Through Dial-Up Access (cont’d.) MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646) 36 Figure Configuring a dial-up connection Courtesy Course Technology/Cengage Learning

Troubleshooting VPN and Dial-Up RAS Installations Troubleshooting VPN or dial-up RAS server communications problem –Hardware and software troubleshooting tips MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646) 37

Hardware Solutions Use Device Manager to check network adapters, WAN adapters, and modems Make sure telephone line plugged in For external modems: –Make sure the modem cable is properly attached, that you are using proper cable type For internal modems or adapter cards: –Check connection inside computer MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646) 38

Hardware Solutions (cont’d.) For a modem connection: –Test the telephone wall connection and cable For an external DSL adapter or a combined DSL adapter and router: –Ensure device is properly configured and connected Call your ISP to determine if problems are present on the ISP’s WAN MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646) 39

Software Solutions Use the Computer Management tool or Server Manager to verify status of: –Routing and Remote Access –Remote Access Auto Connection Manager –Remote Access Connection Manager services Ensure Windows Firewall is set up to allow remote access Make sure VPN or dial-up RAS server is enabled Check the remote access policy to be sure that access permission is granted MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646) 40

Software Solutions (cont’d.) Verify VPN or dial-up RAS server is started Check the network interface Ensure IP parameters are correctly configured to provide an address pool for either a VPN or dial-up RAS server If using a RADIUS server: –Ensure it is connected and working properly and that Internet Authentication Service (IAS) is installed Ensure the remote access policy is consistent with the users’ access needs MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646) 41

Connecting Through Terminal Services Terminal server –Enables clients to run services and software applications on Windows Server 2008 instead of at the client –Enables thin clients to perform most CPU-intensive operations on the server Centralize control of how programs are used Install different role services for specific purposes: –TS Web Access –TS Gateway MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646) 42

Connecting Through Terminal Services (cont’d.) MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646) 43 Table 10-7 Terminal Services components

Connecting Through Terminal Services (cont’d.) MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646) 44 Table 10-8 Role services available through Terminal Services

Connecting Through Terminal Services (cont’d.) RemoteApp –New feature –Enables a client to run an application without loading a remote desktop on the client computer TS Gateway –Provides a secure way to use Terminal Services over the Internet MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646) 45

Installing Terminal Services Install TS Licensing role service –Manage terminal server user licenses obtained from Microsoft –Licenses can be purchased either per user account or by client device Network Level Authentication (NLA) –Enables authentication to take place before the Terminal Services connection is established –Thwarts would-be attackers Create groups of user accounts in advance –Add these groups during installation MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646) 46

Installing Terminal Services (cont’d.) Activity 10-8: Installing Terminal Services –Objective: Learn how to install the Terminal Services role MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646) 47

Configuring Terminal Services Activity 10-9: Configuring Terminal Services –Objective: Configure a terminal server MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646) 48

Configuring Terminal Services (cont’d.) MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646) 49 Table Terminal Services permissions

Managing Terminal Services Terminal Services Manager –Monitor the number of users connected to the terminal server –Add additional terminal servers to monitor –Determine if a user session is active –Determine which programs are running in a user’s session –Disconnect a user’s session or log off a user –Reset a connection that is having trouble –Send a message to a user MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646) 50

Managing Terminal Services (cont’d.) Activity 10-10: Using Terminal Services Manager –Objective: Use Terminal Services Manager MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646) 51

Configuring Licensing Activate Terminal Services licensing server Configure licensing using TS Licensing Manager Activity 10-11: Using the TS Licensing Manager –Objective: Use TS Licensing Manager MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646) 52

Accessing a Terminal Server from a Client Remote Desktop Connection (RDC) –Client already installed in Windows 7, Windows Vista, Windows Server 2008, and Windows XP Activity (optional): Configuring Authentication in Windows Vista or Windows 7 –Objective: Configure NLA authentication in Windows Vista or Windows 7 MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646) 53

Installing Applications on a Terminal Server Might need to reinstall some applications that were installed before Terminal Services role Use Control Panel to uninstall them Reinstall applications –In Control Panel Home view, click Programs –Click Install Application on Terminal Server MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646) 54

MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646) 55 Summary Routing and Remote Access Services includes –Virtual private network (VPN) and dial-up services Remote access protocols include: –SLIP, CSLIP, PPP, PPTP, L2TP, and SSTP Use Server Manager to install the Network Policy and Access Services role VPN has many properties that can be configured –Configure a remote access policy to govern how a VPN server is accessed

Summary (cont’d.) When you configure dial-up remote access –Also configure a DHCP Relay Agent, Multi-link (if used), and a remote access policy for security Use Server Manager to install the Terminal Services role –Configure Terminal Services client access licenses MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646) 56

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.