Presentation is loading. Please wait.

Presentation is loading. Please wait.

Server-to-Client Remote Access and DirectAccess

Published byMaría Ángeles María Rosa Velázquez Río Modified over 5 years ago

Similar presentations

Presentation on theme: "Server-to-Client Remote Access and DirectAccess"— Presentation transcript:

1 Server-to-Client Remote Access and DirectAccess

2 Nội dung VPN in Windows Server 2008 R2
Authentication Options to RRAS System VPN Protocols DirectAccess in Windows Server 2008 Choosing Between Traditional VPN Technologies & DirectAccess Traditional VPN Scenario DirectAccess Scenario

3 Connect securely over Internet

4 VPN

5 RRAS Features & Services
Windows NT 4.0

6 Windows 2000

7 Windows 2k3

8 Win2k8

9 Components Needed to Create a Traditional VPN Connection

10 Windows Server 2008 R2 consist of
VPN client RRAS server NPS server Certificate server Active Directory server

11 RRAS server server with accepts VPN connections from VPN clients.
Network Policy and Access Services role Routing and Remote Access Service role accepts VPN connections from VPN clients.

12 NPS server provides authentication, authorization, auditing, accounting for VPN clients. Server with Network Policy and Access Services work with Network Access Protection System Health Agents (SHAs) are used to inspect and assess health of client according to policies

13 SHA

14

15 Certificate Server Certificate Authority (CA) that issues certificates for servers and clients to use in authentication and encryption of tunnels server with Certification Authority Certification Authority Web Enrollment

16 Authentication Options to an RRAS System
variety of PPP authentication protocols

17 Authentication for PPTP Connections
4 authentication protocols (MS-CHAP, MS-CHAP v2, EAP,PEAP) provide a mechanism to generate same encryption key on both VPN client &VPN server

18 EAP & PEAP Authentication Protocols
Extensible Authentication Protocol (EAP) &Protected Extensible Authentication Protocol (PEAP) used user certificates or smart cards.

19 Authentication for L2TP/IPSec Connections
any authentication protocol can be used with secure connection(IPSec).

20 Best Authentication Protocol
EAP or PEAP authentication protocol for PPTP, L2TP & SSTP connections PEAP with EAP-MS-CHAP v2 as a method of easing deployment burden. MS-CHAP v2 & enforce strong passwords using Group Policy if you must use a password-based authentication protocol.

21 VPN Protocols Windows Server 2008 R2 includes
Layer 2 tunneling protocols PPTP L2TP, SSTP tunneling protocols both tunnel client and tunnel server must be using same tunneling protocol IPSec tunnel mode is a Layer 3 tunneling protocol

22 Comparing VPN Protocols

23 Tunneling Within a 2008 R2 Networking env

24 Point-to-Point Tunneling Protocol
Layer 2 protocol that encapsulates PPPframes in IP datagrams for transmission over Internet. used for remote access and router-to-router VPN connections uses a TCP connection for tunnel maintenance

25 Structure of PPTP packet

26 Layer 2 Tunneling Protocol
combination of Point-to-Point Tunneling Protocol (PPTP) Layer 2 Forwarding (L2F) encapsulates PPP frames that are sent over IP, X.25, frame relay, ATMnetwork

27 Structure of L2TP packet

28 IP Security ensuring data security in IP-based communications
two important functions data encryption data integrity

29 Structure & architecture of the IPSec packet.

30 Secure Socket Tunneling Protocol
ses HTTP over SSL (HTTPS) protocol

31 DirectAccess new remote access protocol
Provides network node connectivity to remote systems without any user login requirements. address challenges of traditional VPN

32 DirectAccess uses IPv6, IPSec, certificates to establish secure connections traverse public IPv4 networks, DirectAccess uses IPv6 transition technologies such as ISATAP, Teredo, & 6to4.

33 DirectAccess requirements

34

35 DirectAccess and IPv6

36 IPv6 tunneling protocols

37 Two Tunnels

38

39 End-to-Edge DirectAccess Model
DirectAccess client establish IPSec tunnel to DirectAccess server forwards unprotected traffic to intranet resources.

40

41 End-to-End DirectAccess Model
DirectAccess client establish IPSec tunnel with each application server that they connect to. ensures that traffic is protected end-end by IPSec encryption, including while traversing intranet requires that each application server run on Windows Server 2008.

42

43 DirectAccess Components
DirectAccess server DirectAccess client PC with Windows 7 must be a domain member with a certificate. Corporate IPv6 network Certificate server Network Location Server (NLS) Active Directory and DNS server

44

45 DirectAccess Connection Process

46

47 choice between a traditional VPN technology new DirectAccess ?

48

49

50 Traditional VPN Scenario

51

52 steps to configure VPN architecture

53 Setting Up Certificate Server
used to issue certificates for VPN infrastructure. NPS1 server was chosen be the centralized policy server situated to provide certificate services.

54 Steps

55

56 Certificate Autoenrollment
configure root CA computer certificates are issued automatically through a group policy using a GPO named Cert Auto Enrollment Group Policy Object.

57 Steps

58

59 Setting Up Network Policy Server

60 Config Network Policy Server

61 health validators in the NPS

62

63 health policy

64 network policies for systems - pass health validation

65

66 network policies for systems - fail health validation

67

68

69 configure connection request policy

70

71

72

73 config RRAS server as a RADIUS client on NPS system

74

75 Finish for NPS

76 Setting Up RRAS Server VPN1 server
Has config with internal NIC external NIC member of companyabc.com Active Directory domain

77 Steps

78

79

80 Setting Up VPN Client

81 Security Center

82 Remote Access Quarantine Enforcement Client: enable

83 Network Access Protection Agent service  auto

84 export certificate from Certificate Authority

85 import a certificate into client PC trusted CA store

86

87 setup &config VPN connection on VPN client

88

89

90

91 Testing VPN Connection

92 To test the connection, complete following steps

93 Controlling Unhealthy VPN Clients
turn off the Windows Firewall see what happens when the client connects to the VPN

94 SSTP Troubleshooting

95

96 DirectAccess Scenario
two major goals Allow workstation to move between internal, public, home networks while retaining access to application servers. Enable IPv6 in an IPv4 network using IPv6 transition technologies.

97 Scenario

98 System’s components

99

100 three networks in the scenario

101 Configuring Infrastructure
configure DNS service to remove ISATAP from default global block list DNS to service ISATAP requests

102 Create NLS record in DNS

103 create a security group for DirectAccess client PC

104 Using a GPO to Config Firewall Rules
create & enable firewall rules for ICMPv4 & ICMPv6 traffic. ICMP firewall rules will be deployed with GPO “DirectAccess Group Policy Object.”

105 Steps

106

107

108

109

110

111 Custom Certificate Template for IP-HTTPS

112

113

114 Certificate Autoenrollment

115

116 IP-HTTP Certificate

117

118 Installing DirectAccess Feature on DA1

119 Configuring DirectAccess Feature

120

121

122

123

124

125 Testing DirectAccess

126

127 Testing client connection to networks

128 connection to internal network

129 connection to public network

130 connection to home network

131 Monitoring DirectAccess Server

Download ppt "Server-to-Client Remote Access and DirectAccess"

Similar presentations

5.1 Overview of Network Access Protection What is Network Access Protection NAP Scenarios NAP Enforcement Methods NAP Platform Architecture NAP Architecture.

5.1 Overview of Network Access Protection What is Network Access Protection NAP Scenarios NAP Enforcement Methods NAP Platform Architecture NAP Architecture.
Module 5: Configuring Access for Remote Clients and Networks.

Module 5: Configuring Access for Remote Clients and Networks.
1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.

1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.
1 Configuring Virtual Private Networks for Remote Clients and Networks.

1 Configuring Virtual Private Networks for Remote Clients and Networks.
Module 10: Configuring Virtual Private Network Access for Remote Clients and Networks.

Module 10: Configuring Virtual Private Network Access for Remote Clients and Networks.
CN1260 Client Operating System Kemtis Kunanuraksapong MSIS with Distinction MCT, MCITP, MCTS, MCDST, MCP, A+

CN1260 Client Operating System Kemtis Kunanuraksapong MSIS with Distinction MCT, MCITP, MCTS, MCDST, MCP, A+
Remote Networking Architectures

Remote Networking Architectures
Virtual Private Network (VPN) © N. Ganesan, Ph.D..

Virtual Private Network (VPN) © N. Ganesan, Ph.D..
1 © J. Liebeherr, All rights reserved Virtual Private Networks.

1 © J. Liebeherr, All rights reserved Virtual Private Networks.
Module 11: Supporting Remote Users. Overview Establishing Remote Access Connections Connecting to Virtual Private Networks Configuring Authentication.

Module 11: Supporting Remote Users. Overview Establishing Remote Access Connections Connecting to Virtual Private Networks Configuring Authentication.
MCTS GUIDE TO MICROSOFT WINDOWS 7 Chapter 14 Remote Access.

MCTS GUIDE TO MICROSOFT WINDOWS 7 Chapter 14 Remote Access.
70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 10: Remote Access.

70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 10: Remote Access.
1 Microsoft Windows NT 4.0 Authentication Protocols Password Authentication Protocol (PAP) Challenge Handshake Authentication Protocol (CHAP) Microsoft.

1 Microsoft Windows NT 4.0 Authentication Protocols Password Authentication Protocol (PAP) Challenge Handshake Authentication Protocol (CHAP) Microsoft.
Chapter 6 Configuring, Monitoring & Troubleshooting IPsec

Chapter 6 Configuring, Monitoring & Troubleshooting IPsec
Course 6421A Module 7: Installing, Configuring, and Troubleshooting the Network Policy Server Role Service Presentation: 60 minutes Lab: 60 minutes Module.

Course 6421A Module 7: Installing, Configuring, and Troubleshooting the Network Policy Server Role Service Presentation: 60 minutes Lab: 60 minutes Module.
Week #10 Objectives: Remote Access and Mobile Computing Configure Mobile Computer and Device Settings Configure Remote Desktop and Remote Assistance for.

Week #10 Objectives: Remote Access and Mobile Computing Configure Mobile Computer and Device Settings Configure Remote Desktop and Remote Assistance for.
Virtual Private Networks Alberto Pace. IT/IS Technical Meeting – January 2002 What is a VPN ? u A technology that allows to send confidential data securely.

Virtual Private Networks Alberto Pace. IT/IS Technical Meeting – January 2002 What is a VPN ? u A technology that allows to send confidential data securely.
Microsoft Windows Server 2003 TCP/IP Protocols and Services Technical Reference Slide: 1 Lesson 23 Virtual Private Networks (VPNs)

Microsoft Windows Server 2003 TCP/IP Protocols and Services Technical Reference Slide: 1 Lesson 23 Virtual Private Networks (VPNs)
1 L2TP OVERVIEW 18-May-05. 2 Agenda VPN Tunneling PPTP L2F LT2P.

1 L2TP OVERVIEW 18-May Agenda VPN Tunneling PPTP L2F LT2P.
Configuring Routing and Remote Access(RRAS) and Wireless Networking

Configuring Routing and Remote Access(RRAS) and Wireless Networking

Similar presentations

Ads by Google