In this practice, you configure the Routing And Remote Access tool on Server01 to route traffic between the two network interface adapters installed in the computer. For this exercise, the Microsoft Loopback Adapter is presumed to be connected to a WAN device providing a connection to an ISP. The other adapter (which is the actual net- work interface card in the computer) is connected to the local private network. After configuring RRAS, you then disable it to prepare for later practice.
Note The Microsoft Loopback Adapter is a software component included with Windows Server 2003 that you install as part of the server Setup procedure documented in the “About This Book” chapter.
Exercise 1: Configuring Routing and Remote Access
In this procedure, you perform a manual configuration that leaves RRAS with only basic routing functions.
1. Log on to Server01 as Administrator.
2. Click Start, point to All Programs, point to Administrative Tools, and then click Routing And Remote Access. The Routing And Remote Access console appears, and SERVER01 (local) is listed in the console tree.
3. Click SERVER01 (local), and from the Action menu, select Configure And Enable Routing And Remote Access. The Routing And Remote Access Server Setup Wizard appears.
4. Click Next. The Configuration page appears.
Notice that there are five options that you can select to create different RRAS configurations.
5. Select the Custom Configuration. Select Any Combination Of The Features Avail- able In Routing And Remote Access option button, and then click Next. The Cus tom Configuration page appears.
6. Select the LAN Routing check box, and then click Next. The Completing The Rout ing And Remote Access Server Setup Wizard page appears.
7. Click Finish. A Routing And Remote Access message box appears, asking if you want to start the service.
8. Click Yes. The Routing and Remote Access service starts, and new entries appear in the console tree.
Notice that the IP Routing icon contains only three subheadings: General, Static Routes, and NAT/Basic Firewall.
9. Click the NAT/Basic Firewall subheading. Leave the Routing And Remote Access console open for the next procedure.
Notice that no interfaces appear in the detail pane for this subheading, indicating that the NAT and firewall functions are not in use.
Security Alert RRAS is now configured to route traffic between the local network and the ISP’s network, which is in turn connected to the Internet. You should understand that this is a basic router configuration, with no security mechanisms of any kind. You must also configure the server with a default gateway address that will send all external traffic to the ISP’s router. You use this configuration only when you want to connect computers with registered IP addresses directly to the Internet, and when you intend to manually configure the firewall fea tures in RRAS or use a third-party firewall product to protect your computers from unautho rized access by Internet intruders.
Exercise 2: Disabling Routing and Remote Access
In this procedure, you disable RRAS, removing the configuration you just created. This leaves RRAS in its original state so that you can create a different configuration later in this chapter.
1. Click SERVER01 (local), and from the Action menu, select Disable Routing And Remote Access. A Routing And Remote Access message box appears, warning you that you are disabling the router.
2. Click Yes. The Routing and Remote Access service is stopped, and the subhead ings beneath the SERVER01 (local) icon disappear.
3. Close the Routing And Remote Access console.
Lesson Review
The following questions are intended to reinforce key information presented in this lesson. If you are unable to answer a question, review the lesson materials and try the question again. You can find the answers to the questions in the “Questions and Answers” section at the end of this chapter.
1. Which of the following components must you have for your network to run its own Internet e-mail server? (Choose all answers that are correct.)
a. A DNS server to host the domain
b. A registered IP address
c. A Web-based administration interface
2. Internet access routers marketed as all-in-one devices typically include which additional services?
3. List three advantages of using a larger, high-level ISP compared to a smaller one.
Lesson Summary
■ ISPs can provide a variety of services to business clients in addition to simple Internet access.
■ ISPs typically charge extra for additional IP addresses, and they differentiate between dynamic and static address assignments.
■ ISPs can provide access to application servers, such as Web, e-mail, and DNS servers.
■ Part of Internet access strategy is determining which services you should imple ment in-house and which you should obtain from the ISP.
Lesson 3: Securing and Regulating Internet Access
In addition to specifying what type of Internet connection to install and what services to obtain from the ISP, an Internet access plan should specify how you will protect the network from unauthorized intrusions by Internet predators and what restrictions you will impose on the network users’ Internet access. An Internet connection is a door to the outside world that can operate in both directions, and it is vital to minimize the risk of your network being compromised from outside. However, not all security threats come from outside. Your own users can jeopardize your network by running unautho rized applications, monopolizing Internet bandwidth, and exposing your systems to viruses and other damaging software.
After this lesson, you will be able to
■ Determine the Internet access security requirements for a network
■ Understand the security ramifications of using NAT
■ Understand the security capabilities of a proxy server
Estimated lesson time: 20 minutes