In this practice, you configure the RRAS module on Server01 to function as a NAT router connecting the private network with an ISP’s network. For this exercise, the Microsoft Loopback Adapter installed in the Server01 computer is presumed to be con nected to a WAN device providing a connection to the ISP. The other adapter is con nected to the local private network. Afterward, you disable the RRAS configuration to return the service to its original state.
Exercise 1: Configuring Routing And Remote Access as a NAT router
In this procedure, you use a predetermined configuration option supplied with RRAS to create a router that uses NAT and basic firewall techniques to protect the private net- work from intruders.
1. Log on to Server01 as Administrator.
2. Click Start, point to All Programs, point to Administrative Tools, and then click Routing And Remote Access. The Routing And Remote Access console appears, and SERVER01 (local) is listed in the console tree.
3. Click SERVER01 (local), and from the Action menu, select Configure And Enable Routing And Remote Access. The Routing And Remote Access Server Setup Wizard appears.
4. Click Next. The Configuration page appears.
5. Select the Network Address Translation (NAT). Allow Internal Clients To Connect To The Internet Using One Public IP Address option button, and then click Next. The NAT Internet Connection page appears.
6. With the Use This Public Interface To Connect To The Internet option button selected (as it is by default), select the WAN Connection interface. Note the Enable Security On The Selected Interface By Setting Up Basic Firewall. Basic Firewall Prevents Unauthorized Users From Gaining Access To This Server Through The Internet check box is also selected by default. Click Next. The Completing The Routing And Remote Access Server Setup Wizard page appears.
7. Click Finish. The Routing and Remote Access service starts and subheadings appear under SERVER01 (local).
Note that the Internet Group Management Protocol (IGMP) has been installed, providing support for IP multicasting.
9. In the details pane, select the interface representing the network interface adapter connecting the computer to the private LAN (typically, the Local Area Connection interface), and from the Action menu, select Properties. The Properties dialog box for the interface appears.
Note that the Private Interface Connected To Private Network option button is selected.
10. Click Cancel to close the Properties dialog box.
11. In the details pane, select the WAN Connection interface, and from the Action menu, select Properties. The Properties dialog box for the interface appears. Note that the Public Interface Connected To The Internet option button is selected by default, along with the Enable NAT On This Interface and Enable A Basic Fire- wall On This Interface check boxes. These features provide protection for the Internet connection interface by preventing access to the private network by unauthorized users.
12. Click Cancel to close the Properties dialog box.
13. Leave the Routing And Remote Access console open for the next exercise.
Exercise 2: Disabling Routing And Remote Access
In this procedure, you disable RRAS, removing the configuration you just created. This leaves RRAS in its original state so that you can create different configurations in later chapters.
1. Click SERVER01 (local), and from the Action menu, select Disable Routing And Remote Access. A Routing And Remote Access message box appears, warning that you are disabling the router.
2. Click Yes. The Routing and Remote Access service is stopped, and the subhead ings beneath the SERVER01 (local) icon disappear.
Lesson Review
The following questions are intended to reinforce key information presented in this lesson. If you are unable to answer a question, review the lesson materials and try the question again. You can find the answers to the questions in the “Questions and Answers” section at the end of this chapter.
1. Port filtering can provide which of the following Internet access control capabilities?
a. Limit the applications users can run
b. Prevent specific users from accessing the Internet
c. Limit the applications that can access the Internet
d. Prevent specific computers from accessing the Internet
2. Specify which of the three types of NAT processing (static, dynamic, or masquer ading) provides the best security, and state why this is so.
3. How many registered IP addresses does a dynamic NAT router require?
a. None
b. One
c. One for every unregistered IP address
d. One for each simultaneous connection
Lesson Summary
■ Determining a network’s Internet security requirements is a major part of develop ing an effective Internet access strategy.
■ An Internet connection is a gateway that can work in both directions, enabling Internet users to access your private network as well as allowing your users Inter- net access.
■ Security problems can also originate on the private network, from users who monopolize or abuse the Internet connection.
■ Most NAT implementations today use masquerading, a technique that maps unreg istered IP addresses to a single registered IP address, combined with a port number.
■ Proxy server products have evolved to now include an array of firewall and access control features that provide a comprehensive Internet security solution for a pri vate network.
Lesson 4: Troubleshooting Internet Connectivity
Network users often report problems connecting to the Internet, and the first job of the troubleshooter is to determine the location of the problem. All Internet communica tions use the TCP/IP protocols, so any of the TCP/IP problems described in Lesson 5 of Chapter 2, “Planning a TCP/IP Network Infrastructure,” can also affect Internet con nectivity. However, there are also many other possible causes, ranging from trivial faults affecting a single computer to serious situations that jeopardize the functionality of the entire network.
After this lesson, you will be able to
■ Determine the location of an Internet access problem
■ Understand client configuration problems that can interrupt Internet access
■ Understand router, NAT, and proxy server problems that can interrupt Internet access
Estimated lesson time: 20 minutes