1
Routing and Remote
Access Service
(Week 15, Friday 4/21/2006)
© Abdou Illia, Spring 2006
2
Learning Objectives
Introducing RRAS
Enabling RRAS
Configuring RRAS
Monitoring RRAS
Creating Remote Access Policies
3
Remote Access Service
Remote Access Server
4 LAN
Internet
Client PC W2K Server NIC Modem ISP Modem NIC VPNRouting & Remote Access Service
5
Enabling RRAS
RRAS automatically installed during W2K
server installation
But RRAS is disabled by default
You must enable RRAS and configure it to:
Setup a network router
Setup a RAS server
Setup a Virtual Private Network (VPN) server
6
Enabling RRAS
1. Click Start/Programs/Administrative Tools 2. Click Routing and Remote Access
3. In the console tree, select the server on which you want to activate RRAS
4. Click Action/Configure and Enable Routing and Remote Access to open the RRAS setup wizard
5. Click Next to open the Common Configurations screen 6. Click Manually Configured Server to enable the server
with default settings 7. Click Next, then Finish
7
Configuring RRAS
When RRAS is manually enabled, the
default settings apply.
You can configure RRAS according to your
requirements at a later date.
To configure RRAS, you use the
Properties dialog box (Right-click server,
click Properties)
8
Configuring RRAS
Note: Tabs depend on
protocols installed on your server
9
Configuring RRAS
Used to manage and monitor a RRAS server by selecting the type of event to record.
Event Logging
Used to configure Point-to-Point Protocol to specify whether a remote client can establish multilink connections
PPP
Used to specify settings for the IP protocols (e.g. method for distributing IP addresses to remote clients.
IP
Used to choose one of two types of authentication providers to validate remote access clients
Security
Used to specify whether server will be configured as a router for LAN only, as a router for a LAN and demand-dial routing, as a RAS, or both a router and a RAS
10
Configuring RRAS
1. Open Routing and Remote Access console if necessary
2. Right-click RRAS server and click Properties
3. Notice the default selections in the General tab.
4. Click the IP tab. Make sure that the Enable IP routing and the Allow IP-based remote access and demand-dial connections check boxes are selected. Note: if you allow IP routing, dial-up clients can access the entire LAN. If you only want to allow dial-up clients to access resources on the RRAS server, clear this check box.
5. Click the Security tab. Windows Authentication is the default provider and Windows accounting is the accounting provider by default.
6. Click the Event Logging tab. You should select the Log the maximum amount of information option button and the Enable Point-to-Point (PPP) logging check box if you want to troubleshoot connection problems.
7. Click OK to close the Properties dialog box.
11
Monitoring RRAS
In the server Status node in the Routing
and Remote Access console, you can
verify:
the state of the server (started, Stopped,
Paused)
The type of server
The number of ports in use
The Up time (length of time server has been
running since RRAS server was last started).
The log files that contains the monitoring
data are stored by default in the
12
Monitoring RRAS
1. Open Routing and Remote Access console if necessary 2. Double-click the RRAS server to expand the node. Select
Remote Access Logging.
3. Right-click Local File in the Details pane and click Properties
4. On the Settings tab of the Local File Properties dialog box,
select Log Accounting Requests to capture accounting requests and responses
5. Select Log Authentication requests to capture authentication
requests such as access-accept packets, and access-reject packets.
6. Click the Local File tab to specify a time period for the log file. 7. Click the Monthy option button in the New Log Time Period
section
13
Creating a Remote Access Policy
Remote Access Policies are used to:
Control what connections attempts will be rejectedDetermine which users can access the network and to
prevent unauthorized access.
Determine connection time, etc.
Three components in Remote Access Policy:
Conditions, Permissions, and Profile.
Remote Access Policies are usually stored
locally on the RRAS server. They are not stored
in Active Directory.
14
Creating a Remote Access Policy
1. Open Routing and Remote Access console if necessary2. Double-click the RRAS server to expand the node, if necessary, and select the Remote Access policies node. Notice that there is a default policy named Allow access if dial-in permission is enabled.
3. Click Action/New Remote Access Policy to open the Add Remote Access Policy wizard.
4. Type Srvdcxx Remote Access Policy in the Policy
Friendly name text box.
5. Click Next to open the Conditions screen. Click Add… to open the Select Attribute dialog box.
6. Select Day-and-Time restrictions in the name column and click Add… to open the Time of day constraints dialog box.
7. Restrict access to the RRAS to M-F from 9AM to 6PM.
15
Creating a Remote Access Policy (cont.)
8. Click OK
9. Click Add… to reopen the Select Attribute dialog box. Double-click Windows-Groups to open the Groups dialog box.
10. Click Add... To open the Select Groups dialog box. Select Domain Users group of your domain and click Add…
11. Click OK to close the Select Groups dialog box. Click OK to close the Groups dialog box.
12. Click Next to open the Permissions screen.
13. Select the Grant remote access permission option button.
14. Click Next to open the User profile screen.
15. Click Finish because we will not create the profile in this
exercise.
