Experiment # 6
Remote Access Services
7-1 : IntroductionBusinesses today want access to their information anywhere, at any time. Whether on the road with customers or working from home, employees’ need for remote access to the corporate network is becoming critical. Windows 2000 makes it easier to let employees securely connect to the corporate network by integrating the latest remote access technology. Using the remote access services of Windows 2000 Server, you can configure remote access servers that provide connectivity to the corporate network for authorized users. This transparent connection allows remote access clients to access resources from remote locations as if they were physically attached to the network.
7-2 : Objectives:
In this experiment you perform the following tasks.
• Deciding what type of remote access your users will need .
• Setting up the necessary hardware for a dial-up remote access server . • Configuration of the remote access server .
• Setting remote access permissions Client configuration and deployment .
7-3 : Materials Required
7-4 : Types of Remote Access :
Windows 2000 remote access provides two different types of remote access connectivity:
7-4-1 : Dial-up remote access
To gain access to the network with dial-up remote access, a remote access client uses the public telephone network to create a physical connection to a port on a remote access server that sits on the “edge” of the private network. This is typically done by using a modem or ISDN adapter to dial into your remote access server. Dial-Up Remote Access will meet the needs of companies that have a small remote user population, that are satisfied with analog or ISDN performance, or that have remote users that stay within the local calling area. In a company where the remote user population and long distance telephone expenses are growing quickly or there is a need to for additional broadband support, administrators should consider a VPN solution. ( This method will be used in this experiment ) .
7-4-2 : Virtual private network (VPN) remote access
A VPN can provide secure remote access through the Internet, rather than through direct dial-up connections. A VPN client uses an IP internet work to create an encrypted, virtual, point-to-point connection with a VPN gateway that exists on the “edge” of the private network. This is typically done by connecting to the Internet first, and then creating the VPN connection. By using the Internet in this way, companies can reduce their long distance phone expenses and rely on existing infrastructure instead of managing their own.
Companies that want to lower their remote access cost and increase their network flexibility can take advantage of VPN Remote Access. Traveling employees can use the same modem they used for long distance dial-up, and connect to the Internet by dialing the local ISP for a virtual connection back to the corporate network. This eliminates the long distance charges or toll calls associated with a dial-up connection.
In order to support dial-up modem connections into your network, you will need to have your telephone company install a phone line for each analog modem that accepts incoming calls. Your remote access clients will dial these dedicated phone numbers to connect their computer to the remote access server.
7-5 : Deciding on a Remote Access Solution:
When deciding on a remote access solution, you should evaluate your remote access needs and understand the benefits and features of Direct Dial and VPN remote access. Companies may choose to use a single method for remote access or deploy both as complementing technologies. For example, some companies have deployed VPN as their primary remote access connection and fall back to Dial-up connections when Internet access is unavailable.
7-6 : Procedure:
1. Configuring RAS server :
To configure the server for as a RAS server, you will need to install the Routing and Remote Access Services (RRAS) that is included with the Optional Windows 2000 components package. To install this component on your Windows 2000 Server, click Start, point to Programs, point to Administrative Tools, click Configure your server, click Networking and click Routing. Follow the instructions on this page to install the RRAS. You must have network administrator rights to configure this setup.
2. Install RAS hardware (modems) :
Figure 7-1 : installing hardware needed RAS ( modems ) 3. Enable Remote Access Server :
1. Open the Routing and Remote Access tool from the Administrative Tools folder on the Start Menu figure 7-2.
3. Check the Remote Access Server box and click OK.
Figure 7-2 : Enabling Remote Accsess Server
Your Internet connection server is now capable of handling remote access and VPN. Click Finish to complete the configuration.
4. Configuring Remote Access Services
To configure a dial-up RAS gateway on a Windows 2000 Server :
1. Open the Routing and Remote Access tool from the Administrative Tools folder on the Start Menu.
Figure 7-3 : Configuring Remote Access Service
2. To run a wizard to configure your server, right click on the server name and choose Configure and Enable Routing and Remote Access.
3. You will see a Welcome screen next, click Next.
4. You are then shown a list of common configurations to choose from as in figure 7-4.
Figure 7-4 : Configuring Remote Access Server
option is used to create a dedicated virtual private networking server., we will use the Remote access server option.
6. You will see a list of networking protocols for remote clients. Since you will already have TCP/IP networking configured on your network with the DHCP and DNS servers that were set up previously when you set up Active Directory, TCP/IP will be already listed in the Protocols list. Click Next.
7. Since this server is going to be a virtual private networking server and it has two network cards installed, you will be prompted for which network connection to assign remote clients to. Select the network connection for your local network (not the one connected to the Internet) and click Next.
8. Next you will be prompted about IP Address assignment. You should use the default option of Automatically, since the server will use the existing DHCP to assign IP addresses to your remote access clients when they connect. Click Next.
9. Now you will be prompted about using a RADIUS server for authentication. RADIUS servers can be used to manage authentication and remote access group policy. For this experiment, we use Active Directory to authenticate remote clients. Choose the default of No and click Next.
10. The final screen as in figure 7-5 will tell you that you have successfully configured your server for remote access. Click Finish.
Figure 7-5 : a server configured using the wizard
After configuring these options, your server is ready to accept connections from remote access clients using dial-up or virtual private networking. All you have to do now is enable remote access permissions for the users that you want to allow to connect.
5. Allowing remote users to connect to your network using dial-up networking: You will need to allow users to connect by giving them access privileges.
1. Open Active Directory Users and Computers from the Administrative Tools folder on the Start Menu as in figure 7-6.
Figure 7-6 : Users Folder
3. Right click on the user you want to enable remote access permissions for, and choose Properties. In this case, the user is named “RAS User”
Figure 7-7 : Allowing user to connect to the server 6. Creating a Dial-up Client Connection
To enable your remote users to connect to your network, they will need to have a dial-up or VPN connection created on their computer. Client connections are generally referred to as “connections.”
If the computer is running Windows 2000 Professional, you need to complete the following steps to create a dial-up connection on a remote user’s computer.
1. Make sure the appropriate modem or ISDN device is installed properly just as you would install it on a remote access server.
2. Open the Network and Dial-Up Connections folder from either Control Panel or from Settings on the Start Menu.
then see the options shown below in figure 7-8.
Figure 7-8 : Network Connection Wizard
4. If you are creating a dial-up connection using a modem or ISDN, choose Dial-up to private network and click Next.
5. Enter the phone number that needs to be dialed to connect to your remote access server and click Next.
6. Choose to create the connection for all users. This allows any user on that computer to dial that connection.
