Configuring Routing and Remote Access(RRAS) and Wireless Networking.
-
Upload
austin-quinn -
Category
Documents
-
view
218 -
download
2
Transcript of Configuring Routing and Remote Access(RRAS) and Wireless Networking.
Configuring Routing and Remote Access(RRAS) and Wireless Networking
Configuring RoutingRouting –transferring data across our network
one LAN to another.Routers are used to making routing decisionsRouters are the default gateways for our PCsRouters get us outside of our networkTypes of Routes
StaticDynamic – RIP is the only one available in W2K08
Windows Server 2008 is considered a software-based router when running the RRAS service
Configuring RoutingInstall the RRAS service and Choose Custom
ConfigurationMost Setups require 2 NICS to be installedSelect which type of routing you are going to
use2 choices
Static Routes RIP
Reading the IP routing TableCan view the routing table through the RRAS
console or by using the route print command 4 types of routes that will be found
Directly attached networksRemote network RoutesHost routes – subnetmask will be
255.255.255.255Default Route – 0.0.0.0
Configuring Demand Dial RoutingWith Demand Dial Routing the connection is
only active when it needs to be.When a router receives a packet for a remote
network this will initiate a connection to the remote site.
1st step is to configure a demand-dial interface
The next step is to configure a static route to that destination.
Configuring Remote AccessWindows Server 2008 provides several
options to allow hosts to connect remotely to your network and network resources
Dial-Up Networking (DUN)VPNNAT
Configuring Dial-Up Remote AccessEnables remote computers that have modems
to connect to the network.Typically used in laptops.Allows the computer to act as if it were locally
connected.To enable multiple PCs to connect at the same
time a modem bank is needed.
Configuring VPNsCreates a tunnel through a public network such as
the internet into the private network.No dedicated lines are neededPerformance is not comparable to a dedicated lineUse a dedicated line when traffic speed is
important or traffic is synchronous, as in voice and video
A tunneling-Protocol must be chosen when creating the VPNPPTP – Point to Point Tunneling ProtocolL2TP – Layer Two Tunneling Protocol
NAT Network Address TranslationAllows clients to connect to the internet with
only 1 IP address available.Similar to how home wireless routers work.
Authorizing Remote ConnectionsUsers must submit credentials (username and
password) to be authenticated on the network.Authentication proves that the user is who he
or she claims to be.Once the user is authenticated they must be
authorized to connect remotelyAuthorizing controls what users can and can’t
accessCan they have access remotely or not?
A two step process is used to authorize
Authorizing Remote ConnectionsStep #1
The Dial-In properties of the user account must be evaluated
Done in Active Directory for a domain environmentIn the local users and groups for stand-alone
serversStep #2
The authorizing process must meet all criteria specified in the NPS network Policy Example: must be between 8:00 – 5:00 and use L2TP to
connect
Configuring an NPS PolicyAn NPS policy is basically a rule for
evaluating remote connections.Consists of 3 parts
Conditions – must meet a condition: Ex: certain users, or IP’s Constraints – if the condition is met it must also meet all of the
constraints Settings – Once conditions and constraints are met the certain
settings can be applied to that remote connectionNPS policies are processed in orderOnce a policy is matched it will not move on to the nextPage 117 gives a good example on how this works.
Choosing an Authentication ProtocolWhen submitting credentials a common
authentication protocol must be used.In order from most secure to least:
EAP-TLSMS-CHAP v2MS-CHAP v1EAP-MD5 CHAPCHAPSPAPPAPUnauthenticated Access
Configuring Wireless AccessIEEE 802.1X – standard for network access control
Port based – can allow or deny access based on physical port or logical port
802.1X provides port-based security using 3 components.Supplicant – devices seeking accessAuthenticator –component that requests authentication
credentials from supplicant. Usually port or wireless AP. The Authenticator forwards the credentials to the AS.
Authentication Server (AS) – server that verifies the supplicants credentials. It tells the authenticator whether to allow or deny access.
Configuring Wireless AccessTo configure Server 08 to allow wireless
access you will need to do the following.Install and configure radius clients
Switches or Wireless AP’s that are 802.1X capableSelect an authentication protocolAdd radius clients to NPS serverConfigure a NPS network PolicyConfiguring accounting – logs what a user
attempts to access
Lesson 5Lesson 5
You Learned
By using the Routing and Remote Access service, Windows Server 2008 can be configured as a router and remote access server. The Routing And Remote Access console is the principal tool used for configuring and managing this service.
Lesson 5Lesson 5
You Learned (cont.)
Routing and Remote Access can be automatically configured for several options: Remote Access (Dial-Up Or VPN), Network Address Translation (NAT), Virtual Private Network (VPN) Access And NAT, and Secure Connection Between Two Private Networks. If none of the standard options match your requirements, you can also manually configure Routing and Remote Access.
Lesson 5Lesson 5
You Learned (cont.)
Without dynamic routing protocols, such as RIPv2, network administrators must add static routes to connect to non-neighboring subnets when those subnets do not lie in the same direction as the default route.
Lesson 5Lesson 5
You Learned (cont.)
Routers read the destination addresses of received packets and route those packets according to directions that are provided by routing tables. In Windows Server 2008, you can view the IP routing table through the Routing And Remote Access console or through the Route Print command.
Lesson 5Lesson 5
You Learned (cont.)
Windows Server 2008 provides extensive support for demand-dial routing, which is the routing of packets over physical point-to-point links, such as analog phone lines and ISDN, and over virtual point-to-point links, such as PPTP and L2TP. Demand-dial routing allows you to connect to the Internet, connect branch offices, or implement router-to-router VPN connections.
Lesson 5Lesson 5
You Learned (cont.)
The remote access connection must be authorized after it is authenticated. Remote access authorization begins with the user account’s dial-in properties; the first matching remote access policy is then applied to the connection.
Lesson 5Lesson 5
You Learned (cont.)
Microsoft implementation of a RADIUS server is the Network Policy Server. Use a RADIUS server to centralize remote access authentication, authoriza-tion, and logging. When you implement RADIUS, multiple Windows Server 2008 computers running the Routing and Remote Access service forward access requests to the RADIUS server. The RADIUS server then queries the domain controller for authentication and applies remote access policies to the connection requests.
Lesson 5Lesson 5
You Learned (cont.)
The 802.1X IEEE standard allows for port-level network access control of both wired and wireless connections.
A Windows Server 2008 server running the NPS role can also secure 802.1X connectivity for 802.1X-capable network switched and wireless access ports.