Objectives Configure routing in Windows Server 2008 Configure Network Address Translation 1.
-
Upload
sabina-gibbs -
Category
Documents
-
view
235 -
download
0
Transcript of Objectives Configure routing in Windows Server 2008 Configure Network Address Translation 1.
Configuring Routing in 2008• Routing and Remote Access Services (RRAS)
– A Server Role service used to configure and manage network routing
– Recommended for use in small networks that require simple routing directions
– Not recommended for large and complex environments (use Cisco)
2
Configuring RRAS as a Router• Routers
– Responsible for forwarding packets between subnets, or networks with differing IP addressing schemes
3
Working with Routing Tables
• Routing tables are composed of routes
• Routes – Direct data traffic to its destination
• Routing tables – A list of routes– Can be managed in the RRAS console or from the
command line using the route command
5
Configuring Routes
• Static Routing Limitations:– Requires manual creation and management– Require reconfiguration if the network changes– Used in small network with less than 10 subnet
• Dynamic protocols– Route traffic based on information they discover about
remote networks from other routers
• Routing Information Protocol version 2 (RIPv2)– Uses partner routers, or RIP neighbors, in determining
the dynamic routes it can use for forwarding packets of data
– Can force authentication6
Routing Protocol
RIP v2• Can force authentication between
routers when announcements are sent• Password for authentication is plain text• Can configure which incoming and
outgoing routes are accepted• Split-horizon processing stops
information from going back in the direction it was received from
• Poison-reverse processing marks a network as unreachable if it goes down
Filtering Router Traffic
• Can control packets allowed to pass between routed networks using packet filters
• Packet filters are directional
• Packet filters are used to filter network traffic based on criteria such as:– Protocol– Source address– Destination address– Port number
Configuring Dial-on-Demand Routing
• Demand-dial routing– Allows a server to initiate a connection only when it
receives data traffic bound for a remote network– Can use dial-up networks instead of more expensive
leased lines
12
Demand-dial Connections• Used to establish a connection between two routers
only when there is data to send
• Can also be used to initiate VPN connections between Windows routers and phone Dial-in connection
• A user account with remote access permission is required to establish a demand-dial connection
• Avoid sending plain-text passwords
• At least one static route is required to trigger the demand-dial interface
• Demand dial filters to control which types of network traffic trigger a demand-dial connection
Configure Demand-dial Settings• You can configure security settings and idle timeout• You can configure a set of dial-out hours
Demand-dial Filter• You can configure security settings and idle timeout• You can configure a set of dial-out hours
Configuring a DHCP Relay Agent
• DHCP relay agent – Manages the communication between a network’s
DHCP server and clients on subnets without a DHCP server
• With RRAS– Network adapters are added and configured to listen
for DHCP broadcast messages
16
Network Address Translation
• Allows you to shield internal IP address ranges from public networks by allowing internal clients to access the Internet through a shared IP address
17
NAT Components• Translation
– IP router– Static and dynamic address mapping– Proper translation of header fields– NAT editors
• Addressing– Public: Static IP bought from ISP or InterNIC– Private:
Class A – 10.0.0.0 through 10.255.255.255 Class B – 172.16.0.0 through 172.31.255.255 Class C – 192.168.0.0 through 192.168.255.255
• Name resolution
Troubleshooting Routing
• Most problems result from an incorrect configuration
• First place to check for problems is the routing table
• A remote router may prevent a packet from reaching its destination network
• Can use the tracert command to see the path a packet takes from one router to another
Troubleshooting NAT
• Are all interfaces added to Connection Sharing (NAT) protocol?
• Is translation enabled on Internet interface?
• Is Connection Sharing enabled on private interface?
• Is TCP/UDP port translation enabled?
• Is your range of public addresses set correctly?
• Is the protocol being used by a program translatable?
• Is Connection Sharing addressing enabled on the home office network?