chapter 11
Skip this Video
Download Presentation
Chapter 11

Loading in 2 Seconds...

play fullscreen
1 / 55

Chapter 11 - PowerPoint PPT Presentation

  • Uploaded on

Chapter 11. Routing. Objectives. Configure Windows Server 2003 as a router Create and configure demand-dial connections for routing Configure Network Address Translation (NAT) for Internet connectivity Install Internet Connection Sharing (ICS) Configure Internet Connection Firewall (ICF).

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about ' Chapter 11' - gisela-randall

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
chapter 11

Chapter 11


  • Configure Windows Server 2003 as a router
  • Create and configure demand-dial connections for routing
  • Configure Network Address Translation (NAT) for Internet connectivity
  • Install Internet Connection Sharing (ICS)
  • Configure Internet Connection Firewall (ICF)
router installation and configuration
Router Installation and Configuration
  • Windows Server 2003
    • Can be used as a router
    • Can perform routing for TCP/IP and AppleTalk
    • Does not support IPX/SPX for routing
  • Implementing Windows Server 2003 as a router
    • Main benefit is cost
    • Server must be connected to at least two networks
router installation and configuration continued
Router Installation and Configuration (Continued)
  • Internet Security and Acceleration Server (ISA)
    • Provides proxy services
  • Routing and Remote Access snap-in
    • Used to add routing
routing tables
Routing Tables
  • Routers
    • Make decisions about how to move packets from one network to another in the fastest way possible
  • Routing table
    • List of networks that are known to the router
    • Each entry contains
      • IP address of the network
      • Subnet mask of the network
      • Gateway used to reach the network
      • Router interface used to reach the gateway
      • Metric that measures how far away the network is
routing tables continued
Routing Tables (Continued)
  • ROUTE PRINT command
    • Used to view routing table
  • Static routing
    • Entries that are added manually
    • Used when security is required
    • Addition of new network means routing table of each server must be changed
    • Introduction of error each time a change is made
routing tables continued1
Routing Tables (Continued)
  • Dynamic routing
    • Entries that are added automatically based on a routing protocol
    • Routers talk to each other to build their routing tables
routing protocols
Routing Protocols
  • Responsible for
    • Calculating best path from one network to another
    • Advertising routes for dynamic routing
  • Routing Information Protocol (RIP)
    • No configuration necessary under most circumstances
    • Hops
      • Number of routers through which the data must pass
    • Distance-vector routing
      • Path with the least number of hops
routing protocols continued
Routing Protocols (Continued)
    • Does not differentiate between different link speeds
    • Each RIP router sends broadcast packet every 30 seconds
  • Open Shortest Path First (OSPF)
    • Determines the best path from one network to another based on cost
    • Not normally implemented on Windows routers
    • Each interface on a router is assigned a cost
routing protocols continued1
Routing Protocols (Continued)
  • Routing table
    • Builds a picture of the entire network
  • When communicating with other routers
    • Only sends changes in its routing table
    • Changes sent only when they occur, not every 30 seconds
configuring rip
Configuring RIP
  • RIP properties
    • Can configure type of events to be logged
    • Can configure IP addresses from which router accepts updates
    • General tab
      • Periodic update mode removes entries from routing table if router that advertised them is disabled or unreachable
      • Auto static update mode adds RIP learned routes to the routing table as static entries
configuring rip continued
Configuring RIP (Continued)
  • RIP routers
    • Advertise routes learnt from other routers then increment number of hops by 1
  • RIP properties
    • Security tab
      • Allows you to configure which incoming and outgoing routes are accepted on this interface
    • Neighbors tab
      • Used only if broadcasts and multicasts are limited on the network
configuring rip continued1
Configuring RIP (Continued)
    • Advanced tab
      • Can adjust how often routing table announcements are sent
      • Can adjust how long entries in the routing table last before they expire
      • Can adjust how long after they expire before they are removed from the routing table
  • Split-horizon processing and poison-reverse processing
    • Used to prevent routing loops in the case of a router failure
demand dial connections
Demand-Dial Connections
  • Used to establish a connection between two routers when there is data to be sent
  • Demand-dial connections
    • Used to minimize the amount of phone time used on dial-up connections between routers
    • Can be used to initiate VPN connections between Windows routers
    • Can be created for Point-to-Point Protocol over Ethernet (PPPoE) connections
  • PPPoE
    • Used by many high-speed Internet providers to control access to their network
    • Authentication requires username and password
creating demand dial connections
Creating Demand-dial Connections
  • For demand-dial connection to function properly
    • Server must be enabled to perform demand-dial routing
    • Port must be configured to allow demand-dial routing
    • Demand-dial interface must be created
  • Demand-dial Interface Wizard
    • Creates demand-dial connections
demand dial interface properties
Demand-dial Interface Properties
  • Can be used to configure
    • Security settings
    • Idle timeout
  • Options tab
    • If “Persistent connection” option is chosen, servers are connected whenever RRAS is functional
    • If “Demand dial” option chosen, you can set an idle timeout
  • Security tab
    • Provides standard security options available on a VPN connection
dial out hours
Dial-out Hours
  • Controls when a demand-dial connection can be active
  • Typical configuration of dial-out hours
    • Allows a connection every few hours
    • Data is moved from one network to another in batches every few hours
  • If users are expected to access resources using the demand-dial connection at all times
    • Dial-out hours should be left at the default of 24 hours per day, seven days per week
demand dial filters
Demand-dial Filters
  • Used to reduce amount of time a demand-dial connection is active
  • Control which types of network traffic trigger a demand-dial connection
  • Configuration is similar to a firewall rule
  • Can initiate a demand-dial connection
    • For specific traffic
    • For all traffic except that specified by a rule
network address translation nat
Network Address Translation (NAT)
  • Uses a single Internet IP address to provide Internet access to all client computers
  • Included with Windows Server 2003
  • Address ranges reserved for internal use
    • through
    • through
    • through
network address translation continued
Network Address Translation (Continued)
  • Proxy server
    • If implemented, clients must be configured to use the proxy server
    • Provides caching to speed up Internet connectivity
  • Most implementations are FTP aware and translate FTP packets properly
how nat works
How NAT Works
  • Modifies IP headers of packets that are forwarded through a router
  • Builds a table to keep track of translations
  • Table lists
    • Original source IP address
    • Original source port number
    • New source port number
  • New source IP address
    • Always the external interface on the router
    • Does not need to be included in the table
installing nat
Installing NAT
  • NAT protocol
    • Automatically installed when RRAS is configured to be a router
  • NAT Interface properties
    • For proper NAT functionality
      • One interface must be configured as a public interface
      • At least one interface must be configured as private interface
    • Basic firewall
      • Allows you to configure static packet filters
installing nat continued
Installing NAT (Continued)
  • Services and Ports tab
    • Allows you to host services behind NAT but still allow access from Internet
  • ICMP tab
    • Dictates the types of ICMP packets the interface responds to
  • Address Pool tab
    • Defines a range of IP addresses that are handed out to client computers
configuring nat
Configuring NAT
  • NAT/Basic Firewall – Properties
    • General tab
      • Controls the level of logging that is performed
    • Translation tab
      • Configures how long mappingsare kept in the NAT table
    • Address Assignment tab
      • Can configure NAT to act as a DHCP server
    • Name Resolution tab
      • Configures the NAT router to act as a DNS proxy
      • Settings on this tab need not be enabled if internal DNS servers exist
internet connection sharing ics
Internet Connection Sharing (ICS)
  • Provides automated way for a small office to connect to the Internet using Windows Server 2003 as a router
  • Automatically performs NAT
  • Configures network connections
  • Because NAT is used, server must have at least two network cards
  • Configuration used by ICS cannot be changed
internet connection sharing continued
Internet Connection Sharing (Continued)
  • The following changes are made
    • Internal network connection is configured with
      • IP address
      • Subnet mask
    • Autodial enabled for dial-up/VPN/PPPOE connections
    • Static route for default gateway enabled when dial-up/VPN/PPPOE connection is activated
    • The ICS service is started
    • DHCP allocator is configured to distribute IP addresses from to
    • The DNS proxy is enabled
internet connection sharing continued1
Internet Connection Sharing (Continued)
  • ICS server can only have one internal IP address
  • Network bridging
    • Allows interfaces to share a single IP address
  • Bridge
    • Controls network traffic based on MAC addresses
    • Allows computers on two different physical network segments to be on the same IP network
  • When network bridging is enabled
    • Choose multiple network cards in a server to act as a single IP network
internet connection firewall
Internet Connection Firewall
  • A stateful packet filter that can be used to protect any server running Windows Server 2003
  • Stateful firewall
    • Requires only one rule for outbound traffic
    • Keeps track of TCP connections that are created by internal clients
    • Automatically allows response packets to return
internet connection firewall continued
Internet Connection Firewall (Continued)
  • Enabling ICF
    • ICF is configured per connection
    • If ICF enabled on a server that is not a router
      • Only that server is protected
    • If ICF enabled on a router
      • All computers on internal network are protected
configuring icf
Configuring ICF
  • When ICF is enabled
    • All packets addressed to server are dropped
  • Configuring services
    • Allows requests from the network to access services on the server running ICF
    • Services defined are the firewall rules for ICF
  • Windows Server 2003
    • Can be configured as a low-cost router for TCP/IP and AppleTalk
  • Static routing
    • Requires administrators to configure routing tables
  • Dynamic routing
    • Allows routers to communicate
    • Automatically builds routing tables
  • RIP
    • A distance-vector routing algorithm that calculates paths based on hops
summary continued
Summary (Continued)
  • OSPF
    • A link-state routing algorithm that calculates paths based on a configurable metric called cost
  • Demand-dial connections
    • Activated when required
    • Requires static routes
    • Can be configured with dial-out hours to limit the times they are active
  • NAT
    • Many computers can access the Internet using a single IP address
    • Modifies the IP headers of packets that are routed through the NAT router
summary continued1
Summary (Continued)
  • DHCP allocator and DNS proxy
    • Can be configured as part of NAT
  • ICS
    • Automated way to configure a router for NAT
    • Network bridging required if there is more than one internal interface
    • Is a stateful packet filter