Chapter 11
Download
1 / 55

Chapter 11 - PowerPoint PPT Presentation


  • 103 Views
  • Uploaded on

Chapter 11. Routing. Objectives. Configure Windows Server 2003 as a router Create and configure demand-dial connections for routing Configure Network Address Translation (NAT) for Internet connectivity Install Internet Connection Sharing (ICS) Configure Internet Connection Firewall (ICF).

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' Chapter 11' - gisela-randall


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Chapter 11

Chapter 11

Routing


Objectives
Objectives

  • Configure Windows Server 2003 as a router

  • Create and configure demand-dial connections for routing

  • Configure Network Address Translation (NAT) for Internet connectivity

  • Install Internet Connection Sharing (ICS)

  • Configure Internet Connection Firewall (ICF)


Router installation and configuration
Router Installation and Configuration

  • Windows Server 2003

    • Can be used as a router

    • Can perform routing for TCP/IP and AppleTalk

    • Does not support IPX/SPX for routing

  • Implementing Windows Server 2003 as a router

    • Main benefit is cost

    • Server must be connected to at least two networks


Router installation and configuration continued
Router Installation and Configuration (Continued)

  • Internet Security and Acceleration Server (ISA)

    • Provides proxy services

  • Routing and Remote Access snap-in

    • Used to add routing




Routing tables
Routing Tables

  • Routers

    • Make decisions about how to move packets from one network to another in the fastest way possible

  • Routing table

    • List of networks that are known to the router

    • Each entry contains

      • IP address of the network

      • Subnet mask of the network

      • Gateway used to reach the network

      • Router interface used to reach the gateway

      • Metric that measures how far away the network is


Routing tables continued
Routing Tables (Continued)

  • ROUTE PRINT command

    • Used to view routing table

  • Static routing

    • Entries that are added manually

    • Used when security is required

    • Addition of new network means routing table of each server must be changed

    • Introduction of error each time a change is made


Routing tables continued1
Routing Tables (Continued)

  • Dynamic routing

    • Entries that are added automatically based on a routing protocol

    • Routers talk to each other to build their routing tables


Routing protocols
Routing Protocols

  • Responsible for

    • Calculating best path from one network to another

    • Advertising routes for dynamic routing

  • Routing Information Protocol (RIP)

    • No configuration necessary under most circumstances

    • Hops

      • Number of routers through which the data must pass

    • Distance-vector routing

      • Path with the least number of hops


Routing protocols continued
Routing Protocols (Continued)

  • Does not differentiate between different link speeds

  • Each RIP router sends broadcast packet every 30 seconds

  • Open Shortest Path First (OSPF)

    • Determines the best path from one network to another based on cost

    • Not normally implemented on Windows routers

    • Each interface on a router is assigned a cost


  • Routing protocols continued1
    Routing Protocols (Continued)

    • Routing table

      • Builds a picture of the entire network

    • When communicating with other routers

      • Only sends changes in its routing table

      • Changes sent only when they occur, not every 30 seconds


    Configuring rip
    Configuring RIP

    • RIP properties

      • Can configure type of events to be logged

      • Can configure IP addresses from which router accepts updates

      • General tab

        • Periodic update mode removes entries from routing table if router that advertised them is disabled or unreachable

        • Auto static update mode adds RIP learned routes to the routing table as static entries


    Configuring rip continued
    Configuring RIP (Continued)

    • RIP routers

      • Advertise routes learnt from other routers then increment number of hops by 1

    • RIP properties

      • Security tab

        • Allows you to configure which incoming and outgoing routes are accepted on this interface

      • Neighbors tab

        • Used only if broadcasts and multicasts are limited on the network


    Configuring rip continued1
    Configuring RIP (Continued)

    • Advanced tab

      • Can adjust how often routing table announcements are sent

      • Can adjust how long entries in the routing table last before they expire

      • Can adjust how long after they expire before they are removed from the routing table

  • Split-horizon processing and poison-reverse processing

    • Used to prevent routing loops in the case of a router failure





  • Demand dial connections
    Demand-Dial Connections

    • Used to establish a connection between two routers when there is data to be sent

    • Demand-dial connections

      • Used to minimize the amount of phone time used on dial-up connections between routers

      • Can be used to initiate VPN connections between Windows routers

      • Can be created for Point-to-Point Protocol over Ethernet (PPPoE) connections

    • PPPoE

      • Used by many high-speed Internet providers to control access to their network

      • Authentication requires username and password


    Creating demand dial connections
    Creating Demand-dial Connections

    • For demand-dial connection to function properly

      • Server must be enabled to perform demand-dial routing

      • Port must be configured to allow demand-dial routing

      • Demand-dial interface must be created

    • Demand-dial Interface Wizard

      • Creates demand-dial connections





    Demand dial interface properties
    Demand-dial Interface Properties

    • Can be used to configure

      • Security settings

      • Idle timeout

    • Options tab

      • If “Persistent connection” option is chosen, servers are connected whenever RRAS is functional

      • If “Demand dial” option chosen, you can set an idle timeout

    • Security tab

      • Provides standard security options available on a VPN connection



    Dial out hours
    Dial-out Hours

    • Controls when a demand-dial connection can be active

    • Typical configuration of dial-out hours

      • Allows a connection every few hours

      • Data is moved from one network to another in batches every few hours

    • If users are expected to access resources using the demand-dial connection at all times

      • Dial-out hours should be left at the default of 24 hours per day, seven days per week



    Demand dial filters
    Demand-dial Filters

    • Used to reduce amount of time a demand-dial connection is active

    • Control which types of network traffic trigger a demand-dial connection

    • Configuration is similar to a firewall rule

    • Can initiate a demand-dial connection

      • For specific traffic

      • For all traffic except that specified by a rule




    Network address translation nat
    Network Address Translation (NAT)

    • Uses a single Internet IP address to provide Internet access to all client computers

    • Included with Windows Server 2003

    • Address ranges reserved for internal use

      • 10.0.0.0 through 10.255.255.255

      • 172.16.0.0 through 172.31.255.255

      • 192.168.0.0 through 192.168.255.255


    Network address translation continued
    Network Address Translation (Continued)

    • Proxy server

      • If implemented, clients must be configured to use the proxy server

      • Provides caching to speed up Internet connectivity

    • Most implementations are FTP aware and translate FTP packets properly


    How nat works
    How NAT Works

    • Modifies IP headers of packets that are forwarded through a router

    • Builds a table to keep track of translations

    • Table lists

      • Original source IP address

      • Original source port number

      • New source port number

    • New source IP address

      • Always the external interface on the router

      • Does not need to be included in the table




    Installing nat
    Installing NAT

    • NAT protocol

      • Automatically installed when RRAS is configured to be a router

    • NAT Interface properties

      • For proper NAT functionality

        • One interface must be configured as a public interface

        • At least one interface must be configured as private interface

      • Basic firewall

        • Allows you to configure static packet filters


    Installing nat continued
    Installing NAT (Continued)

    • Services and Ports tab

      • Allows you to host services behind NAT but still allow access from Internet

    • ICMP tab

      • Dictates the types of ICMP packets the interface responds to

    • Address Pool tab

      • Defines a range of IP addresses that are handed out to client computers



    Configuring nat
    Configuring NAT

    • NAT/Basic Firewall – Properties

      • General tab

        • Controls the level of logging that is performed

      • Translation tab

        • Configures how long mappingsare kept in the NAT table

      • Address Assignment tab

        • Can configure NAT to act as a DHCP server

      • Name Resolution tab

        • Configures the NAT router to act as a DNS proxy

        • Settings on this tab need not be enabled if internal DNS servers exist




    Internet connection sharing ics
    Internet Connection Sharing (ICS)

    • Provides automated way for a small office to connect to the Internet using Windows Server 2003 as a router

    • Automatically performs NAT

    • Configures network connections

    • Because NAT is used, server must have at least two network cards

    • Configuration used by ICS cannot be changed


    Internet connection sharing continued
    Internet Connection Sharing (Continued)

    • The following changes are made

      • Internal network connection is configured with

        • IP address 192.168.0.1

        • Subnet mask 255.255.255.0

      • Autodial enabled for dial-up/VPN/PPPOE connections

      • Static route for default gateway enabled when dial-up/VPN/PPPOE connection is activated

      • The ICS service is started

      • DHCP allocator is configured to distribute IP addresses from 192.168.0.2 to 192.168.0.254

      • The DNS proxy is enabled



    Internet connection sharing continued1
    Internet Connection Sharing (Continued)

    • ICS server can only have one internal IP address

    • Network bridging

      • Allows interfaces to share a single IP address

    • Bridge

      • Controls network traffic based on MAC addresses

      • Allows computers on two different physical network segments to be on the same IP network

    • When network bridging is enabled

      • Choose multiple network cards in a server to act as a single IP network


    Internet connection firewall
    Internet Connection Firewall

    • A stateful packet filter that can be used to protect any server running Windows Server 2003

    • Stateful firewall

      • Requires only one rule for outbound traffic

      • Keeps track of TCP connections that are created by internal clients

      • Automatically allows response packets to return


    Internet connection firewall continued
    Internet Connection Firewall (Continued)

    • Enabling ICF

      • ICF is configured per connection

      • If ICF enabled on a server that is not a router

        • Only that server is protected

      • If ICF enabled on a router

        • All computers on internal network are protected



    Configuring icf
    Configuring ICF

    • When ICF is enabled

      • All packets addressed to server are dropped

    • Configuring services

      • Allows requests from the network to access services on the server running ICF

      • Services defined are the firewall rules for ICF





    Summary
    Summary

    • Windows Server 2003

      • Can be configured as a low-cost router for TCP/IP and AppleTalk

    • Static routing

      • Requires administrators to configure routing tables

    • Dynamic routing

      • Allows routers to communicate

      • Automatically builds routing tables

    • RIP

      • A distance-vector routing algorithm that calculates paths based on hops


    Summary continued
    Summary (Continued)

    • OSPF

      • A link-state routing algorithm that calculates paths based on a configurable metric called cost

    • Demand-dial connections

      • Activated when required

      • Requires static routes

      • Can be configured with dial-out hours to limit the times they are active

    • NAT

      • Many computers can access the Internet using a single IP address

      • Modifies the IP headers of packets that are routed through the NAT router


    Summary continued1
    Summary (Continued)

    • DHCP allocator and DNS proxy

      • Can be configured as part of NAT

    • ICS

      • Automated way to configure a router for NAT

      • Network bridging required if there is more than one internal interface

      • Is a stateful packet filter


    ad