1 / 29

Objectives

Objectives. Configure Network Access Services in Windows Server 2008 RADIUS. 1. Configuring Remote Access Services in Windows Server 2008. Dial-up networking Connects remote users using a phone line Virtual Private Networks Allow client connections to your network from remote locations

mikaia
Download Presentation

Objectives

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Objectives • Configure Network Access Services in Windows Server 2008 • RADIUS 1

  2. Configuring Remote Access Services in Windows Server 2008 • Dial-up networking • Connects remote users using a phone line • Virtual Private Networks • Allow client connections to your network from remote locations • Works by creating a secure tunnel for transmitting data packets between two points • VPN tunneling protocols: • Point-to-Point Tunneling Protocol, • Layer 2 Tunneling Protocol, • Secure Socket Tunneling Protocol 2

  3. A VPN Tunnel • Point-to-Point Tunneling Protocol (PPTP) • Layer Two Tunneling Protocol (L2TP) • IP Security (IPSec) tunnel mode • IP-in-IP

  4. VPN Remote Access • Uses Internet to transmit private information • Encryption is used • High speed and reduced maintenance • Security risk presented by allowing access to network resources from the Internet • Windows Server 2008 uses RRAS as a VPN server • Remote computers are configured as VPN clients

  5. Corporate Internetwork

  6. Implement a VPN through a NAT Server

  7. Enable and Configure a VPN Server Enabling packet filters should only be chosen if the server has multiple network cards with the filtered card connected to the Internet and the unfiltered cards connected to VPN traffic

  8. VPN Protocols • PPTP and L2TP are supported by Win. Server 2008 • By default, 128 PPTP ports and 128 L2TP ports available • Can increase the number of ports or • Disable a protocol by setting the number of ports to zero • PPTP is the most popular and can function through NAT • L2TP requires IPSec to function

  9. VPN Protocols (continued)

  10. Configuring Remote Access Servers • Control authentication and logging. Server and Client must support common protocol to authenticate and connect • No Authentication • Password Authenticated Protocol • Shiva Password Authentication Protocol • Challenge Handshake Authentication Protocol • Microsoft Challenge Handshake Authentication Protocol • Microsoft Challenge Handshake Authentication Protocol version 2 • Extensible Authentication Protocol • Specify whether or not the server is a router for IP, and if it allows IP-based remote access connections • Enable broadcast name resolution

  11. Allowing Client Access • By default, none of the users are granted remote access permission • Remote access permission is controlled by their user object • If RRAS does not participate in Active Directory, the user object is stored in the local user account database • If RRAS belongs to an Active Directory domain, the user object is stored in the Active Directory database located on the domain controller

  12. Network Access Policies • Control who is allowed to access remotely • Depends on the domain’s functional level (mixed, 2000 native or 2003 native or 2008) • Depend on the machine user is connecting to • To use remote access, you must understand: • Network access policy components • Network access policy evaluation • Default Network access policies: Deny access

  13. Network Access Policy Components • Composed of Conditions, Constraints, and Settings • Conditions are criteria that must be met in order for remote access policy to apply to a connection • Allow if met constraints and Deny if not • After conditions and constrains are met, settings are applied to the connection

  14. Network Access Policy Evaluation

  15. Creating a VPN Client Connection • Configure VPN clients on client machines, e.g. Win XP • Windows Server 2008 can be configured as a VPN client • Create VPN connections using the “New Connection” Wizard in XP or earlier and “Set up a connection or network” wizard in Vista and 2008 • Specify IP address (or FQDN) of VPN server • Configure whether or not an initial connection is created • Configure dialing and redialing options • Specify if password and data encryption are required • Configure the network configuration for VPN connection • Configure an Internet connection firewall and Internet connection sharing

  16. Routing and Remote Access and DHCP • Provide remote access clients with IP addresses during a dial-up connection. • Dynamic configuration is different than LAN-based clients. • Server Assigned IP Address option. • Routing and Remote Access uses DHCP to lease addresses. • DHCP leases are released when Routing and Remote Access is shut down. • Number of leased addresses can be configured.

  17. Troubleshooting Remote Access • Software configuration errors by users or administrators • Incorrect phone numbers and IP addresses • Incorrect authentication settings • Incorrectly configured network access policies • Name resolution is not configured • Clients receive incorrect IP options • Best troubleshooting tools include: • Log files • Error messages • Network Monitor • Ipconfig and Ping command line tools • Hardware errors can also cause problems

  18. Hardware Errors • Common hardware troubleshooting tips: • Ensure hardware is on the Microsoft hardware compatibility list • Use ping to determine if the address is reachable • See if you can dial in to a different remote access server • Ensure there is a link light on the network card

  19. Resource Kit Utilities • RASLIST.EXE • RASSRVMON.EXE • RASUSERS.EXE • TRACEENABLE.EXE

  20. RASSRVMON.EXE • Monitors remote access server activities in great detail • Provides • Server information • Port information • Summary information • Individual connection information • Alerting set up to run program of choice

  21. Introduction to Network Policy Server • Network Policy Server (NPS) • Role service that provides a framework for creating and enforcing network access policies for client health • Can be used to perform: • Configure a RADIUS server • Configure a RADIUS proxy • Configure and implement Network Access Protection (NAP) 21

  22. Introduction to RADIUS RADIUS Industry-standard protocol that provides centralized authentication, authorization, and accounting for network access devices Components of RADIUS RADIUS clients VPN server Network access servers RADIUS proxy RADIUS server Perform authentication & authorization User account database 22

  23. MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration 23

  24. MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration 24

  25. MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration 25

  26. MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration 26

  27. Server 2008 NPS Console • NPS Console • Central utility for managing • RADIUS clients and remote RADIUS servers • Network health and access policies • NAP settings for NAP scenarios • Logging settings 27

  28. Server 2008 NPS Console 28

  29. Server 2008 NPS Console 29

More Related