1 / 75

Configuring Routing and Remote Access (RRAS) and Wireless Networking

Configuring Routing and Remote Access (RRAS) and Wireless Networking. Lesson 5. Skills Matrix. Routing.

mindy
Download Presentation

Configuring Routing and Remote Access (RRAS) and Wireless Networking

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Configuring Routing and Remote Access (RRAS) and Wireless Networking Lesson 5

  2. Skills Matrix

  3. Routing • Routing, or the process of transferring data across an internetwork from one LAN to another, provides the basis for the Internet and nearly all TCP/IP network communications between multiple organizations. • It plays a key role in every organization that is connected to the Internet or that has more than one network segment.

  4. Hub • A hub (sometimes called a multi-port repeater) operates at Open Systems Interconnection (OSI) reference model layer 1, which organizes data into bits, which are binary sequences of 0s and 1s used to transmit data across a wired or wireless network. • It does not perform any sort of processing against the data it receives. • Instead, it simply receives the incoming signal and recreates it for transmission on all of its ports.

  5. Switch • A switch examines the destination and source address of an incoming data frame, and forwards the frame to the appropriate destination port according to the destination address. • Most switches operate at OSI layer 2 (the Data-link Layer), which organizes data into frames.

  6. Router • A router determines routes from a source network to a destination network. • Where to send network packets based on the addressing in the packet. • Routers operate at OSI layer 3 (the Network Layer), which groups data into packets. • They are referred to as Layer 3 devices.

  7. Router • To join networks together over extended distances or WANs. • WAN traffic often travels over multiple routes, and the routers choose the fastest or cheapest route between a source computer and destination. • To connect dissimilar LANs, such as an Ethernet LAN, to a Fiber Distributed Data Interface (FDDI) backbone.

  8. Router

  9. Router

  10. Routing Protocols • Used to automatically transmit information about the routing topology and which segments can be reached via which router. • Whereas both RIPv2 and OSPF were supported under Windows Server 2003, only RIPv2 is supported by Windows Server 2008.

  11. Routing Information Protocol (RIP) • One of the most long-standing routing protocols; • Broadcasts information about available networks on a regular basis, as well as when the network topology changes. • RIP is broadcast-based—that is, it sends out routing information in broadcast packets that are transmitted to every router that is connected to the same network. • Designed for use only on smaller networks. • RIP v2 is version 2 of the Routing Information Protocol, and was designed to improve the amount of routing information that was provided by RIP, as well as to increase the security of the routing protocol.

  12. Open Shortest Path First (OSPF) • Designed to address the scalability limitations of RIP, to create a routing protocol that could be used on significantly larger networks. • Rather than using broadcasts to transmit routing information, each OSPF router maintains a database of routes to all destination networks that it knows of. • When it receives network traffic destined for one of these destination networks, it routes the traffic using the best (shortest) route that it has information about in its database. • OSPF routers share this database information only with those OSPF routers that it has been configured to share information with, rather than simply broadcasting traffic across an entire network.

  13. Routers • A software-based router, such as a Windows Server 2008 computer that is running the Routing and Remote Access server role, can be used to route traffic between lightly-trafficked subnets on a small network. • On a larger, more complex network with heavy network traffic between subnets, a hardware-based router might be a more appropriate choice to improve network performance.

  14. Routing and Remote Access Console

  15. Routing and Remote Access Console

  16. Routing and Remote Access Console

  17. Static Routes • Static routes can be manually configured by a router administrator to specify the route to take to a remote network. • Static routes do not add any processing overhead on the router and so can be useful on a small network with very few routes. • But because static routes must be manually configured, they do not scale well in larger and more complex environments.

  18. Static Routes

  19. Windows Server 2008 Routing Protocols • Windows Server 2008 includes the following three routing protocols that can be added to the Routing and Remote Access service: • Router Information Protocol, version 2 (RIPv2) — Enables routers to determine the appropriate paths along which to send traffic. • IGMP Router And Proxy — Used for multicast forwarding. • DHCP Relay Agent — Relays DHCP information between DHCP servers to provide an IP configuration to computers on different subnets.

  20. Routing Table • A routing table contains entries called routes that provide directions toward destination networks or hosts. • The IP routing table serves as a decision tree that enables IP to decide the interface and gateway through which it should send the outgoing traffic. • The routing table contains many individual routes; each route consists of a destination, network mask, gateway interface, and metric.

  21. Routing Table

  22. Routing Table

  23. Route Command • To configure the routing table from the command line, use the route command-line utility. • The Route utility syntax is as follows: route [-f] [-p] [Command [Destination] [mask Netmask] [Gateway] [metric Metric] [if Interface]

  24. Route Command

  25. Demand-Dial Routing • Routing and Remote Access also includes support for demand-dial routing (also known as dial-on-demand routing). • When the router receives a packet, the router can use demand-dial routing to initiate a connection to a remote site. • The connection becomes active only when data is sent to the remote site. • The link is disconnected when no data has been sent over the link for a specified amount of time.

  26. Demand-Dial Routing

  27. Remote Access • A Windows Server 2008 computer that runs the Routing and Remote Access server role can provide a number of different types of remote access connectivity for your network clients. • Includes remote access for clients, either using dial-up or VPN access. • Can act as a Network Address Translation (NAT ) device, which allows internal network clients to connect to the Internet using a single shared IP address. • Can function solely as a NAT device, or else to provide both NAT and VPN services simultaneously. • Can configure a Windows Server 2008 computer to create a secure site-to-site connection between two private networks, such as two branch offices that need to connect securely to one another over a public network such as the Internet.

  28. Dial-Up Networking (DUN) • Creates a physical connection between a client and a remote access server using a dedicated device such as an analog or an ISDN modem. • Since Dial-Up Networking uses a dedicated physical connection, DUN connections often use unencrypted traffic.

  29. Virtual Private Network (VPN) • Creates a secure point-to-point connection across either a private network or a public network such as the Internet. • Rely on secure TCP/IP-based protocols called tunneling protocols to create a secured VPN connection. • The remote access server authenticates the VPN client and creates a secured connection between the VPN client and the internal corporate network that is tunneled over a public Internet connection. • A VPN is a logical connection between the VPN client and the VPN server over a public network like the Internet. • In order to secure any data sent over the public network, VPN data must be encrypted.

  30. Virtual Private Network (VPN) • A VPN connection in Windows Server 2008 consists of the following components: • A VPN server. • A VPN client. • A VPN connection (the portion of the connection in which the data is encrypted). • A VPN tunnel (the portion of the connection in which the data is encapsulated).

  31. Virtual Private Network (VPN) • Two tunneling protocols available with Remote and Routing Access: • Point-to-Point Tunneling Protocol (PPTP). • Layer Two Tunneling Protocol (L2TP).

  32. Virtual Private Network (VPN)

  33. Point-to-Point Tunneling Protocol (PPTP) • An extension of the Point-to-Point Protocol (PPP). • In Windows Server 2008, PPTP supports only the 128-bit RC4 encryption algorithm, which is supported by default. • Less secure encryption algorithms can be enabled by modifying the Windows Registry, but this is not recommended by Microsoft.

  34. Layer Two Tunneling Protocol (L2TP) • Used to encapsulate Point-to-Point Protocol (PPP) frames for transmission over TCP/IP, X.25, frame relay, or Asynchronous Transfer Mode (ATM) networks. • LT2P combines the best features of PPTP, which was developed by Microsoft, and the Layer 2 Forwarding (L2F) protocol, which was developed by Cisco Systems. • You can implement L2TP with IPSec to provide a secure, encrypted VPN solution. • In Windows Server 2008, L2TP will support the Advanced Encryption Standard (AES) 256-bit, AES 192-bit, AES 128-bit, and 3DES encryption algorithms by default. • Less secure encryption algorithms such as the Data Encryption Standard (DES) can be enabled by modifying the Windows Registry, but this is not recommended.

  35. Network Access Translation (NAT) • Network Access Translation (NAT) is a protocol that enables private networks to connect to the Internet. • The NAT protocol translates internal, private IP addresses to external, public IP addresses, and vice versa. • This process reduces the number of public IP addresses required by an organization and thereby reduces the organization’s IP address acquisition costs because private IP addresses are used internally and then translated to public IP addresses to communicate with the Internet. • The NAT process also obscures private networks from external access by hiding private IP addresses from public networks. • The only IP address that is visible to the Internet is the IP address of the computer running NAT.

  36. Network Policy Server (NPS) • After a user submits credentials to create a remote access connection, the remote access connection must be authorized by a Windows Server 2008 server running the Network Policy Server (NPS) RRAS role service, or else a third-party authentication and authorization service such as a Remote Authentication Dial-In User Service (RADIUS) server.

  37. Network Policy Server (NPS) • Remote access authorization consists of two steps: • Verifying the dial-in properties of the user account. • Verifying any NPS Network Policies that have been applied against the Routing and Remote Access server.

  38. Network Policy Server (NPS) • The Microsoft implementation of a RADIUS server is the Network Policy Server. • Use a RADIUS server to centralize remote access authentication, authorization, and logging. • When you implement RADIUS, multiple Windows Server 2008 computers running the Routing and Remote Access service can forward access requests to a single RADIUS server. • The RADIUS server then queries the domain controller for authentication and applies NPS Network Policies to the connection requests.

  39. AAA • Authentication is the process of verifying that an entity or object is who or what it claims to be. • Authorization is the process that determines what a user is permitted to do on a computer system or network. • Authorization occurs only after successful authentication. • Additionally, most remote access systems will include an accountingcomponent that will log access to resources.

  40. Dial-In Properties of User

  41. NPS Network Policies • An NPS Network Policy is a set of permissions or restrictions that is read by a remote access authenticating server that applies to remote access connections. • NPS Network Policies in Windows Server 2008 are analogous to Remote Access Policies in Windows Server 2003 and Windows 2000 Server.

  42. NPS Network Policy • A rule for evaluating remote connections, consists of three components: • Conditions • Constraints • Settings

  43. NPS Network Policy • NPS Network Policies are ordered on each Remote Access server, and each policy is evaluated in order from top to bottom. • It is important to place these policies in the correct order, because once the RRAS server finds a match, it will stop processing additional policies.

  44. NPS Network Policy • By default, two NPS Network Policies are preconfigured in Windows Server 2008. • The first default policy is Connections To Microsoft Routing And Remote Access Server, which is configured to match every remote access connection to the Routing and Remote Access service. • When Routing and Remote Access is reading this policy, the policy naturally matches every incoming connection.

  45. NPS Network Policy

  46. NPS Network Policy

  47. NPS Network Policy • The second default remote access policy is Connections To Other Access Servers. • This policy is configured to match every incoming connection, regardless of network access server type. • Because the first policy matches all connections to a Microsoft Routing and Remote Access server, this policy will take effect only if an incoming connection is being authenticated by a RADIUS server or some other authentication mechanism.

  48. Policy Conditions • Each NPS Network policy is based on policy conditions that determine when the policy is applied. • This policy would then match a connection for a user who belongs to the Telecommuters security group. • Only membership in global security groups can serve as a remote policy condition. • You cannot specify membership in universal or domain local security groups as the condition for a remote access policy.

  49. Policy Conditions

  50. Policy Settings • An NPS Network policy profile consists of a set of settings and properties that can be applied to a connection. • You can configure an NPS profile by clicking the Settings tab in the policy Properties page.

More Related