1 / 49

Module 9: Configuring Network Access

Module 9: Configuring Network Access. Overview. Introduction to a Network Access Infrastructure Configuring a VPN Connection Configuring a Dial-up Connection Configuring a Wireless Connection Controlling User Access to a Network

vladimir-davenport
Download Presentation

Module 9: Configuring Network Access

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Module 9: Configuring Network Access

  2. Overview • Introduction to a Network Access Infrastructure • Configuring a VPN Connection • Configuring a Dial-up Connection • Configuring a Wireless Connection • Controlling User Access to a Network • Centralizing Network Access Authentication and Policy Management by Using IAS

  3. Lesson: Introduction to a Network Access Infrastructure • Multimedia: Introduction to the Network Access Infrastructure • Components of a Network Access Infrastructure • Configuration Requirements for a Network Access Server • What Is a Network Access Client? • What Are Network Access Authentication and Authorization? • Available Methods of Authentication

  4. Multimedia: Introduction to the Network Access Infrastructure • The objective of this presentation is to provide a high-level overview of the network access infrastructure and how network access services work together • After this presentation, you will be able to: • Explain the components of the network access infrastructure • Describe how the network access components work together to provide a remote access solution • Describe how the remote access process works

  5. Components of a Network Access Infrastructure DHCP Server Network Access Server Domain Controller IAS Server VPN Client Wireless Access Point Dial-up Client • Network access service • Network access clients • Authentication service • Active Directory (not required) Wireless Client

  6. Configuration Requirements for a Network Access Server A network access server is a server that acts as a gateway to a network for a client To configure the network access server, you will need to know: • Whether the server will also act as a router • Authentication methods and providers • Client access • IP address assignment • PPP configuration options • Event logging preferences

  7. What Is a Network Access Client?

  8. What Are Network Access Authentication and Authorization? 2 1 Network Access Client Network Access Server Domain Controller 1 2

  9. CHAP • PAP • SPAP • MS-CHAP • MS-CHAP v2 • EAP-TLS • PEAP • MD-5 Challenge Available Methods of Authentication Remote and wireless authentication methods include: Recommended method for user authentication is by using smart card certificates

  10. Lesson: Configuring a VPN Connection • How a VPN Connection Works • Components of a VPN Connection • Encryption Protocols for a VPN Connection • Configuration Requirements for a VPN Server • How to Configure a Remote Access Server for a VPN Connection • How to Configure a Remote Access Client for a VPN Connection • How to Configure Smart Card Authentication on a Remote Access Server

  11. 3 4 VPN server authenticates and authorizes the client VPN server transfers data 1 VPN client calls the VPN server 2 VPN server answers the call How a VPN Connection Works A VPN extends the capabilities of a private network to encompass links across shared or public networks, such as the Internet, in a manner that emulates a point-to-point link VPN Server Domain Controller VPN Client

  12. Transit Network Components of a VPN Connection VPN Tunnel Tunneling Protocols Tunneled Data VPN Server VPN Client Domain Controller Authentication DHCP Server Address and Name Server Allocation

  13. Remote Access Server Remote Access Server Remote User to Corp Net Branch Office to Branch Office Encryption Protocols for a VPN Connection Examples of Remote Access Server Using L2TP/IPSec

  14. Configuration Requirements for a VPN Server Before adding a remote access / VPN server: • Identify which network interface connects to the Internet and which network interface connects to your private network • Identify whether clients receive IP addresses from a DHCP server or the VPN server • Identify whether to authenticate connection requests by RADIUS or by the VPN server

  15. How to Configure a Remote Access Server for a VPN Connection Your instructor will demonstrate how to: • Register a remote access server in Active Directory • Configure a remote access server for a VPN connection • Configure the number of ports available on the server

  16. How to Configure a Remote Access Client for a VPN Connection Your instructor will demonstrate how to configure a remote access client for a VPN connection

  17. How to Configure Smart Card Authentication on a Remote Access Server Your instructor will demonstrate how to configure smart card authentication on a remote access server

  18. Practice: Configuring a VPN Connection In this practice, you will configure a VPN connection

  19. Lesson: Configuring a Dial-up Connection • How Dial-up Network Access Works • Components of a Dial-up Connection • Authentication Methods for a Dial-up Connection • Configuration Requirements for a Remote Access Server • How to Configure a Remote Access Server for a Dial-up Connection • How to Configure a Remote Access Client for a Dial-up Connection  

  20. 3 4 RA server authenticates and authorizes the client RA server transfers data 1 Dial-up client calls the RA server 2 RA server answers the call How Dial-up Network Access Works Dial-up networking is the process of a remote access client making a temporary dial-up connection to a physical port on a remote access server by using the service of a telecommunications provider Remote Access Server Domain Controller Dial-upClient

  21. Remote Access Server LAN and Remote Access Protocols WAN Options: Telephone, ISDN, X.25, or ATM Dial-up Client Domain Controller Authentication DHCP Server Address and Name Server Allocation Components of a Dial-up Connection

  22. CHAP • PAP • SPAP • MS-CHAP • MS-CHAP v2 • EAP-TLS • EAP-MD5 Challenge Authentication Methods for a Dial-up Connection Authentication methods for dial-up include: Mutual Authentication Remote Access Server Remote Access User Strongest method: EAP-TLS with smart cards

  23. Configuration Requirements for a Remote Access Server Before adding a remote access server for dial-up access: • Identify whether clients receive IP addresses from a DHCP server or the remote access server • Identify whether to authenticate connection requests by RADIUS or by the remote access server • Verify that users have user accounts configured for dial-up access

  24. How to Configure a Remote Access Server for a Dial-up Connection Your instructor will demonstrate how to configure a remote access server for a dial-up connection

  25. How to Configure a Remote Access Client for a Dial-up Connection Your instructor will demonstrate how to: • Configure a remote access client for a dial-up connection • Modify the settings of a dial-up connection

  26. Lesson: Configuring a Wireless Connection • Overview of Wireless Network Access • Components of a Wireless Connection • Wireless Standards • Authentication Methods for Wireless Networks • Configuration Requirements of a Windows XP Professional Client for Wireless Network Access • How to Configure the Network Access Client for a Wireless Connection

  27. Overview of Wireless Network Access A wireless network uses technology that enables devices to communicate by using standard network protocols and electromagnetic waves—not network cabling—to carry signals over part or all of the network infrastructure DHCP Server Network Access Server Domain Controller IAS Server Wireless Access Point Wireless Client

  28. Remote Access Server Authentication Ports Domain Controller DHCP Server Wireless Access Point Wireless Client (Station) Address and Name Server Allocation Components of a Wireless Connection

  29. Wireless Standards

  30. Authentication Methods for Wireless Networks

  31. Configuration Requirements of a Windows XP Professional Client for Wireless Network Access • Choose a network type: • Access point • Computer-to-computer • Any available network • Configure authentication appropriately for the selected network type • Balance the level of security with the deployment effort: • For the highest level of security, choose PEAP with certificates (EAP-TLS) • For the greatest ease of deployment, choose PEAP with passwords (EAP-MS-CHAP v2)

  32. How to Configure the Network Access Client for a Wireless Connection Your instructor will demonstrate how to configure a network access client for a wireless connection

  33. Lesson: Controlling User Access to a Network • User Account Dial-in Permissions • How to Configure User Accounts for Network Access • What Is a Remote Access Policy? • What Is a Remote Access Policy Profile? • How Remote Access Policies Are Processed • How to Configure a Remote Access Policy • How to Configure a Remote Access Policy Profile

  34. User Account Dial-in Permissions You can control the level of remote access for users by configuring the following dial-in properties: • Remote Access Permission (Dial-in or VPN) • Verify Caller ID • Callback Options • Assign a Static IP Address • Apply Static Routes

  35. How to Configure User Accounts for Network Access Your instructor will demonstrate how to: • Raise the domain functional level • Configure the dial-in properties for user accounts in a Windows 2000 native domain

  36. What Is a Remote Access Policy? A remote access policy is a named rule that consists of the following elements: • Conditions. One or more attributes that are compared to the settings of the connection attempt • Remote access permission. If all conditions of a remote access policy are met, remote access permission is either granted or denied • Profile. A set of properties that are applied to a connection when it is authorized (either through the user account or policy permission settings)

  37. Dial-in Constraints Multilink IP Properties IP Address Assignment IP Filters Authentication Encryption Advanced Settings What Is a Remote Access Policy Profile? Remote Access User

  38. How Remote Access Policies Are Processed START Go to next policy Yes No Are there policies to process? Does connection attempt match policy conditions? No Yes Reject connection attempt Yes Yes Is the Ignore User Dialin Properties attribute set to False? Is the remote access permission for the user account set to Deny Access? No No No Yes Reject connection attempt Is the remote access permission for the user account set to Allow Access? Is the remote access permission set to Deny Access? Yes No Accept connection attempt Yes Does the connection attempt match the User Account and Profile settings? No

  39. How to Configure a Remote Access Policy Your instructor will demonstrate how to: • Configure a remote access policy • Configure a new policy condition for a remote access policy

  40. How to Configure a Remote Access Policy Profile Your instructor will demonstrate how to configure a remote access policy profile

  41. Practice: Controlling User Access to a Network In this practice, you will configure a remote access policy and policy profile

  42. Lesson: Centralizing Network Access Authentication and Policy Management by Using IAS • What Is RADIUS? • What Is IAS? • How Centralized Authentication Works • How to Configure an IAS Server for Network Access Authentication • How to Configure the Remote Access Server to Use IAS for Authentication

  43. What Is RADIUS? RADIUS is a widely deployed protocol, based on a client/server model, that enables centralized authentication, authorization, and accounting for network access • RADIUS is the standard for managing network access for VPN, dial-up, and wireless networks • Use RADIUS to manage network access centrally across many types of network access • RADIUS servers receive and process connection requests or accounting messages from RADIUS clients or proxies

  44. You can configure IAS to support: RADIUS Server • Dial-up corporate access • Extranet access for business partners • Internet access • Outsourced corporate access through service providers What Is IAS? IAS, a Windows Server 2003 component, is an industry-standard compliant RADIUS server. IAS performs centralized authentication, authorization, auditing, and accounting of connections for VPN, dial-up, and wireless connections

  45. Communicates to the RADIUS client to grant or deny access 4 RADIUS Client 2 Forwards requests to a RADIUS server Domain Controller Client 3 Authenticates requests and stores accounting information Dials in to a local RADIUS client to gain network connectivity 1 How Centralized Authentication Works Remote Access Server RADIUS Server

  46. How to Configure an IAS Server for Network Access Authentication Your instructor will demonstrate how to: • Authorize an IAS server in Active Directory • Configure the IAS server for RADIUS clients

  47. How to Configure a Remote Access Server to Use IAS for Authentication Your instructor will demonstrate how to configure a remote access server to use IAS for authentication

  48. Practice: Centralizing Network Access Authentication by Using IAS In this practice, you will add a VPN server as a RADIUS client to an IAS server

  49. Lab A: Configuring Network Access In this lab, you will configure network access

More Related