1 / 24

配置远程访问

配置远程访问. 概述. 在 Windows 2000 中检测远程访问 配置入站连接 配置出站连接 配置多链路连接 配置身份验证协议 配置加密协议 为 DHCP 集成配置路由和远程访问. 在 Windows 2000 中检测远程访问. 建立远程访问连接 数据传输协议 虚拟专用网络协议( VPN ). LAN Protocols. Internet. 建立远程访问连接. Local Area Network. Remote Access Protocols. LAN Protocols. Remote Access Server.

nardo
Download Presentation

配置远程访问

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. 配置远程访问

  2. 概述 • 在 Windows 2000中检测远程访问 • 配置入站连接 • 配置出站连接 • 配置多链路连接 • 配置身份验证协议 • 配置加密协议 • 为DHCP 集成配置路由和远程访问

  3. 在 Windows 2000中检测远程访问 • 建立远程访问连接 • 数据传输协议 • 虚拟专用网络协议(VPN)

  4. LAN Protocols Internet 建立远程访问连接 Local Area Network Remote Access Protocols LAN Protocols Remote Access Server Remote Access Protocols Remote Access Client

  5. Remote Access Protocols LAN Protocols PPP TCP/IP SLIP (client only) NWLink Microsoft RAS NetBEUI ARAP (server only) AppleTalk 数据传输协议 Remote Access Server Remote Access Client

  6. Internetwork Must Be IP Based No Header Compression No Tunnel Authentication Built-in PPP Encryption 虚拟专用网络协议(VPN) PPTP L2TP Internetwork Can Be IP, Frame Relay, X.25, or ATM Based Header Compression Tunnel Authentication Uses IPSec Encryption Internet Client Server PPTP or L2TP

  7. 配置远程访问连接 • 配置远程访问服务 • 配置虚拟专用网络端口 • 配置调制解调器和电缆端口 • 配置用户拨入设置

  8. Routing and Remote Access Action View Routing and Remote Access Server Status SERVERX (local) All Tasks 启动远程访问服务 Configure and Enable Routing and Remote Access Disable Routing and Remote Access View Delete Refresh Export List... Properties Help

  9. Routing and Remote Access Action View Name Device Comment Status Routing and Remote Access WAN Miniport (PPTP)(VPN3-4) VPN Inactive WAN Miniport (PPTP)(VPN3-3) VPN Inactive WAN Miniport (PPTP)(VPN3-2) VPN Inactive WAN Miniport (PPTP)(VPN3-1) VPN Inactive WAN Miniport (PPTP)(VPN3-0) VPN Inactive WAN Miniport (L2TP)(VPN2-4) VPN Inactive WAN Miniport (L2TP)(VPN2-3) VPN Inactive WAN Miniport (L2TP)(VPN2-2) VPN Inactive WAN Miniport (L2TP)(VPN2-1) VPN Inactive WAN Miniport (L2TP)(VPN2-0) VPN Inactive Direct Parallel (LPT1) PARALLEL Inactive Modem (COM 3) MODEM Inactive Server Status SERVERX (local) Ports Dial-In Clients (0) IP Routing Remote Access Policies Ports 配置虚拟专用网络端口 PPTP Ports L2TP Ports Cable and Modem Ports

  10. Ports Properties RAS Device Configuration Configure ports - WAN Miniport (PPTP) In the list below, select those devices which can be used by the Routing and Remote Access Services. You can enable this device to accept inbound remote access requests and to enable demand-dial routing connections. Devices: Usage Device Type Num... Remote access (inbound) Ras Ras None WAN Miniport (PPTP) WAN Miniport (L2TP) Direct Parallel PPTP L2TP Parallel 5 5 1 Demand-dial routing (inbound/outbound) Phone number of this device: Ports You can adjust the port limit for a device which supports dynamic ports (such as virtual circuits). 5 Maximum ports: Configure OK Cancel 配置调制解调器和电缆端口 Ports, Grouped By Type Function of Port Phone Number(if applicable) Number of Virtual Ports

  11. User1 Properties General Address Account Profile Telephones Organization Dial-in Member Of Environment Timeouts Remote Access Permission (Dial-in or VPN) Allow access Deny access Control access through Remote Access Policy Verify Caller-ID: Callback Options No Callback Set by Caller (Routing and Remote Access Service only) Always Callback to: Assign Static IP Address Apply Static Routes Define routes to enable for this Dial-in connection. Static Routes... OK Cancel Apply 配置用户拨入设置 Permissions Caller ID Callback IP Routing

  12. 配置出站连接 • 考查硬件选项 • 创建拨号连接 • 连接到虚拟专用网 • 通过电缆直接连接

  13. PSTN • Cable Modem • ISDN • X.25 考查硬件选项 Connection Methods • Direct Connection

  14. Client Network Connection Wizard Network Connection Type You can choose the type of network connection... Dial-up to private network Connect using my phone line (modem or ISDN) Dial-up to the Internet Connect to the Internet using my phone line (modem or ISDN) Client ISP Server 创建拨号连接 Remote Access Server Internet

  15. Internet Tunnel 连接到虚拟专用网 CorporateIntranet Intranet Adapter Internet Adapter Windows 2000 VPN Server VPN Remote Access Client

  16. Communications Port (Com1) Communications Port (Com1) Communications Port (Com2) Direct Parallel (LPT1) Communications Port (Com1) 通过电缆直接连接 Network Connection Wizard Host or Guest To connect two computers, specify which one you are using. Choose the role you want for this computer Host This computer has the information you want to access. Network Connection Wizard Guest Select a Device This is the device that will be used to make the connection. This computer will be used to access information on the host computer. Select a device:

  17. 配置身份验证协议 • 标准身份验证协议 • 可扩展的身份验证协议

  18. 标准身份验证协议 Protocol Security Use when PAP 低 The client and server cannot negotiate using more secure validation SPAP 中 Connecting a Shiva LANRover and Windows 2000–based client or a Shiva client and a Windows 2000–based remote access server CHAP 高 You have clients that are not running Microsoft operating systems MS-CHAP 高 You have clients running Windows NT version 4.0 and later or, Microsoft Windows 95 and later MS-CHAP v2 高 You have dial-up clients running Windows 2000, or VPN clients running Windows NT 4.0 or Windows 98

  19. 可扩展的身份验证协议 • 允许客户和服务器协商他们将使用的身份验证方法 • 支持所使用的身份验证 • MD5-CHAP • 传输层安全性 • 附加的第三方的身份验证方法 • 确保支持通过 API进行身份验证的方法

  20. 配置加密协议 Edit Dial-in Profile Members of this group dial-in profile can use IPSec 56-bit Data Encryption Standard (DES) or MPPE 40-bit data encryption Dial-in Constraints IP Multilink Authentication Encryption Advanced NOTE: These encryption settings apply only to the Windows 2000 Routing and Remote Access Service. Select the level(s) of encryption that should be allowed by this profile. Members of this group dial-in profile can use IPSec 56-bit DES or MPPE 56-bit data encryption No Encryption Basic Strong Strongest Members of this group dial-in profile can use IPSec Triple DES (3DES) or MPPE 128-bit data encryption OK Cancel Apply

  21. 为DHCP 集成配置路由和远程访问 • 利用 DHCP将 IP地址分配给远程访问客户机 • 为使用DHCP而配置路由和远程访问

  22. 利用 DHCP将 IP地址分配给远程访问客户机 • If DHCP Server is Available • If DHCP Server is Unavailable Remote Access Server Obtains 10 IP Addresses at a Time Remote Access Server Uses Automatic Private IP Addressing

  23. 为使用DHCP而配置路由和远程访问 LONDON (local) Properties IP General Security PPP Event Logging Enable IP routing Allow IP-based remote access and demand-dial connections IP address assignment This server can assign IP addresses by using: Dynamic Host Configuration Protocol (DHCP) Static address pool From To Number IP Add… Mask Add… Edit… Remove Use the following adapter to obtain DHCP, DNS, and WINS addresses for dial-up clients. Adapter: Corpnet: Apply OK Cancel

  24. 复习 • 在 Windows 2000中检测远程访问 • 配置入站连接 • 配置出站连接 • 配置身份验证协议 • 配置加密协议 • 为DHCP 集成配置路由和远程访问

More Related