1 / 27

Objectives

Objectives. Configure Network Access Services in Windows Server 2008 RADIUS. 1. Configuring Remote Access Services in Windows Server 2008. Dial-up networking Connects remote users using a phone line Virtual Private Networks Allow client connections to your network from remote locations

chavi
Download Presentation

Objectives

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Objectives • Configure Network Access Services in Windows Server 2008 • RADIUS 1

  2. Configuring Remote Access Services in Windows Server 2008 • Dial-up networking • Connects remote users using a phone line • Virtual Private Networks • Allow client connections to your network from remote locations • Works by creating a secure tunnel for transmitting data packets between two points • VPN tunneling protocols: • Point-to-Point Tunneling Protocol (Easiest) • Layer 2 Tunneling Protocol (Require Certificate) • Secure Socket Tunneling Protocol (Only support 2008 or newer client) 2

  3. A VPN Tunnel • Point-to-Point Tunneling Protocol (PPTP) • Layer Two Tunneling Protocol (L2TP) • IP Security (IPSec) tunnel mode • IP-in-IP

  4. VPN Remote Access • Uses Internet to transmit private information • Encryption is used • Windows Server 2008 uses RRAS as a VPN server • Remote computers are configured as VPN clients

  5. Corporate Internetwork

  6. Implement a VPN through a NAT Server

  7. Enable and Configure a VPN Server Enabling packet filters should only be chosen if the server has multiple network cards with the filtered card connected to the Internet and the unfiltered cards connected to VPN traffic

  8. VPN Protocols • PPTP is the most popular and can function through NAT • L2TP requires IPSec to function • By default, 128 PPTP ports and 128 L2TP ports available • Can increase the number of ports or • Disable a protocol by setting the number of ports to zero • SSTP: New in 2008. Only for Client-Site, not for Site-Site • PPP or L2TP over SSL

  9. VPN Protocols (continued)

  10. Authentication Protocols

  11. Configuring Remote Access Servers • Control authentication and logging. Server and Client must support common protocol to authenticate and connect • No Authentication • Password Authenticated Protocol • Shiva Password Authentication Protocol • Challenge Handshake Authentication Protocol • Microsoft Challenge Handshake Authentication Protocol • Microsoft Challenge Handshake Authentication Protocol version 2 • Extensible Authentication Protocol • Specify whether or not the server is a router for IP, and if it allows IP-based remote access connections • Enable broadcast name resolution

  12. Allowing Client Access • By default, none of the users are granted remote access permission • Remote access permission is controlled by their user object • If RRAS does not participate in Active Directory, the user object is stored in the local user account database • If RRAS belongs to an Active Directory domain, the user object is stored in the Active Directory database located on the domain controller

  13. Network Access Policies • Control who is allowed to access remotely • Depends on the domain’s functional level (mixed, 2000 native or 2003 native or 2008) • Depend on the machine user is connecting to • Composed of Conditions, Constraints, and Settings • Conditions are criteria that must be met in order for remote access policy to apply to a connection • Allow if met constraints and Deny if not • After conditions and constrains are met, settings are applied to the connection

  14. Network Access Policy Evaluation

  15. Creating a VPN Client Connection • Configure VPN clients on client machines, e.g. Win XP • Windows Server 2008 can be configured as a VPN client • Create VPN connections using the “New Connection” Wizard in XP or earlier and “Set up a connection or network” wizard in Vista and 2008 • Specify IP address (or FQDN) of VPN server • Configure whether or not an initial connection is created • Configure dialing and redialing options • Specify if password and data encryption are required • Configure the network configuration for VPN connection • Configure an Internet connection firewall and Internet connection sharing

  16. Routing and Remote Access and DHCP • Provide remote access clients with IP addresses during a dial-up connection. • Server Assigned IP Address option. • Routing and Remote Access uses DHCP to lease addresses. • DHCP leases are released when Routing and Remote Access is shut down. • Number of leased addresses can be configured.

  17. Troubleshooting Remote Access • Software configuration errors by users or administrators • Incorrect phone numbers and IP addresses • Incorrect authentication settings • Incorrectly configured network access policies • Name resolution is not configured • Clients receive incorrect IP options • Best troubleshooting tools include: • Log files (System log) • Error messages • Network Monitor • Ipconfig and Ping command line tools • Hardware errors can also cause problems

  18. Hardware Errors • Common hardware troubleshooting tips: • Ensure hardware is on the Microsoft hardware compatibility list • Use ping to determine if the address is reachable • See if you can dial in to a different remote access server • Ensure there is a link light on the network card

  19. Resource Kit Utilities • RASLIST.EXE • RASSRVMON.EXE: Monitor Remote Access • Provides: Server, Port, Summary, and Individual Connection information • Alerting set up to run program of choice • RASUSERS.EXE • TRACEENABLE.EXE

  20. Introduction to Network Policy Server • Network Policy Server (NPS) • Role service that provides a framework for creating and enforcing network access policies for client health • Can be used to perform: • Configure a RADIUS server • Configure a RADIUS proxy • Configure and implement Network Access Protection (NAP) 20

  21. Introduction to RADIUS RADIUS Industry-standard protocol that provides centralized authentication, authorization, and accounting for network access devices Components of RADIUS RADIUS clients VPN server Network access servers RADIUS proxy RADIUS server Perform authentication & authorization User account database 21

  22. 22

  23. 23

  24. 24

  25. Server 2008 NPS Console • NPS Console • Central utility for managing • RADIUS clients and remote RADIUS servers • Network health and access policies • NAP settings for NAP scenarios • Logging settings 25

  26. Server 2008 NPS Console 26

  27. Server 2008 NPS Console 27

More Related