1 / 70

Chapter 12: Remote Access and Virtual Private Networks

Chapter 12: Remote Access and Virtual Private Networks. Learning Objectives. Explain how remote access and virtual private network (VPN) services work Explain how to implement remote access communications devices and protocols

micol
Download Presentation

Chapter 12: Remote Access and Virtual Private Networks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Chapter 12:Remote Access and Virtual Private Networks

  2. Learning Objectives • Explain how remote access and virtual private network (VPN) services work • Explain how to implement remote access communications devices and protocols • Configure remote access services, security, dial-up connectivity, and client access

  3. Learning Objectives (continued) • Configure VPN services, security, dial-up connectivity, and client access • Troubleshoot remote access, VPN services, and client connectivity

  4. Early Remote Access Methods • An early method for accessing a network, which is still used, is to connect to a workstation through remote access software such as Carbon Copy

  5. Accessing a Workstation Remotely Figure 12-1 Remotely accessing a workstations on a network

  6. Microsoft Remote Access • A modern way to access a network remotely is by using Microsoft Remote Access Services (RAS) in Windows 2000 Server

  7. Using RAS Figure 12-2 Remotely accessing a network through Microsoft RAS

  8. Virtual Private Network • Virtual private network: A private network that is like a tunnel through a larger network – such as the Internet, an enterprise network, or both – that is restricted only to designated member clients

  9. Planning Tip • Use a VPN to save money on modems and telephone lines for remote access to a network

  10. VPN Architecture Figure 12-3 VPN network architecture

  11. Operating Systems Than Can Connect to RAS • MS-DOS • Windows 3.1 and 3.11 • Windows NT (all versions) • Windows 95 • Windows 98 • Windows 2000 Server and Professional

  12. Connection Types Supported by RAS • Asynchronous modems • Synchronous modems through an access server • Null modem connections • Regular dial-up telephone lines • Leased telecommunications lines, such as T-carrier

  13. Connection Types Supported by RAS (continued) • ISDN lines (and digital modems) • X.25 lines • DSL lines • Frame relay lines

  14. T-Carrier • T-carrier: A dedicated leased telephone line that can be used for data communications over multiple channels for speeds of up to 44.736 Mbps and beyond • Two common varieties of T-carrier are: • T-1 at 1.544 Mbps • T-3 at 44.736 Mbps

  15. Frame Relay • Frame relay: A WAN communications technology that relies on packet switching and virtual connection techniques to transmit at from 56 Kbps to 45 Mbps

  16. ISDN • Integrated Services Digital Network (ISDN): A telecommunications standard for delivering data services over digital telephone lines with a current practical limit of 1.536 Mbps and a theoretical limit of 622 Mbps

  17. X.25 • An older packet-switching protocol for connecting remote networks at speeds up to 2.048 Mbps

  18. DSL • Digital subscriber line (DSL): A technology that uses advanced modulation technologies on regular telephone lines for high-speed networking at speeds of up to 60 Mbps between subscribers and a telecommunications company

  19. Telephony Interfaces • RAS supports telephony interfaces that include: • Universal Modem Driver: A modem driver standard used on recently developed modems • Telephone Application Programming Interface: An interface for communication line devices (such as modems) that provides line device functions, such as call holding, call receiving, call hang-up, and call forwarding

  20. Transport and Remote Communication Protocols • RAS supports protocols such as: • TCP/IP • NWLink • NetBEUI • PPP • PPTP • L2TP

  21. Using Modems • One of the most common ways to connect through RAS is by using modems either at the RAS server end, the client end, or both • Cable TV modems are another possibility, but verify that the end-to-end connections can be made secure

  22. ISDN Connectivity • Digital “modems” can be used to connect a RAS server to ISDN, but these are really terminal adapters (TAs) and not modems, because ISDN is digital and does not use modulation/demodulation • A design advantage of ISDN is that you can aggregate multiple lines to appear as one super fast connection

  23. Access Server • An effective way to connect different telecommunications and WAN media to RAS is through an access server • For example, an access server can provide the following types of connectivity: • Modems • ISDN • X.25 • T-carrier

  24. Access Server Architecture Figure 12-4 Using an access server

  25. Remote Access Protocols • Serial Line Internet Protocol (SLIP): An older remote communications protocol that is used by UNIX computers. The modern compressed SLIP (CSLIP) version uses header compression to reduce communications overhead. • Point-to-Point Protocol (PPP):A widely used remote communication protocol that supports IPX/SPX, NetBEUI, and TCP/IP for point-to-point communication.

  26. SLIP and PPP Compared Table 12-1 SLIP and PPP Compared

  27. Remote Access Protocols (continued) • Point-to-Point Tunneling Protocol (PPTP): A remote communication protocol that enables connectivity to a network through the Internet and connectivity through intranets and VPNs

  28. Remote Access Protocols (continued) • Layer Two Tunneling Protocol (L2TP): A protocol that transports PPP over a VPN, intranet, or Internet. L2TP works similarly to PPTP, but unlike PPTP, L2TP uses an additional network communications standard, called Layer Two Forwarding, that enables forwarding on the basis of MAC addressing

  29. General RAS Configuration Steps • Configure a Windows 2000 server with RAS, including the appropriate protocols • Configure a DHCP Relay Agent (if IP addresses are assigned via DHCP) • Configure RAS security • Configure a dial-up and remote connection • Configure RAS on client workstations

  30. Configuring RAS • Use the Routing and Remote Access tool to install RAS

  31. Installing RAS Figure 12-5 Configuring routing and RAS

  32. Installing RAS (continued) Figure 12-6 Selecting the option to install RAS

  33. Routing and Remote Access Options

  34. Installing RAS (continued) Figure 12-7 IP address assignment options

  35. RAS Installation Tip • If you configure RAS for AppleTalk, then users access RAS through the Guest account, which cannot have a password

  36. RAS Properties • You can configure RAS properties after RAS is installed by right-clicking the RAS server in the tree of the Routing and Remote Access tool and then clicking Properties

  37. Viewing a RAS Server’s Properties Figure 12-8 RAS server properties

  38. DHCP Relay Agent • If you configure RAS to use DHCP to assign IP addresses, then you must configure a DHCP Relay Agent: • Double-click the RAS server in the tree of the Routing and Remote Access tool • Click IP Routing in the tree • Right-click DHCP Relay Agent and click Properties • Enter the IP address of the RAS server, click Add, and then click OK

  39. Multilink • If you plan to use an aggregated connection, such as for ISDN or multiple modems, configure Multilink and Bandwidth Allocation Protocol in the RAS Properties PPP tab

  40. Multilink and BAP • Multilink: A capability of RAS to aggregate multiple data streams into one logical network connection for the purpose of using more than one modem, ISDN channel, or other communication line in a single logical connection • Bandwidth Allocation Protocol (BAP): A protocol that works with Multilink in Windows 2000 Server that enables the bandwidth or speed of a remote connection to be allocated on the basis of the needs of an application, with the maximum allocation equal to the maximum speed of all channels aggregated via Multilink

  41. BACP • Bandwidth Allocation Control Protocol: Similar to BAP, but BACP is able to select a preferred client when two or more clients vie for the same bandwidth

  42. Configuring Multilink and BAP/BACP Figure 12-9 Configuring Multilink and BAP

  43. Security Set at the Client • Set up security on the client’s account properties via the Dial-in tab, including whether to use a remote access policy for security and callback security

  44. Callback Options • No Callback: access is allowed on the first dial-up attempt • Set By Caller: the server calls back a number provided by the remote computer • Always Callback to: the server calls back a number that has already been entered in the Dial-in tab

  45. Configuring Dial-in Security Figure 12-10 Configuring dial-in security for a user account

  46. Remote Access Policies • Configure remote access policies and a profile to secure the RAS server and to manage access including: • Dial-in constraints • IP address assignment rules • Authentication • Encryption • Allowing Multilink connections

  47. Configuring Remote Access Policies Figure 12-11 Granting remote access as a RAS policy

  48. Authentication Options • There are several authentication options that can be set in a remote access policies profile: • Extensible Authentication Protocol (EAP):An authentication protocol employed by network clients that use special security devices such as smart cards, token cards, and others that use certificate authentication

  49. Authentication Options (continued) • Challenge Handshake Authentication Protocol (CHAP): An encrypted handshake protocol designed for standard IP- or PPP-based exchange of passwords. It provides a reasonably secure, standard, cross-platform method for sender and receiver to negotiate a connection. • CHAP with Microsoft extensions (MS-CHAP): A Microsoft-enhanced version of CHAP that can negotiate encryption levels and that uses the highly secure RSA RC4 encryption algorithm to encrypt communications between client and host

  50. Authentication Options (continued) • CHAP with Microsoft extensions version 2 (MS-CHAP v2): An enhancement of MS-CHAP that provides better authentication and data encryption and that is especially well suited for VPNs • Password Authentication Protocol (PAP): A non-encrypted plain-text password authentication protocol. This represents the lowest level of security for exchanging passwords via PPP or TCP/IP

More Related