Transcript Objectives Configure routing in Windows Server 2008 Configure

Objectives
• Configure routing in Windows Server 2008
• Configure Network Address Translation
1
Configuring Routing in 2008
• Routing and Remote Access Services (RRAS)
– A Server Role service used to configure and manage
network routing
– Recommended for use in small networks that require
simple routing directions
– Not recommended for large and complex environments
(use Cisco)
2
Configuring RRAS as a Router
• Routers
– Responsible for forwarding packets between
subnets, or networks with differing IP addressing
schemes
3
Configuring Routers (continued)
Working with Routing Tables
• Routing tables are composed of routes
• Routes
– Direct data traffic to its destination
• Routing tables
– A list of routes
– Can be managed in the RRAS console or from the
command line using the route command
5
Configuring Routes
• Static Routing Limitations:
– Requires manual creation and management
– Require reconfiguration if the network changes
– Used in small network with less than 10 subnet
• Dynamic protocols
– Route traffic based on information they discover about
remote networks from other routers
• Routing Information Protocol version 2 (RIPv2)
– Uses partner routers, or RIP neighbors, in determining
the dynamic routes it can use for forwarding packets of
data
– Can force authentication
6
Routing Protocol
RIP v2
• Can force authentication between
routers when announcements are sent
• Password for authentication is plain text
• Can configure which incoming and
outgoing routes are accepted
• Split-horizon processing stops
information from going back in the
direction it was received from
• Poison-reverse processing marks a
network as unreachable if it goes down
Filtering Router Traffic
• Can control packets allowed to pass between
routed networks using packet filters
• Packet filters are directional
• Packet filters are used to filter network traffic based
on criteria such as:
–
–
–
–
Protocol
Source address
Destination address
Port number
Filtering Router Traffic (continued)
Configuring Packet Filters
Configuring Packet Filters
Configuring Dial-on-Demand Routing
• Demand-dial routing
– Allows a server to initiate a connection only when it
receives data traffic bound for a remote network
– Can use dial-up networks instead of more expensive
leased lines
12
Demand-dial Connections
• Used to establish a connection between two routers
only when there is data to send
• Can also be used to initiate VPN connections
between Windows routers and phone Dial-in
connection
• A user account with remote access permission is
required to establish a demand-dial connection
• Avoid sending plain-text passwords
• At least one static route is required to trigger the
demand-dial interface
• Demand dial filters to control which types of network
traffic trigger a demand-dial connection
Configure Demand-dial Settings
• You can configure security settings and idle timeout
• You can configure a set of dial-out hours
Demand-dial Filter
• You can configure security settings and idle timeout
• You can configure a set of dial-out hours
Configuring a DHCP Relay Agent
• DHCP relay agent
– Manages the communication between a network’s
DHCP server and clients on subnets without a
DHCP server
• With RRAS
– Network adapters are added and configured to listen
for DHCP broadcast messages
16
Network Address Translation
• Allows you to shield internal IP address ranges
from public networks by allowing internal clients to
access the Internet through a shared IP address
17
NAT Components
• Translation
–
–
–
–
IP router
Static and dynamic address mapping
Proper translation of header fields
NAT editors
• Addressing
– Public: Static IP bought from ISP or InterNIC
– Private:
 Class A – 10.0.0.0 through 10.255.255.255
 Class B – 172.16.0.0 through 172.31.255.255
 Class C – 192.168.0.0 through 192.168.255.255
• Name resolution
Using NAT to Transparently Connect an Intranet to the
Internet
NAT Components
NAT Processing of Outbound Internet Traffic
NAT Processing of Inbound Internet Traffic
Using IPSec
Troubleshooting Routing
• Most problems result from an incorrect
configuration
• First place to check for problems is the routing
table
• A remote router may prevent a packet from
reaching its destination network
• Can use the tracert command to see the path a
packet takes from one router to another
Troubleshooting Routing (continued)
Troubleshooting NAT
• Are all interfaces added to Connection Sharing
(NAT) protocol?
• Is translation enabled on Internet interface?
• Is Connection Sharing enabled on private
interface?
• Is TCP/UDP port translation enabled?
• Is your range of public addresses set correctly?
• Is the protocol being used by a program
translatable?
• Is Connection Sharing addressing enabled on the
home office network?