Transcript Introducing WINS, DNS, and RRAS

Exam 70-290 Managing and Maintaining
a Microsoft® Windows® Server 2003 Environment
Lesson 11: Introducing WINS, DNS, and RRAS
(Skill 5)
Introducing Routing and
Remote Access Service (RRAS)
Routing and Remote Access Service (RRAS)
 Can be configured on a Windows Server 2003 computer
to create a remote access service (RAS) server that can
manage hundreds of concurrent dial-up connections or to
receive Virtual Private Network (VPN) connections on the
internal network
 Can also be configured to provide shared Internet access
using Network Address Translation (NAT) or to create a
secure connection between two servers on the Internet
connecting two LANs
11.59
© 2004 Pearson Education, Inc.
Exam 70-290 Managing and Maintaining
a Microsoft® Windows® Server 2003 Environment
Lesson 11: Introducing WINS, DNS, and RRAS
(Skill 5)
Introducing Routing and
Remote Access Service (RRAS) (2)
 Remote access service (RAS) server
 A computer running Windows Server 2003 and RRAS
 Configured specifically to function using a modem or modem
pool
 Users can dial in from a remote computer that is also configured
with a modem
 A Virtual Private Network (VPN) server is a type of
remote access server
11.60
© 2004 Pearson Education, Inc.
Exam 70-290 Managing and Maintaining
a Microsoft® Windows® Server 2003 Environment
Lesson 11: Introducing WINS, DNS, and RRAS
(Skill 5)
Introducing Routing and
Remote Access Service (RRAS) (4)
 To establish a dial-up connection, Windows Server 2003
uses either PPP or SLIP WAN protocols
 Point-to-Point Protocol (PPP)
Allows remote clients to access network resources
Provides error-checking to detect possible problems prior to
data transfer
 Serial Line Internet Protocol (SLIP)
An older remote communications protocol used by UNIX
computers
Does not provide security
Transfers data without checking for errors
11.61
© 2004 Pearson Education, Inc.
Exam 70-290 Managing and Maintaining
a Microsoft® Windows® Server 2003 Environment
Lesson 11: Introducing WINS, DNS, and RRAS
(Skill 5)
Introducing Routing and
Remote Access Service (RRAS) (5)
PPP supports many networking and authentication protocols
 Password Authentication Protocol (PAP)
 The least secure authentication protocol
 Uses plain text passwords for authentication
 Shiva Password Authentication Protocol (SPAP)
 An authentication protocol used to connect to a Shiva server
 More secure than PAP; less secure than CHAP or MS-CHAP
 Challenge Handshake Authentication Protocol (CHAP)
 Sends a challenge message to the client, the client applies an
algorithm to the message to calculate a hash value (a fixed-length
number), and sends the value to the server
 The server also calculates a value and compares it to the client’s
 If the values match, a connection is established
11.62
© 2004 Pearson Education, Inc.
Exam 70-290 Managing and Maintaining
a Microsoft® Windows® Server 2003 Environment
Lesson 11: Introducing WINS, DNS, and RRAS
(Skill 5)
Introducing Routing and
Remote Access Service (RRAS) (6)




11.63
MS-CHAP
 Microsoft’s version of CHAP
 The challenge message is specifically designed for Windows operating
systems and one-way encryption is used
MS-CHAP2
 Authenticates both the client and the server
 A different encryption key is used to transmit and receive data
Extensible Authentication Protocol (EAP)
 Used to customize your method of remote access authentication for
PPP connections
 Supports multiple authentication methods
IEEE 802.1X
 New in Windows Server 2003 is support for IEEE 802.1X
 Allows wireless and Ethernet LAN connections
© 2004 Pearson Education, Inc.
Exam 70-290 Managing and Maintaining
a Microsoft® Windows® Server 2003 Environment
Lesson 11: Introducing WINS, DNS, and RRAS
(Skill 5)
Figure 11-38 RAS
11.64
© 2004 Pearson Education, Inc.
Exam 70-290 Managing and Maintaining
a Microsoft® Windows® Server 2003 Environment
Lesson 11: Introducing WINS, DNS, and RRAS
(Skill 5)
Figure 11-39 Dial-up connections
11.65
© 2004 Pearson Education, Inc.
Exam 70-290 Managing and Maintaining
a Microsoft® Windows® Server 2003 Environment
Lesson 11: Introducing WINS, DNS, and RRAS
(Skill 5)
Figure 11-40 SLIP and PPP
11.66
© 2004 Pearson Education, Inc.
Exam 70-290 Managing and Maintaining
a Microsoft® Windows® Server 2003 Environment
Lesson 11: Introducing WINS, DNS, and RRAS
(Skill 5)
Figure 11-41 Tunneling
11.67
© 2004 Pearson Education, Inc.
Exam 70-290 Managing and Maintaining
a Microsoft® Windows® Server 2003 Environment
Lesson 11: Introducing WINS, DNS, and RRAS
(Skill 6)
Understanding Types of
Remote Access Connections
 Types of dial-up equipment used to establish a
connection between a remote network and a remote
access client
 POTS (Plain Old Telephone System)
 ISDN (Integrated Services Digital Network)
 DSL (Digital Subscriber Line)
 Cable modem lines
 Frame relay
 Leased telecommunication lines
 Modems (asynchronous and synchronous)
11.68
© 2004 Pearson Education, Inc.
Exam 70-290 Managing and Maintaining
a Microsoft® Windows® Server 2003 Environment
Lesson 11: Introducing WINS, DNS, and RRAS
(Skill 7)
Figure 11-49 The Routing and Remote Access console
11.69
© 2004 Pearson Education, Inc.
Exam 70-290 Managing and Maintaining
a Microsoft® Windows® Server 2003 Environment
Lesson 11: Introducing WINS, DNS, and RRAS
(Skill 7)
Click to open the
Authentication Methods
dialog box to set the
authentication protocols
Figure 11-52 The Security tab
11.70
© 2004 Pearson Education, Inc.
Exam 70-290 Managing and Maintaining
a Microsoft® Windows® Server 2003 Environment
Lesson 11: Introducing WINS, DNS, and RRAS
(Skill 8)
Creating a Remote Access Policy (3)
Remote access profile settings
 Allowed dial-in days and times
 Connection limits
 Allowed dial-in media and phone numbers
 Authentication settings
 Encryption settings
11.71
© 2004 Pearson Education, Inc.
Exam 70-290 Managing and Maintaining
a Microsoft® Windows® Server 2003 Environment
Lesson 11: Introducing WINS, DNS, and RRAS
(Skill 8)
Only available in Windows
2000 native mode or
Windows 2003 mode
domains. When this option
is set, the permissions
configured in the remote
access policy are checked.
If they are set to Grant, the
profile is applied. If they
are set to Deny, the caller
is disconnected.
Figure 11-54 The Dial-in tab in the Properties dialog box for a user
11.72
© 2004 Pearson Education, Inc.
Exam 70-290 Managing and Maintaining
a Microsoft® Windows® Server 2003 Environment
Lesson 11: Introducing WINS, DNS, and RRAS
(Skill 8)
Click to open the Add
IP Filter dialog box
Figure 11-56 The Inbound Filters dialog box
11.73
© 2004 Pearson Education, Inc.
Exam 70-290 Managing and Maintaining
a Microsoft® Windows® Server 2003 Environment
Lesson 11: Introducing WINS, DNS, and RRAS
(Skill 8)
Allows clients to
connect using 40-bit
encryption key MPPE
or IPSec encryption
Allows clients to
connect using 56-bit
encryption key MPPE
or IPSec encryption
Allows clients to
connect using 128-bit
encryption key MPPE
or IPSec encryption
Allows clients to
connect without using
data encryption
Figure 11-66 The Encryption tab
11.74
© 2004 Pearson Education, Inc.
Exam 70-290 Managing and Maintaining
a Microsoft® Windows® Server 2003 Environment
Lesson 11: Introducing WINS, DNS, and RRAS
(Skill 9)
Figure 11-68 Creating a VPN
11.75
© 2004 Pearson Education, Inc.
Exam 70-290 Managing and Maintaining
a Microsoft® Windows® Server 2003 Environment
Lesson 11: Introducing WINS, DNS, and RRAS
(Skill 9)
Figure 11-69 Creating a VPN server
11.76
© 2004 Pearson Education, Inc.
Exam 70-290 Managing and Maintaining
a Microsoft® Windows® Server 2003 Environment
Lesson 11: Introducing WINS, DNS, and RRAS
(Skill 11)
Introducing Network Address
Translation (NAT)
 Network Address Translation (NAT) also allows computers on a
network to share a single Internet connection, but with greater
flexibility
 The NAT service translates private IP addresses to public IP
addresses and vice versa as they are forwarded from client
computers to a server or from the server to client computers
 Using NAT, you can determine your own IP address range, making
NAT extendable for a larger network that has multiple subnets over a
routed network
 NAT includes a basic firewall to help protect clients from intrusions
from the Internet
 You can also configure static packet filters to designate the kinds of
traffic you will allow to both enter and leave the internal network
11.77
© 2004 Pearson Education, Inc.
Exam 70-290 Managing and Maintaining
a Microsoft® Windows® Server 2003 Environment
Lesson 11: Introducing WINS, DNS, and RRAS
(Skill 11)
Figure 11-81 NAT
11.78
© 2004 Pearson Education, Inc.