Windows Server 2003 includes the Routing and Remote Access Service (RRAS), which enables remote clients to connect to a remote access server and use resources as though they were directly attached to the network. RRAS can be used to configure VPNs, thus expanding your LAN over the Internet. Windows 2000 introduced routing and remote access, which replaced the remote access service of Windows NT 4.0. RRAS in Windows Server 2003 now includes the following new features:
Windows Server 2003 remote access provides two connectivity methods :
Enabling Routing and Remote AccessRRAS is installed by default with Windows Server 2003. However, before you can begin using RRAS, it must first be enabled. To enable RRAS, follow these steps:
Table 5.1. Common Remote Access Configurations
When you click the Finish button to exit the wizard, a warning message appears if you chose to use a DHCP server to assign IP addresses to remote clients (see Figure 5.2). The message warns you that to have DHCP messages relayed from remote clients to a DHCP server on the internal network, the remote access server must be configured as a DHCP Relay Agent. (This issue is covered in more detail in the section entitled "Configuring Routing and Remote Access for DHCP.") Figure 5.2. To complete the remote access process, you must configure a DHCP Relay Agent.
Configuring Inbound ConnectionsThe two main communication protocols used by dial-up remote access clients are the Point-to-Point Protocol ( PPP ) and the Serial Line Internet Protocol ( SLIP ) . PPP has become an industry-standard communications protocol because of its popularity; it provides support for multiple network protocols, including TCP/IP, IPX/SPX, and NetBEUI. SLIP is a legacy communication protocol used primarily to connect to Unix systems. One of the major disadvantages of SLIP is the lack of security (for example, sending passwords in clear text). Windows Server 2003 remote access supports the use of SLIP for outbound connections only. SLIP also does not support the DHCP functionality on a RAS server to assign dial-in clients an IP address.
You can configure PPP using the PPP tab in the Properties window of the remote access server (see Figure 5.3). You can enable the Multilink Connections option to allow remote access clients to aggregate multiple phone lines into a single logical connection, which increases bandwidth. For example, you can combine two B channels from an ISDN BRI connection. Although multilink enables multiple connections to act as a single logical connection, on its own it does not provide a way of dynamically adding and dropping links based on bandwidth requirements. The Bandwidth Allocation Protocol (BAP) provides this feature. BAP enables multilink connections to be added and dropped as bandwidth requirements change. For example, if the bandwidth utilization for a link goes beyond a configured level, the client who is requesting an additional link can send a BAP request message. The Bandwidth Allocation Control Protocol (BACP) works in conjunction with the Link Control Protocol (LCP) to elect a favored "peer" so that a favored peer can be identified if multiple BAP requests are received simultaneously . You can also enable or disable BAP, BACP, LCP, and software compression for PPP connections from the Properties window shown in Figure 5.3. Figure 5.3. You configure PPP via the PPP tab in the Properties window of the remote access server.
Configuring PortsConfiguring inbound connections allows a remote access server to accept incoming connections from remote access clients. After RRAS has been enabled, a number of ports are created. Additional ports can be created, if necessary. You can configure the ports by right-clicking the Ports icon under the RAS server and selecting Properties. Select the ports that you want to configure and click the Configure button. Keep in mind that the configuration changes made apply to all ports. The configurable options are the same for PPTP and L2TP ports (see Figure 5.4). From this Properties window, you can also increase the number of ports by changing the Maximum Ports setting. Figure 5.4. You configure ports via the Ports Properties icon on the RAS server.
In the Configure Device dialog box shown in Figure 5.4, you can configure the ports for inbound use only, or for inbound and outbound use if the server is used for demand-dial routing. This is also where you can configure additional ports by setting the Maximum Ports value.
Modem and serial ports are also created for any modems that are installed on the server, and for any serial or parallel connections. These ports can also be configured in the Ports Properties dialog box. |