| To help you better understand how Routing and Remote Access can be leveraged in an enterprise environment, we've created a couple of scenarios. The following two scenarios include mobile and home user access of RRAS and a site-to-site connected RRAS environment. Remote Mobile and Home Users Remote access users connecting from home or a hotel have several options. The connection options depend on the available hardware connection and the version of the Windows desktop operating system. The following list discusses some options available to remote mobile and home users: Dial-up remote access Remote and mobile users can access corporate network resources by dialing up to an RRAS server. The dial-up client, shown in Figure 26.15, initiates a connection to an RRAS server to authenticate the user and then provides access to the corporate intranet. Windows Terminal Services (WTS) Windows Terminal Services provides remote and mobile users access to Windows-based programs running on a Windows Server 2003. With WTS, users can run programs, open and save files, and use corporate network resources as if they were installed on their local computers. Using Windows Server 2003 WTS also allows users to access their local drives for file transfers, access serial devices, and print to their local printers. Remote home users can access the WTS server through direct dial-up, Internet Explorer (requires an ActiveX plug-in), and Windows Terminal Server Client. Terminal Services is covered in detail in Chapter 27, "Windows Server 2005 Terminal Services." VPN connection Remote and mobile users who have access to the Internet can create VPN connections to establish remote access connections to a corporate intranet. VPN remote access eliminates the need for long-distance calls to corporate RAS servers. Remote clients can use their connections to local ISPs to create VPN connections to their corporate office. The VPN software creates a virtual private network between the dial-up user and the corporate VPN server across the Internet. VPN clients have a choice of connecting using PPTP or L2TP or having the connection automatically selected, as shown in Figure 26.16. As stated earlier in this chapter, PPTP is supported by a variety of Windows desktop platforms but does not have the level of security provided by L2TP/IPSec. L2TP/IPSec provides a higher level of data integrity and security but requires a certificate infrastructure.
Figure 26.15. Dial-up window to connect to an RRAS server. 
Figure 26.16. Choosing between PPTP, L2TP, or automatic connection type. 
Site-to-Site Connections Organizations can also use VPN connections to establish routed and secure connections between geographically separate offices or other organizations over the Internet. A routed VPN connection across the Internet logically operates as a dedicated WAN link. The two methods for using VPNs to connect local area networks at remote sites are as follows: Using dedicated lines to connect branch offices Rather than using an expensive dedicated circuit between the branch offices, both the branch office RRAS servers can use a local dedicated circuit and local ISP to connect to the Internet. The VPN software uses the local ISP connections and the Internet to create a virtual private network between the branch office servers. Using a dial-up line to connect branch offices Instead of having an RRAS server initiate a long-distance call to another RRAS server, the server at each branch office can call a local ISP to establish a connection to the Internet. The VPN software uses the Internet connection to create a VPN between the branch office servers across the Internet, as illustrated in Figure 26.17.
Figure 26.17. Using the Internet to create a branch officetobranch office connection. 
In both cases, the services that connect the branch offices to the Internet are local. The office routers that act as VPN servers must be connected to a local ISP with a dedicated line. This VPN server must be listening 24 hours a day for incoming VPN traffic. |
