Understanding Remote Access

Although wireless technology will definitely change our options for connecting to a network from a remote location in the next few years , the asynchronous modem still serves as the typical connection device and uses the public phone lines as the communication conduit. Any desktop PC or laptop computer can be outfitted with a modem. Almost all client operating systems also provide a dial-up client that can be used to connect to a network using a modem. Millions of people use modems and dial-up clients to connect to their Internet service providers so that they can check their email and browse the World Wide Web.

For a user to be able to connect to a corporate network from a laptop (or any computer) using a modem, there has to be a computer at the company that will accept the call and allow the user to log on to the network. This type of computer is called a remote access server .

The Remote Access Services (RAS) server must be running a NOS that allows remote access, and it must be configured to allow dial-in connections. Communications hardware such as an analog modem (or several modems in a modem pool to allow a number of connections from users), an ISDN modem, or some other connectivity device is required so that the RAS server can field the incoming calls.

Microsoft's Windows Server 2003, Novell NetWare, Linux Red Hat, and Sun Microsystems's Solarisall the big players in the NOS marketoffer remote access (although some of these network operating systems require additional software to provide remote client access). Remote access servers use a technique called tunneling in which packets from your network, which are encapsulated into a particular frame type by the network protocol you are using (such as TCP/IP or IPX/SPX), are moved across the public switched telephone network in a virtual tunnel that is hosted by a particular wide area networking protocol or access protocol, such as the Point-to-Point Protocol (which we discuss later in the chapter).

Setting up remote access really is a two-part process. First, you must install and configure a RAS server. Once the RAS server is up and running and can accept an incoming call, you need to configure the remote client computer (or the user must be walked through the process of configuring the remote client). Let's take a look at the server side or the RAS equation first.



For more about remote access and Windows Server 2003, check out Sams Teach Yourself Microsoft Windows Server 2003 in 24 Hours or Microsoft Windows Server 2003 Unleashed . For Red Hat Linux, check out Red Hat Linux 9 Unleashed (the "Unleashed" books are published by Sams). For Novell NetWare, see CNE Update to NetWare 6 from Que.

Configuring an RAS Server for Dial-Up Access

Depending on the size of your network, the RAS server can be your primary network server or an additional server on the network that is specifically charged with handling remote access connections. Configuring a server for remote access involves the following tasks :

  • Installing network protocols on the server . You must install the network protocols on the server that will be used by the remote hosts to access network resources and services. For example, Microsoft Windows Server 2003 allows remote clients to use TCP/IP, IPX/SPX, AppleTalk, or NetBEUI (even though NetBEUI is no longer a supported protocol) to connect to network resources.

  • Installing connectivity hardware . Before you can configure the Remote Access Service on the server, you must connect your modem or other connectivity device to the server and install the appropriate software drivers for the device (meaning the modem or other device needs to be functional before you can configure the Remote Access Service on the server).

  • Configuring the Remote Access Service on the server . Each network operating system will supply a utility for configuring the Remote Access Service server. For example, Windows Server 2003 uses the Routing and Remote Access (RRAS) snap-in, shown in Figure 17.3, to start and configure the RAS server.

    Figure 17.3. NOS utilities such as the Windows Server 2003 RRAS snap-in are used to configure a remote access server.


Once the RAS server is configured, user accounts must also be enabled for dial-in. On a Windows Server 2003 network, user accounts are enabled for dial-in using the Windows Active Directory. Figure 17.4 shows the Properties dialog box for a user account. The Dial-In tab is used to enable remote access for the user.

Figure 17.4. Users must be configured for dial-in access.




When remote access servers are configured, another issue that pops up is authentication. Different authentication protocols can be used that must be negotiated by the remote clients for them to connect to the remote access server. A number of different authentication protocols are available. Some authentication protocols provide greater security than others. For example, the Password Authentication Protocol (PAP) uses clear text login names and passwords ( clear text means that the login and password are transmitted over the line as text), which makes it easier for hackers to steal logon and password information. Other protocols, such as Challenge Handshake Authentication Protocol (CHAP), use encryption and other methods to provide a more secure environment when the clients negotiate access.



Configuring a server for remote access makes it convenient for remote users to get at network resources, but it also opens up a possible avenue for unauthorized access to the network. If you take a look at Figure 17.4, you will find that some security measures can be implemented to help control user access. For example, the remote connection can be configured so that the server will hang up after authenticating the user and then call back the user's phone number to reestablish the connection. This is one way of keeping out unauthorized users who have stolen a username and password.

Configuring an RAS Client

Once the RAS server has been set up and configured for dial-in connections and the user account of the individual who will dial in to the RAS server has been enabled for remote access, you need to configure the client computer. The client computer must be configured with a LAN protocol or protocols that match those supported by the RAS server and the network.

The client computer must also be outfitted with a device that allows it to remotely connect to the RAS server. In most cases, this means that the remote client must be configured with a modem.

Once the client computer has been set up with the appropriate LAN protocols and a modem, the client computer must be configured with a dial-up connection that is used to dial the RAS server. Most types of client software have built-in dial-up clients. Windows clients, such as Windows 2000 Professional, even provide a connection wizard that can be used to set up the computer to dial in to a remote access server.

In Windows XP Professional, the dial-up connection is created using the Make New Connection icon in the Network and Dial-Up Connections dialog box. Figure 17.5 shows the Network Connection Wizard dialog box. The wizard can create dial-up connections to private networks (meaning to an RAS server). This wizard is also used to enable connections to a remote network over a Virtual Private Networking connection (which we discuss later in this chapter).

Figure 17.5. Windows XP provides a wizard to create the dial-in access to the remote server.


Once you select the Dial-Up to Private Network option, all you have to do is provide the phone number for the RAS server and then supply a name for the dial-up connection. An icon for the connection is placed in the Network and Dial-Up Connections dialog box.

When the user double-clicks the connection icon in the Network and Dial-Up Connections dialog box, the Connect dialog box opens. All the user has to do is supply the correct password and then click Dial. The phone number of the RAS server will be dialed and a connection will be made to the server.

Once clients are connected to the RAS server, they can access the company network and its servers and printers. The network resources that clients can access will be determined by the privileges or rights that have been assigned to the users (just like any other users on the network, including those who log on to the network from computers that are on the LAN).

Absolute Beginner's Guide to Networking
Absolute Beginners Guide to Networking (4th Edition)
ISBN: 0789729113
EAN: 2147483647
Year: 2002
Pages: 188
Authors: Joe Habraken

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net