Dial-Up
Dial-up
by definition is the method used to connect a device to a network using
a modem and a public telephone service. Dial-up access works in the
same exact manner as a telephone connection does. The only true
difference is that the two ends of the connections have computer
devices communicating rather than people. Dial-up access utilizes
normal telephone lines and because of this, the quality of the
connection can suffer. Data rates are also limited. The maximum data
rate with dial-up access for many years was 56Kbph. ISDN provides
faster rates but are still limited compared to cable and DSL.
Dial-up networking using Windows Server 2008 include some of the following components:
Dial-up Networking Servers
You can configure a server running RRAS to provide dial-up networking
access to an entire network, or restrict access to the shared resources
of the remote access server only.
Dial-up Networking Clients
Remote access clients must be running Windows Server 2008, Windows
Server 2003, Windows XP, Windows 2000, Windows NT to have access to the
RRAS.
Remote Access Protocols
Remote access protocols are used to negotiate connections and provide
framing for LAN protocol data that is sent over a wide area network
(WAN) link. RRAS supports LAN protocols such as TCP/IP, which enable
access to the Internet. RRAS supports remote access protocols such as
PPP.
WAN Options
Clients can dial in by using standard telephone lines and a modem or
modem pool. Faster links are possible by using ISDN. You can no longer
connect remote access clients to remote access servers by using X.25 or
ATM with Windows Server 2008.
Security Options Windows
Server 2008 provides logon and domain security, support for security
hosts, data encryption, RADIUS, remote access account lockout, remote
access policies, and callback for secure network access for dial-up
clients.
Remote Access Policy
Remote
access policies are an ordered set of rules that define how connections
are either authorized or rejected. For each rule, there are one or more
conditions, a set of profile settings, and a remote access permission
setting. If a connection is authorized, the remote access policy
profile specifies a set of connection restrictions. The dial-in
properties of the user account also provide a set of restrictions.
Where applicable, user account connection restrictions override the
remote access policy profile connection restrictions.
For
servers running the RRAS that are configured for the Windows
authentication provider, remote access policies are administered from
RRAS and apply only to the connections of the RRAS server. Centralized
management of remote access policies is also used when you have remote
access servers that are running RRAS. Remote access policies validate a
number of connection settings before authorizing the connection,
including the following:
Remote access permission
Group membership
Type of connection
Time of day
Authentication methods
Advanced conditions such as access server identity, access client phone number, or Media Access Control (MAC) address
Whether user account dial-in properties are ignored
Whether unauthenticated access is allowed
After
the connection is authorized, remote access policies can also be used
to specify connection restrictions, including the following:
Idle timeout time
Maximum session time
Encryption strength
IP packet filters
Advanced restrictions:
Additionally, you can vary connection restrictions based on the following settings:
Group membership
Type of connection
Time of day
Authentication methods
Identity of the access server
Access client phone number or MAC address
Whether unauthenticated access is allowed
For
example, you can have policies that specify different maximum session
times for different types of connections or groups. Additionally, you
can also specify restricted access for business partners or
unauthenticated connections. All of this can be configured using the
RRAS panel on the client computer, as shown in Figure 11.5. This is accessible as follows:
1. | Open Server Manager and expand the Roles tab.
|
2. | Expand the Network Policy and Access Service tab, as seen in Figure 4.
|
3. | Expand the Routing and Remote Access panel and right click for Properties.
|
This will allow you to set up configurations for your remote access policies.
Network Address Translation (NAT)
Windows
Server 2008 provides network address translation (NAT) functionality as
part of the RRAS. NAT provides a method for translating the IPv4
addresses of computers on one network into IPv4 addresses of computers
on a different network. A NAT-enabled IP router works as a translation
service when deployed at the boundary where a private network meets a
public network. This allows computers on the private network to access
computers on the public network.
The
whole reasoning behind the development of NAT technology was as a place
holder solution for a greater issue that administrators faced. This
problem was IPv4 address-depletion that plagued the Internet community.
Due to a huge and continuing rise in computer usage, the number of
available globally unique (public) IPv4 addresses was far too small to
accommodate the need to access to the Internet. A long-term solution
for the problem was well under way in the development of Internet
Protocol version 6 (IPv6) addresses, which are supported by Windows
Server 2008. Unfortunately, IPv6 is not yet widely adopted and would
require extensive reconfiguring to deploy large scale in most
organizations. The technology has been in use for more than a decade,
but the practical deployment still remains an issue. This is why NAT is
still in use, because it allows computers on any network to use
reusable private addresses to connect to computers with globally unique
public addresses on the Internet.
Small-
to medium-sized organizations with private networks to access resources
on the Internet or other public networks, use NAT for this reasoning.
They configure reusable private IPv4 addresses while the computers on
the public servers are set up with globally unique IPv4 addresses. The
most useful deployment of NAT is in a small office or home office
(SOHO) or a medium-sized business that uses RRAS. NAT technology
enables computers on the internal corporate network to connect to
resources on the Internet without having to deploy a proxy server.
NAT
is a good solution for situations where ICS is not an option, such as
when using a VPN or when the clients are using static IP addresses. A
real benefit of NAT becomes apparent when dealing with Administration
duties. For example, NAT makes it fairly simple to move your Web server
or File Transfer Protocol (FTP) server to another host computer without
having to worry about broken links. If you merely change the inbound
mapping at the router, you can set it to reflect the new host. The same
holds true of changes to your internal network. This is because the
only external IP addresses either belong to the router or come from a
pool of global addresses.
Now that you understand how NAT works, let’s look at how to enable and configure NAT:
1. | In the left pane of the Server Manager, expand the Routing and Remote Access node, as shown in Figure 5.
| 2. | Expand the IPv4 node.
| 3. | Click on the NAT node.
| 4. | In the NAT
node, right click on the external network server that you wish to
enable NAT for on the middle pane of the console. For example, the
external interface could be Local Area Connection.
| 5. | Click Properties and select NAT and click OK, as shown in Figure 5.
|
|