Remote access enables a client computer to connect to a remote computer or network and access the resources of the remote computer or network as if they were local. For example, users who are frequently on the road can access the company file server(s), printers, mail system, and other resources from remote locations. Clients also can use remote access services to connect to public networks such as the Internet. Figure 18-1 illustrates one implementation of remote access.
In This Chapter
Windows Server 2003 Remote Access Services (RAS)
RAS connection types and protocols
Configuring a router
Configuring a VPN server
Using Multilink and BAP
Applying a remote access policy
Examining security issues
Configuring dial-up networking connections
Using Internet Connection Firewall
Troubleshooting RAS installations
Connecting to the
The Routing and Remote Access Service in Windows Server 2003 provides three primary functions:
♦ Dial-up client. You can use RRAS to create and establish dial-up connections to remote networks, including the Internet, through a variety of media such as a modem, ISDN, infrared, parallel ports, serial connection, X.25, and ATM. Windows Server 2003 dial-up clients support a wide range of authentication protocols and other connectivity options, which are discussed in depth later in this chapter. Support for tunneling protocols enables clients to establish secure connections to remote networks through public networks such as the Internet.
♦ Dial-up server. A Windows Server 2003 can function as a dial-up server, enabling remote clients to connect to the local server, and optionally to the local network, through the same types of media support for dial-out connections. You can also use RRAS to support Terminal Services client sessions because RRAS issues an IP address to the connecting clients and binds the necessary protocols to the RAS connection.
Windows Server 2003 supports several authentication protocols and can authenticate users against local or domain user accounts, or it can use Remote Authentication Dial-In User Service (RADIUS), an industry standard authentication mechanism. Once connected, a remote user can browse, print, map drives, and perform essentially all other functions possible from either the local server or local area network.
♦ Routing services. The routing components of RRAS enable Windows Server 2003 to function as a unicast and multicast router. Windows Server 2003 provides for routing, packet filtering, connection sharing, demand-dial routing, and several other features that make it a good choice for LAN and WAN routing. Windows Server 2003 also adds limited firewall capability.
Although Windows Server 2003 RRAS integrates dial-up networking and routing into a single service, they are treated as separate issues in this book because of the different focus for each.
One of the key benefits of Windows Server 2003 RRAS is its integration with the Windows Server 2003 operating system. On the client side, integration means that once a remote connection is established, the client can access resources on the server transparently as if they were local resources. The client can map remote shares to local drive letters, map and print to remote printers, and so on. Except in very rare circumstances, applications can use remote resources seamlessly without modification to make them RAS- or network-aware.
On the server side, integration means that Windows Server 2003 can use a single authentication mechanism to authenticate users both locally and from remote locations. RRAS can authenticate against the local computer's user accounts or accounts in the domain, or it can use an external authentication mechanism such as RADIUS. Through its support for RADIUS, Windows Server 2003 RRAS enables a Windows Server 2003 to function as a gateway of sorts to the network while offloading authentication to another server, which could be any RADIUS platform, including a Unix server.
Note Remote Authentication Dial-In User Service (RADIUS) is a standard, cross-platform protocol for authentication commonly used for dial-in authentication.
Windows Server 2003 RRAS also provides close integration with Active Directory (AD). This AD integration provides users with the replication of remote access settings, including access permissions, callback options, and security policies, among others. AD integration also means simplified administration with other AD-related services and properties.
As you learn later in the section "RAS Connection Types and Protocols," Windows Server 2003 RRAS supports a wide range of connection protocols, including Point-to-Point Protocol (PPP), Serial Line Internet Protocol (SLIP), and Microsoft RAS Protocol. Windows Server 2003 RRAS supports multiple authentication methods, including Microsoft Challenge Handshake Authentication Protocol (MS-CHAP), Extensible Authentication Protocol (EAP), Challenge Handshake Authentication Protocol (CHAP), Shiva Password Authentication Protocol (SPAP), and Password Authentication Protocol (PAP). Network protocols supported include TCP/IP, IPX/SPX, and AppleTalk to support Microsoft, Unix, NetWare, and Macintosh resources and clients.
Was this article helpful?