Configuring and Troubleshooting Routing and Remote Access

Module Overview

• Configuring VPN Access

• Configuring Network Access
• Overview of Network Policies
• Overview of the Connection Manager Administration Kit
• Troubleshooting Routing and Remote Access

Configuring Network Access

• Components of a Network Access Services Infrastructure

• What Is the Network Policy and Access Services Role?
• What Is Routing and Remote Access?
• Considerations for Configuring and Enabling Routing and Remote Access
• Demonstration: How to Install Routing and Remote Access Services
• Network Authentication and Authorization
• Types of Authentication Methods
• Integrating DHCP Servers with the Routing and Remote Access service

VPN
Server
Active IEEE 802.1X
Directory Devices

Health
Registratio
n Authority
Internet
NAP Health
DHCP Server
Perimeter Intranet Policy Server
Network

Restricted
Network
Remediation
NAP Client with
Servers
limited access
You can install the Routing and Remote Access service role by using Initial
Configuration Tasks or the Server Manager – Roles tool.
Using Initial Configuration Tasks:
1. On the Initial Configuration Tasks page, under Initial Configuration
Tasks, click Add Roles.
2. On the Add Roles Wizard-before you begin page, click next.
3. On the Select Server Roles page, click Network Policy and Access
Services, and then click next.
4. Complete the wizard by selecting the appropriate settings to finish
installing the role.

The process is the same when using Server Manager:

1. Open Administrative Tools from the Start menu, point to Server
Manager, point to Roles, and then click Add Roles.
2. Select the Network Policy and Access Services from the available
roles listed.
3. Complete the wizard to install the role.

After you complete these steps, the Routing and Remote Access service is
installed but is not enabled. You must be a member of the Administrators group
to complete the installation and enable the appropriate access services in the
Routing and Remote Access service console under the Administrative Tools
menu.

Configuring VPN Access

• What Is a VPN Connection?

• Components of a VPN Connection
• Tunneling Protocols for a VPN Connection
• Configuration Requirements
• Demonstration: Configuring VPN Access
• Completing Additional Tasks
• Components of a Dial-up Connection
 Corporate Headquarters
Large Branch Office

Small Branch Office

VPN Server
VPN Server
VPN Server
Medium Branch Office

VPN
Home Office with
VPN Client

VPN Server
Remote User with VPN
Client

Describe how a VPN connection is used to connect remote network clients.

Present the slide while explaining the benefits of using a public network (the
Internet) to tunnel securely into the corporate LAN and gain access to resources.
The main benefits of using a VPN connection, rather than a dial-up connection,
are cost savings and increased bandwidth.
Explain a VPN connection’s properties for each of the following:
• Encapsulation
• Authentication
• Data Encryption
The differences between remote access VPNs and site to site VPNs are
described on the student CD. Use the student CD information (also listed here) to
present this topic.
Remote access VPN
Remote access VPN connections enable users working at home or on the road
to access a server on a private network using the infrastructure that a public
network provides, such as the Internet. From the user’s perspective, the VPN is a
point-to-point connection between the computer (the VPN client) and an
organization’s server. The exact infrastructure of the shared or public network is
irrelevant because it appears logically as if the data is sent over a dedicated
private link.
Site-to-site VPN
Site-to-site VPN connections (also known as router-to-router VPN connections)
enable organizations to have routed connections between separate offices or
with other organizations over a public network while helping to maintain secure
communications. A routed VPN connection across the Internet logically operates
as a dedicated WAN link. When networks connect over the Internet, a router
forwards packets to another router across a VPN connection. To the routers, the
VPN connection operates as a data-link layer link.
A site-to-site VPN connection connects two portions of a private network. The
VPN server provides a routed connection to the network to which the VPN server
is attached. The calling router (the VPN client) authenticates itself to the
answering router (the VPN server), and, for mutual authentication, the answering
router authenticates itself to the calling router. In a site-to site VPN connection,
the packets sent from either router across the VPN connection typically do not
originate at the routers.

Configuring VPN Access

In this demonstration, you will see how to:

• Configure user dial-in settings
• Configure Routing and Remote Access as a VPN server
• Configure a VPN client

Completing Additional Tasks

• Configure static packet filters
• Configure services and ports
• Adjust logging levels for routing protocols
• Configure number of available VPN ports
• Create a Connection Manager profile for users
• Add Certificate Services
• Increase remote access security
• Increase VPN security

Components of a Dial-Up Connection

Remote LAN and Remote

Access Access
Server Protocols

WAN Options:
Telephone,
ISDN, Dial-Up
Domain X.25, or ATM Client
Controlle Authenticatio
r n

DHCP Address and Name Server

Serve Allocation
r
 Describe the multiple components of a dial-up connection.
A dial-up connection comprises several components. These components include
remote access servers, dial-up clients, remote access protocols, and
authentication methods.

Configuring Remote Access Logging

You can configure remote access logging to:
• Log errors only
• Log errors and warnings
• Log all events
• Not log any events
• Log additional routing and remote access information