11.59 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 11: Introducing WINS, DNS,

11.1 © 2004 Pearson Education, Inc.

Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment

Lesson 11: Introducing WINS, DNS, and RRAS

Routing and Remote Access Service (RRAS) Can be configured on a Windows Server 2003 computer

to create a remote access service (RAS) server that can manage hundreds of concurrent dial-up connections or to receive Virtual Private Network (VPN) connections on the internal network

Can also be configured to provide shared Internet access using Network Address Translation (NAT) or to create a secure connection between two servers on the Internet connecting two LANs

(Skill 5)

Introducing Routing and Remote Access Service (RRAS)




Remote access service (RAS) server A computer running Windows Server 2003 and RRAS Configured specifically to function using a modem or modem

pool Users can dial in from a remote computer that is also configured

with a modem

A Virtual Private Network (VPN) server is a type of remote access server

Introducing Routing and Remote Access Service (RRAS) (2)

(Skill 5)




To establish a dial-up connection, Windows Server 2003 uses either PPP or SLIP WAN protocolsPoint-to-Point Protocol (PPP)

Allows remote clients to access network resourcesProvides error-checking to detect possible problems prior to

data transferSerial Line Internet Protocol (SLIP)

An older remote communications protocol used by UNIX computers

Does not provide securityTransfers data without checking for errors


(Skill 5)




PPP supports many networking and authentication protocols Password Authentication Protocol (PAP)

The least secure authentication protocol Uses plain text passwords for authentication

Shiva Password Authentication Protocol (SPAP) An authentication protocol used to connect to a Shiva server More secure than PAP; less secure than CHAP or MS-CHAP

Challenge Handshake Authentication Protocol (CHAP) Sends a challenge message to the client, the client applies an

algorithm to the message to calculate a hash value (a fixed-length number), and sends the value to the server

The server also calculates a value and compares it to the client’s If the values match, a connection is established


(Skill 5)




MS-CHAP Microsoft’s version of CHAP The challenge message is specifically designed for Windows operating

systems and one-way encryption is used MS-CHAP2

Authenticates both the client and the server A different encryption key is used to transmit and receive data

Extensible Authentication Protocol (EAP) Used to customize your method of remote access authentication for

PPP connections Supports multiple authentication methods

IEEE 802.1X New in Windows Server 2003 is support for IEEE 802.1X Allows wireless and Ethernet LAN connections


(Skill 5)




Figure 11-38 RAS

(Skill 5)




Figure 11-39 Dial-up connections

(Skill 5)




Figure 11-40 SLIP and PPP

(Skill 5)




Figure 11-41 Tunneling

(Skill 5)




Types of dial-up equipment used to establish a connection between a remote network and a remote access clientPOTS (Plain Old Telephone System) ISDN (Integrated Services Digital Network)DSL (Digital Subscriber Line)Cable modem linesFrame relayLeased telecommunication linesModems (asynchronous and synchronous)

Understanding Types of Remote Access Connections

(Skill 6)




Figure 11-49 The Routing and Remote Access console

(Skill 7)




Figure 11-52 The Security tab

(Skill 7)

Click to open the Authentication Methods dialog box to set the authentication protocols




Remote access profile settings Allowed dial-in days and times Connection limits Allowed dial-in media and phone numbers Authentication settings Encryption settings

Creating a Remote Access Policy (3)

(Skill 8)




Figure 11-54 The Dial-in tab in the Properties dialog box for a user

(Skill 8)

Only available in Windows 2000 native mode or Windows 2003 mode domains. When this option is set, the permissions configured in the remote access policy are checked. If they are set to Grant, the profile is applied. If they are set to Deny, the caller is disconnected.




Figure 11-56 The Inbound Filters dialog box

(Skill 8)

Click to open the Add IP Filter dialog box




Figure 11-66 The Encryption tab

(Skill 8)

Allows clients to connect using 40-bit encryption key MPPE or IPSec encryption



Allows clients to connect without using data encryption




Figure 11-68 Creating a VPN

(Skill 9)




Figure 11-69 Creating a VPN server

(Skill 9)




Network Address Translation (NAT) also allows computers on a network to share a single Internet connection, but with greater flexibility

The NAT service translates private IP addresses to public IP addresses and vice versa as they are forwarded from client computers to a server or from the server to client computers

Using NAT, you can determine your own IP address range, making NAT extendable for a larger network that has multiple subnets over a routed network

NAT includes a basic firewall to help protect clients from intrusions from the Internet

You can also configure static packet filters to designate the kinds of traffic you will allow to both enter and leave the internal network

Introducing Network Address Translation (NAT)

(Skill 11)




Figure 11-81 NAT

(Skill 11)

Documents

11.59 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 11: Introducing WINS, DNS,