Windows Server 2003 Managing Routing and Remote Access

  • Print Article |
  • Send to a Friend |
  • |
  • Add to Google |

Managing Routing and Remote Access: Introduction:In this section, we are going to explore RRAS, the Routing and Remote Access Service. RRAS is most commonly used as a remote access service (the RAS part), whether that is dial-up or VPN. What is often overlooked, however, is the routing functionality that Microsoft has included with the service.

Any computer with 2 NICs that is running Windows Server 2003 can be used as a full-featured router, either at the edge of the network or somewhere inside-perhaps serving as the router for a new subnet. In fact, when you think about the remote access side of the service, you can think of that as a router as well. In essence, dial-up users (modem, VPN, ISDN, etc.) are dialing in to a router, which has server functionality.

Getting Ready Questions:
1. How can one computer have more than one IP address?
2. How can you see the routing table?
3. If you want users within your network to be able to use FTP to get files from the Internet, but not allow users from the Internet to use FTP to get files from your network, what would you configure?
4. What authentication protocol would be appropriate for wireless clients?
5. Which account or accounts have Remote Access Permission (Dial-in or VPN) by default?

Getting Ready Answers
1. With multiple NICs, or even with one NIC, multiple IP addresses can be assigned using the Advanced button on TCP/IP properties.
2. Either the Route Print command or using the Routing and Remote Access utility.
3. An inbound filter on Port 21
4. PEAP
5. None

Routing Overview: Now, you are probably familiar with the term router, and may have an idea what a router is, but we are going to start by building a foundation and work up from there. That said, let's start by looking at what a router is and what it does.

A router is defined as an intermediate system that forwards packets between interconnected networks. The router may be a hardware router or a software router.
A hardware router is one whose primary function is routing, typically using a proprietary operating system optimized for that purpose. A hardware router may also include firewall, remote access and/or bridging functionality. A hardware router typically does not use magnetic or optical storage, but rather stores configuration information in non-volatile RAM.

A software router is typically a multipurpose device, such as a server class computer running a network operating system like Windows Server 2003. Windows Server 2003 supports routing with the RRAS, or Routing and Remote Access Service. RRAS is an effective interior router (routing between internal IP networks) for businesses large and small, as well as a very good border router and remote access server. So far, so good, right? But what about the reason you decided to implement a router in the first place? Well, the main reason to implement a router is to subdivide a broadcast domain.

As you may recall, there are a couple of other intermediate systems used in networking-the hub, the bridge and the switch. You can think of a switch as a multiport bridge, since they perform essentially the same function. All of those intermediate systems have something in common-they allow computers to communicate with each other. They have something else in common-broadcast traffic sent from one port will go to all other ports. If you segment a network by placing a router between two switches, then a broadcast packet, such as an ARP request, will only go to all end systems on one switch, instead of both. This results in a greater amount of bandwidth available for data transmission. The end result, then, is a greater efficiency in data transmission when you segment a network using a router, even when the network is fully switched.

Now, you are probably wondering how a router knows where to send a packet, right? A hub is an OSI layer 1 device and just broadcasts to every active port, having no logic to tell it what to do with a packet. A switch is an OSI layer 2 device and uses the MAC address in the same fashion as a bridge does, forwarding packets to the port associated with the destination MAC address.

Routers, on the other hand, are OSI layer 3 devices and use the network information in the packet. Routers compare the destination network address with their routing table to determine where to send the packet. Routers may have static or manually configured routing tables, or they may have dynamically configured routing tables. Dynamic routing tables are populated with a routing protocol, such as RIP or OSPF. RRAS supports a number of routing protocols, which we will cover in detail later.

RRAS Overview: Windows Server 2003 RRAS is always installed, and in fact cannot be removed. In order to use RRAS, you must first enable it. To do this, you can either navigate to the Routing and Remote Access object in Administrative Tools, or you can type rrasmgmt.msc in the run dialogue box. I prefer the keyboard method, but either approach works just fine. Note that you can manage RRAS on all servers from a single console, which need not even be installed on a server!

Now, since you will typically be configuring RRAS on a server with two or more NICs (network interface cards), it is a good idea to rename each interface with a meaningful name before you enable and configure RRAS. Renaming an interface is very easy. Open the Network Connections console and choose an interface. From there you can either use the file menu, the context menu or you can wait a moment after choosing the interface and then click again. However you choose to rename the interfaces is up to you, but it is a very good idea on any computer with two or more interfaces.

you see two LAN interfaces, but a routing interface can be any network interface. This includes, but is not limited to, PSTN, ISDN, xDSL and T-carrier. The key element is that a routing interface is a network connection over which packets are routed.

A common implementation is RRAS as a NAT server connecting to the public Internet. In that scenario, Windows Server 2003 will have one interface connected to the internal network, and some form of Internet connection-often a demand dial interface such as a PSTN modem or an ISDN interface.

Deborah Timmons is a Microsoft Certified Trainer and Microsoft Certified Systems Engineer. She came into the Microsoft technical field after six years in the adaptive technology field, providing technology and training for persons with disabilities. She is the President and co-owner of Integrator Systems Inc.

Article Rating (3 stars):
  • article full star
  • article full star
  • article full star
  • article no star
  • article no star
Rate this Article:
  • Article Word Count: 1054
  • |
  • Total Views: 1113
  • |
  • permalink
  • Print Article |
  • Send to a Friend |
  • |
  • Add to Google |
>