Troubleshoot Routing and Remote Access Routing: Troubleshoot Demand-dial Routing As mentioned before, the dial-up method is the good old stand by. Typically, you will either use POTS (plain old telephone service)/PSTN (public switched telephone service) modem or an ISDN adapter for point-to-point dial-up connections. This is the same method you use if you connect to the Internet using a modem and, depending on the DSL service, can be the method used there as well.
From a hardware standpoint, the requirements on the client and server side are identical. To make an ISDN connection, both ends must have an ISDN adapter and ISDN service. For POTS, you need standard analog modems and a live phone line to plug into.
The password and data encryption requirements are typically non-existent, though you can encrypt both. It usually isn't done, however, both because of the connect speeds and because of the fairly robust native security-that security being native when the network access server performs the authentication. The process of making a connection is pretty basic. The client initiates the connection, the server answers if possible, the server then authenticates and authorizes the client and the client has access either to the server or the entire network depending on configuration.
Troubleshoot Router-to-Router VPNs: Starting way back in the Windows 95 days, it became possible to make a virtual private connection to a remote network over the public Internet. This opened up the potential for telecommuters and remote workers, both of which save companies a considerable amount of money in terms of required office space.
Before we get into the support requirements, let's take a look at how a VPN connection works. First, the client and server need a connection to the Internet. That connection can be temporary such as a dial-up Internet connection on the client side, or it can be a more permanent connection such as DSL or cable ‘modem.' I put modem in quotes because a modem is a device used to convert the digital signal from a computer into analog. ISDN, xDSL and cable systems that provide high-speed Internet access are all digital systems, so those devices cannot technically be called modems-no analog to convert to. You will find, however, that the DSL and cable interfaces are called modems, and often ISDN adapters are referred to as modems too.
Once a connection to the Internet is established, the client makes a new dial-up type connection over that existing connection to the VPN server. Instead of a phone number, though, either a host name or IP address is used. Using a host name allows for load balancing or round robin, which can be useful in higher volume environments.So far, we have covered the client, server, the Internet (or other Transit Connection) and the VPN connection, or tunnel. It is important to understand that what is happening with a VPN connection. A tunnel is made inside which the data is transmitted. Another way to think of it is that the data is encapsulated.
In addition to the elements listed above, there is the tunneling protocol. As with any network communication method, a common protocol must be used so that both ends can communicate. With Windows Server 2003, you have two options-PPTP or L2TP. While L2TP was developed out of PPTP, you cannot use one to connect with the other.
As with any other remote access method, there are the elements of authorization and authentication. Once the authentication and authorization phases have been passed, data can flow over the existing VPN tunnel.
The most common use for a VPN connection is and has been remote user access to the network. Recently, however, companies have been turning to VPN to establish the data links between offices. The reason for this is primarily cost, since a dedicated line between offices at the same data rate is usually far more expensive than using the existing Internet connection in a slightly different way.
Care should be taken when using VPN to ensure that the ISP supports the use of the preferred tunneling protocol. I have had issues in the past where PPTP was not supported over a given vendor because they were using one of the protocol/port combinations used by a particular VPN implementation. As a result we were forced to roll back to a previous version.
Implementing and Supporting the Wireless Access Method: Well, it took us a while, but we have now caught up with current technology-and what is likely the future of network access. Wireless access has been around for quite some time, but has only recently become standardized enough and fast enough for general uses. What has been around for quite some time is infrared, but it never really caught on beyond providing peripheral device access for laptop/notebook type computers. A few years ago, an emerging system called BlueTooth came on the scene, and you could say that with that the future of radio frequency-based wireless had come of age. Since then, we have been through a number of standards, the end result, at the time of this writing, being the 802.11 protocol set.
One challenge with the current wireless access methods is the lack of inherent security, but Microsoft and others are addressing that with a layer between the access method itself and the data transmission. Windows XP and Windows Server 2003 have built-in extensive support for the 802.11 protocol set. There are a number of protocols associated with what has come to be known as WiFi (for Wireless Fidelity). 802.11 is the overall family. 802.11b was the first standard ratified, and provides data rates up to 11Mbps-as long as you are the only wireless device on that particular WAP. 802.11a came later, but offers a data rate up to 54Mbps. 802.11g is fairly new on the scene, and was intended as a replacement for both A and B. Its data rate is the same as A, though its range is less. It can, however, connect with either the 802.11a or 802.11b system.
One significant advantage to implementing a wireless network is speed of implementation-another is portability. While a traditional LAN requires you to pull cable, and potentially lots of it, a WLAN or Wireless LAN only requires a WAP or Wireless Access Point as a service concentrator. In addition to the WiFi family, there is the 802.1x protocol. Primarily used for WLANs, it can also be used for traditional wired LANs. One key advantage to implementing 802.1x is that authentication occurs before access is granted. On the flip side, it requires a larger investment, both in terms of hardware and infrastructure. 802.1x can use either certificate-based or password-based authentication methods. There are a number of authentication protocols you can use with 802.1x, falling into two main families.
EAP-MS-CHAP v2 PEAP-MS-CHAP v2
EAP-MS-CHAP v2 can be used with passwords, while the other methods are certificate based. With PEAP-MS-CHAP v2, certificates are required on the network access server, while PEAP-TLS needs certificates on both the network access server and on the client.
[Tip] Microsoft has a number of whitepapers on their Web site that will enhance your results both on the certification exam and in job performance. For wireless, see "Microsoft Wireless LAN Deployment and Best Practices." A good place to start when searching for whitepapers and other technical documentation is www.microsoft.com/TechNet. So far, we have looked at a number of authentication protocols that can be used with RRAS. Next we are going to explore Remote Access Policies and then the Internet Authentication Service.
Deborah Timmons is a Microsoft Certified Trainer and Microsoft Certified Systems Engineer. She came into the Microsoft technical field after six years in the adaptive technology field, providing technology and training for persons with disabilities. She is the President and co-owner of Integrator Systems Inc.
- Article Word Count: 1233
- Total Views: 904