Enable and configure remote access your windows rras server
Configuring and Troubleshooting Remote Access and Virtual Private Networking • Chapter 9 533
1. Purchase a smartcard and a smartcard reader for your remote computer.You need to be able to write your certificate data to the card for authentication.
2. Enable and configure remote access on your Windows 2000 RRAS server. (We do some exercises on this topic in the next sections of the chapter.)
This is a very high-level process. If you determine you need to utilize smartcard authentication with your Windows 2000 RRAS server, refer to the Microsoft Windows 2000 documentation for specific instructions.This discussion is included here to pro-vide an understanding of the complexity of utilizing smartcards for remote access authentication with the EAP TLS protocol.
Now let’s take a look at actually configuring a Windows 2000 RAS for dial-in access.
| www.syngress.com |
|---|
OBJECTIVE 4.4 |
|---|
| Head of the Class… |
|---|
Why would you want to deploy an RAS server in 2003? Everyone is doing it with VPN these days, right? Wrong.Although there is a huge demand for VPN capabilities, there is still a large requirement for the older dial-in technology. RAS servers are used in many businesses for providing inexpensive access to the network, by companies that don’t have Internet connections (although this list is growing smaller and smaller), in places where the overhead associated with supporting a VPN solution is not practical and in many cases as a backup access method in case there is an issue with the primary VPN service. It has been said by many industry insiders that the RAS server is dead, but it will be quite some time before you see it go the way of the card punch. RAS servers are a proven technology that is relatively inexpensive, highly reliable, and, with the Windows 2000 RRAS, very easy to configure. In fact, let’s take a look at setting up a RAS server using the Windows 2000 RRAS.
www.syngress.com
EXERCISE 9.01
CONFIGURING THE ROUTING AND REMOTE ACCESS SERVICE FOR DIAL-IN ACCESS
| 2. |
|---|
Enable Routing and Remote Access from the Action menu (see Figure 9.2).
3. The Routing and Remote Access Server Setup wizard opens (see Figure 9.3). Select Next to continue the configuration process.
| www.syngress.com |
|---|
Figure 9.3 The Routing and Remote Access Server Setup Wizard
Figure 9.4 Common Configurations
| 5. | From the Remote Client Protocols screen (see Figure 9.5), ensure that |
|---|
| www.syngress.com |
|---|
6. If the AppleTalk protocol is one of the protocols listed on your server, as it is in this exercise, the Macintosh Guest Authentication dialog box will be displayed (see Figure 9.6). This step is included in the exercise to remind you that selecting Allow unauthenticated access for all remote clients is a very bad idea unless you have no need for security on your network. You should always force username and password authentication for remote users. Select Next to proceed.
Figure 9.6 Macintosh Guest Authentication
| 7. |
|---|
| www.syngress.com |
|---|
