Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Computer Networks

6420A_11

advertisement 
Module 11: Remote
Access Fundamentals
Module 11: Remote Access Fundamentals
• Remote Access Overview
• RADIUS Overview
• Network Policy Server
• Troubleshooting Remote Access
Lesson 1: Remote Access Overview
• What Is Remote Access?
• Discussion: Characteristics of VPN and Dial-up Connections
• VPN Protocols
• What Is Routing and Remote Access?
What Is Remote Access?
Remote access is access to corporate resources from
outside the corporate network
Remote Access
Server
Corporate
resources
Remote Computer
at Home
Wireless
Access Point
Wireless
Clients
Remote Computer
at Internet Hot
Spot
Discussion: Characteristics of VPN and Dial-up
Connections
What are the characteristics of VPN and Dial-up connections?
VPN Protocols
VPN connections can use various protocols to provide
encryption
VPN Protocol
Point-to-Point
Tunneling Protocol
(PPTP)
Layer 2 Tunneling
Protocol (L2TP)
Secure Socket
Tunneling Protocol
(SSTP)
Description
•Widely supported in clients
•Traverses NAT easily
•Easy to configure
• Uses IPsec to encrypt data
• Increased security over PPTP
• More difficult to configure
• Uses Secure Sockets Layer (SSL) to encrypt
data
• Can pass through proxy servers on port 443
• Easy to configure
What Is Routing and Remote Access?
Routing and Remote Access is a component that allows Windows
Server® 2008 to act as a router and remote access server
Router:
• Typically used on small networks
• Less expensive than hardware-based routers
• Network Address Translation (NAT) for Internet access
Remote Access server:
• VPN server
• Dial-up server
• Demand dial connection to help secure connectivity between two
locations
Lesson 2: RADIUS Overview
• What Is RADIUS?
• How RADIUS Works for Remote Access
• How RADIUS Works for 802.1X Connections
• Discussion: Benefits of RADIUS
• What Is A RADIUS Proxy?
What Is RADIUS?
Remote Authentication Dial In User Service (RADIUS) is a
protocol for controlling authentication, authorization, and
accounting
RADIUS
Client
Directory
Server
Remote
Access
Client
Remote
Access Server
RADIUS
Server
How RADIUS Works for Remote Access
For remote access, RADIUS:
• Enables an ISP to authenticate users against a corporate
directory such as Active Directory® Domain Services
• Enables accounting for all remote access to centralized in a
single location
ISP
Corporate
Office
RADIUS Client
Remote
Access
Client
RADIUS
Server
Domain
Controller
How RADIUS Works for 802.1X Connections
For 802.1X, RADIUS:
• Authenticates network connections
• Can be used for wired or wireless connections
RADIUS Client
Clients
RADIUS
Server
Domain
Controller
Discussion: Benefits of RADIUS
What are the benefits of using RADIUS?
What Is a RADIUS Proxy?
A RADIUS proxy distributes RADIUS requests to the
appropriate RADIUS server
RADIUS
Server
ISP
Company
B
RADIUS Client
Remote
Access
Client
RADIUS
Proxy
RADIUS
Server
Company
A
Lesson 3: Network Policy Server
• What Is Network Policy Server?
• What Is Network Access Protection?
• What Are Connection Request Policies?
• What Are Network Policies?
• Demonstration: Configuring NPS Policies
What Is Network Policy Server?
Network Policy Server is a role service that can function as a:
• RADIUS server
• RADIUS proxy
• Network Access Protection server
Network Policy Server replaces Internet Authentication Service
(IAS) from earlier versions of Microsoft® Windows®
What Is Network Access Protection?
Network Access Protection is a system that:
• Enforces client health before it allows access to the
network
• Does not block intruders or malicious users
• Has various enforcement mechanisms
Enforcement mechanisms include:
• IPsec
• 802.1X
• VPN
• DHCP
• RADIUS
What Are Connection Request Policies?
Are part of the RADIUS proxy functionality in NPS that:
• Determine whether authentication of connection requests is
performed locally or passed to another RADIUS server.
• Contain conditions and settings
• Must be configured for NAP with 802.1X or VPN even when it
is processed locally
Some potential conditions:
• User Name
• Client IPv4 address
• Service Type
• Client Vendor
• Tunnel Type
• Called Station ID
• Day and Time Restrictions
What Are Network Policies?
Network policies control remote access requests, replacing
remote access policies in earlier versions of Windows
Network Policy
component
Conditions
Access permission
Authentication
methods
Description
Determine whether this policy is used to
evaluate a connection request
Determine whether access is allowed,
denied, or determined by user dial-in
properties
Determine the authentication methods that
can be negotiated.
Constraints
Limits on the connection such as idle time or
maximum connection time
Settings
Set characteristics of the connection such as
encryption or IP filters
Demonstration: Configuring NPS Policies
In this demonstration, you will see how to configure:
• A connection request policy
• A network policy
Lesson 4: Troubleshooting Remote Access
• What Is NPS Accounting?
• Common Remote Access Issues
• Process for Troubleshooting Remote Access Issues
What Is NPS Accounting?
NPS Accounting is an administration tool that:
• Is used for logging
• Applies only to locally authenticated connections
• Can be used for connection analysis and billing
• Can be used for security investigation
• Can store data in a file or a Microsoft SQL Server®
Database
Common Remote Access Issues
Some common remote access issues are:
• Client configuration
• Firewall configuration
• Network Policy configuration
Discussion: Process for Troubleshooting Remote
Access Issues
What are some methods used to troubleshoot remote access
issues?
Lab: Implementing Remote Access
• Exercise 1: Implementing a VPN server
• Exercise 2: Implementing a RADIUS server
• Exercise 3: Implementing a RADIUS proxy
Logon information
Virtual machine
NYC-DC1, NYC-RAS
NYC-CL1
User name
Administrator
Password
Pa$$w0rd
Estimated time: 60 minutes
Lab Review
• Does the NPS service role of the Network Policy and
Access Services role have to be installed to create network
policies?
• Why were the policies created during this lab moved to be
evaluated first?
• Why did a network policy have to be created on NYC-DC1
when one already existed on NYC-SRV1?
Module Review and Takeaways
• Review Questions
• Real-world Issues and Scenarios
• Tools
Related documents
Area of circles To calculate the area of a circle, we use the formula
Area of circles To calculate the area of a circle, we use the formula
9.2 - Area of Regular Polygons Day 2
9.2 - Area of Regular Polygons Day 2
Differentiation revision Show that the function is never decreasing
Differentiation revision Show that the function is never decreasing
NOTES: Math 114: Circle Format, Completing the
NOTES: Math 114: Circle Format, Completing the
Chain Rule Application Questions
Chain Rule Application Questions
Constructions.1
Constructions.1
aaaconfig –show output , think thats ok. Have set the Password
aaaconfig –show output , think thats ok. Have set the Password
Download
advertisement