© Abdou Illia, Spring 2006
(Week 15, Friday 4/21/2006)
1

 Introducing RRAS
 Enabling RRAS
 Configuring RRAS
 Monitoring RRAS
 Creating Remote Access Policies
2

Remote Access Server
Remote Access Server
3

Modem
W2K
Server
LAN
NIC NIC
Internet
VPN
ISP
Client PC
Modem
4

 RRAS automatically installed during W2K server installation
 But RRAS is disabled by default
 You must enable RRAS and configure it to:
 Setup a network router
 Setup a RAS server
 Setup a Virtual Private Network (VPN) server
5

1.
2.
3.
4.
5.
6.
7.
8.
Click Start/Programs/Administrative Tools
Click Routing and Remote Access
In the console tree, select the server on which you want to activate RRAS
Click Action/Configure and Enable Routing and Remote
Access to open the RRAS setup wizard
Click Next to open the Common Configurations screen
Click Manually Configured Server to enable the server with default settings
Click Next, then Finish
When asked “Do you want to start the RRAS?”, click
Yes.
6

 When RRAS is manually enabled, the default settings apply.
 You can configure RRAS according to your requirements at a later date.
 To configure RRAS, you use the Properties dialog box (Right-click server, click
Properties)
7

Note: Tabs depend on protocols installed on your server
8

General Used to specify whether server will be configured as a router for LAN only, as a router for a LAN and demand-dial routing, as a RAS, or both a router and a RAS
Security Used to choose one of two types of authentication providers to validate remote access clients
IP
PPP
Used to specify settings for the IP protocols (e.g. method for distributing IP addresses to remote clients.
Used to configure Point-to-Point Protocol to specify whether a remote client can establish multilink connections
Event
Logging
Used to manage and monitor a RRAS server by selecting the type of event to record.
9

1.
2.
3.
4.
5.
6.
7.
Open Routing and Remote Access console if necessary
Right-click RRAS server and click Properties
Notice the default selections in the General tab.
Click the IP tab. Make sure that the Enable IP routing and the
Allow IP-based remote access and demand-dial connections check boxes are selected. Note: if you allow IP routing, dialup clients can access the entire LAN. If you only want to allow dial-up clients to access resources on the RRAS server, clear this check box.
Click the Security tab. Windows Authentication is the default provider and Windows accounting is the accounting provider by default.
Click the Event Logging tab. You should select the Log the maximum amount of information option button and the Enable
Point-to-Point (PPP) logging check box if you want to troubleshoot connection problems.
Click OK to close the Properties dialog box.
10

 In the server Status node in the Routing and
Remote Access console, you can verify:
 the state of the server (started, Stopped, Paused)
 The type of server
 The number of ports in use
 The Up time (length of time server has been running since RRAS server was last started).
 The log files that contains the monitoring data are stored by default in the
%systemroot%\systems32\LogFiles folder,
11

6.
7.
3.
4.
1.
2.
5.
8.
Open Routing and Remote Access console if necessary
Double-click the RRAS server to expand the node. Select
Remote Access Logging.
Right-click Local File in the Details pane and click Properties
On the Settings tab of the Local File Properties dialog box, select Log Accounting Requests to capture accounting requests and responses
Select Log Authentication requests to capture authentication requests such as access-accept packets, and access-reject packets.
Click the Local File tab to specify a time period for the log file.
Click the Monthy option button in the New Log Time Period section
Click OK to close the Local File Properties dialog box.
12
Note: Can use the Net Shell (Netsh) command-line utility to manage and troubleshoot RRAS.

 Remote Access Policies are used to:
 Control what connections attempts will be rejected
 Determine which users can access the network and to prevent unauthorized access.
 Determine connection time, etc.
 Three components in Remote Access Policy:
 Conditions, Permissions, and Profile.
 Remote Access Policies are usually stored locally on the RRAS server. They are not stored in Active Directory.
13

3.
4.
5.
6.
7.
2.
1.
Open Routing and Remote Access console if necessary
Double-click the RRAS server to expand the node, if necessary, and select the Remote Access policies node.
Notice that there is a default policy named Allow access if dial-in permission is enabled.
Click Action/New Remote Access Policy to open the Add
Remote Access Policy wizard.
Type Srvdcxx Remote Access Policy in the Policy Friendly name text box.
Click Next to open the Conditions screen. Click Add… to open the Select Attribute dialog box.
Select Day-and-Time restrictions in the name column and click Add… to open the Time of day constraints dialog box.
Restrict access to the RRAS to M-F from 9AM to 6PM.
14

8.
9.
10.
11.
12.
13.
14.
15.
Click OK
Click Add… to reopen the Select Attribute dialog box.
Double-click Windows-Groups to open the Groups dialog box.
Click Add... To open the Select Groups dialog box. Select
Domain Users group of your domain and click Add…
Click OK to close the Select Groups dialog box. Click OK to close the Groups dialog box.
Click Next to open the Permissions screen.
Select the Grant remote access permission option button.
Click Next to open the User profile screen.
Click Finish because we will not create the profile in this exercise.
Note: Can use the Net Shell (Netsh) command-line utility to manage and troubleshoot RRAS.
15