11. Remote Access Service (RAS)
RAS and Dial-Up networking use SLIP (Unix servers) or PPP. NT Workstation can have only one RAS connection
whereas Server can have up to 256. Modems, ISDN or X.25 can be used. NT detects
modems automatically, although you can configure them manually from the Modems
program. NT can connect to an X.25 network using a smart card that contains a PAD
or an asynch connection to a PAD via a COM port.
Point to Point Tunnelling Protocol has been developed by Microsoft to allow users to
gain secure access to Virtual Private Networks over the Internet. The connection to the
Internet is first required before a RAS connection can be established to the RAS
server connected to the Internet. The IP encapsulated packets are PPP packets
that can contain IP, NetBEUI or IPX. The client requires a PPTP driver for
direct connection to the Internet unless the client has a connection via an ISP that
supports PPTP.
SLIP only supports TCP/IP and requires a static IP address so DHCP and WINS cannot be used.
It requires scripting for login and passwords are sent as clear text. NT does not
have a SLIP server.
PSTN and ISDN lines can be combined with PPP Multilink. NT 3.1 used RAS but
only supported NetBEUI.
The NT computer can act as a IP/IPX router using SAP and a NetBIOS gateway. The
RAS server can allow users to access just the computer or the entire network using
the RAS Server NetBEUI Configuration. The NetBEUI gateway translates
NetBEUI packets to IP or IPX.
The same user accounts used on the LAN are used by RAS, the user must have a RAS
password. Using auditing on User Manager for Domains you can find out who is
dialling.
The default authentication is encrypted and an Intermediary Security Host can be
added between the Dial-up Networking client and the RAS server. In addition,
call back can be enabled to call a trusted site number. If a RAS server has
a direct connection to the Internet, enabling PPTP filtering disables all
protocols except PPTP on the network card. This is done in Advanced IP
Addressing in the TCP/IP properties box.
The Telephone API (TAPI) allows you to centrally configure a computer for
local dialling parameters. TAPI Service Providers (TSP) are drivers
that control hardware such as a PBX.
Running the Telephony program allows you to access the Dialling Properties
box which you use to configure a dialling location with area code, special code
to dial out, country location, phone system etc.
Installation of RAS occurs through the Dial-up Networking icon in My Computer.
The modem needs to be configured and then in Remote Access Service within
the Networking program servics tab, add a port to make available for RAS and
then configure the RAS settings for the port (COM1, COM2 etc.). The port
can be set for Dial out only, Receive Calls Only or Dial out and
Receive Calls.
Use the protocols tab to set the dial out protocols and encryption (PAP, CHAP
and MS-CHAP). Multilink requires similar hardware to work i.e. NOT one modem
and one ISDN TA.
A RAS server can allow TCP/IP clients to access the entire network or just that computer. It can
also decide whether to use DHCP to assign an IP address or use a Static Address Pool for
the RAS server to assign the IP address or the client can use a predetermined IP address. The same
options are available for IPX addresses.
When the client's Dial-Up Networking is configured you can decide the interval and number
of dial attempts, the appearance and the phone book to be used. Using the User Profiles
tab in System allows you to use the locally-cached user profile instead of a server-based profile
just in case the server is down when a user dials in to log on.
In TCP/IP and NetBEUI autodialling is allowed whereby the network address is mapped to the phonebook
entry.
If a Security log fills up then it stops you logging on and you need to use the Admin log on to correct it.
Event Viewer keeps a log that will eventually fill up the hard disk and overwrite itself. You can reduce this.
RAS problems are entered into the System log so use event Viewer to look at this. PPP problems can be
can be examined by way of the PPP.log file which is activated by setting to 1 the following parameter
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services|Rasman\PPP\Logging.
The Dial-Up Monitor program in Control Panel allows you to show the status of the session in progress.
Multilink capability is lost during callback because only one number is allowed for dial back.
|