Escolar Documentos
Profissional Documentos
Cultura Documentos
Objectives
Describe remote access
Install and configure the Remote Access server role
Configure the DirectAccess role service
VPN Requirements
Your server and network must meet requirements
for the type of VPN you want to set up:
10
VPN Configuration
If the VPN server is a domain member, its
computer account must be added to the RAS and
IAS Servers group in Active Directory
Next, click the server icon and click Configure and
Enable Routing and Remote Access
The Configuration window will give you options for
the type of remote access server you want to
configure:
For a standard VPN server, select the Remote
access (dial-up or VPN) option
MCSA Guide to Administering Microsoft Windows Server
2012/R2, Exam 70-411
11
VPN Configuration
12
VPN Configuration
In the VPN Connection window:
You can rename network connections
The Enable security on the selected interface by
setting up static packet filters option is enabled by
default
Prevents the interface connected to the Internet from
accepting any traffic that isnt part of a VPN
connection
13
VPN Configuration
14
VPN Configuration
Next, you decide how clients are authenticated to
the VPN server and whether you want to use
RADIUS to handle authentication
See Figure 5-5 on the following slide
15
VPN Configuration
16
17
18
Figure 5-6 Configuring the Network Access Permission attribute for a user account
MCSA Guide to Administering Microsoft Windows Server
2012/R2, Exam 70-411
19
20
21
22
23
24
25
Configure Routing
Using RRAS, a Windows server can be configured
as a router to connect multiple subnets in a
network or connect a network to the Internet
Windows Server 2012/R2 supports static routing
and dynamic routing with Routing Information
Protocol Version 2 (RIPv2)
To configure a server as a router, select the
Custom configuration option in the Configuration
window of the RRAS Setup Wizard
Then select the LAN routing option
MCSA Guide to Administering Microsoft Windows Server
2012/R2, Exam 70-411
26
Configure Routing
27
Routing Tables
Routing table - a list of network destinations and
information on which interface can be used to
reach the destination
A routing table has the following columns:
Destination
Network mask
Gateway
Interface
Metric
Protocol
28
Interface
Destination
Network mask
Gateway
Metric
29
30
31
32
33
34
35
36
DirectAccess Requirements
DirectAccess requirements in Windows Server
2012/R2:
Two NICs, as for a VPN server
The server must be a domain member
A public IP address
37
38
39
40
41
Setting up a PKI
Configuring NLS on a separate Web server
Configuring the name resolution policy table (NRPT)
Configuring forced tunneling
Configuring ISATAP
42
Setting Up a PKI
Basic steps to follow:
1. On a server separate from the DirectAccess
server, install AD Certificate Services configured as
an Enterprise Certificate Authority
2. Issue an SSL certificate to the NLS server, set up
on a server separate from the DirectAccess server
3. Issue machine certificates to the DirectAccess
server and each DirectAccess client computer
It is best to configure auto-enrollment so that each
client computer can automatically request and be
issued a machine certificate
MCSA Guide to Administering Microsoft Windows Server
2012/R2, Exam 70-411
43
44
45
46
47
Configuring ISATAP
ISATAP allows computers on the network to access
DirectAccess clients that are connected via the
Internet
Two ways to enable it on the network:
Enable ISATAP for all computers on the network
Enable ISATAP for only certain computers
48
Summary
Remote Access is a server role that provides services
to keep a mobile workforce and branch offices
securely connected to the main office
When you install the Remote Access server role, you
can install three role services: DirectAccess and VPN,
Routing, and Web Application Proxy
A VPN is a network connection that uses the Internet
to give users or branch offices secure access to a
companys network resources on a private network
Windows Server 2012/R2 supports three tunnel types:
PPTP, L2TP/IPsec, and SSTP
MCSA Guide to Administering Microsoft Windows Server 2012/R2,
Exam 70-411
49
Summary
Remote dial-in uses the telephone system to connect a
computer with a remote network
The default settings for VPN and dial-up may be
sufficient but you might need to support different OSs
and different VPN clients over different tunneling
methods, which require different security settings
Using RRAS, a Windows server can be configured as a
router to connect multiple subnets in the network or
connect the network to the Internet
Network Address Translation (NAT) is a process
whereby a router replaces the source of destination IP
addresses before forwarding a packet
MCSA Guide to Administering Microsoft Windows Server 2012/R2,
Exam 70-411
50
Summary
Web Application Proxy is a new Routing and Remote
Access role service that allows users to access
applications from any device that supports a Web
browser from outside the network
The DirectAccess role service provides many of the
same features as a VPN but adds client management
and always-connected capability
A basic DirectAccess deployment requires only a
domain controller, a member server to install the
DirectAccess role service, and a client computer
51