Course 2277C: Implementing, managing, and maintaining a Microsoft Windows Server 2003 network infrastructure: Network services - Module 10

Chia sẻ: Nothing Nothing | Ngày: | Loại File: PPT | Số trang:46

Thêm vào BST

Báo xấu

72
lượt xem 5
download

Download Vui lòng tải xuống để xem tài liệu đầy đủ

Module 10: Configuring network access. This module provides you with the knowledge and skills to configure a server with the Routing and Remote Access service, create appropriate remote access connections on a network access server, and configure users' access rights.

Chủ đề:

Bình luận(0) Đăng nhập để gửi bình luận!

Lưu

Nội dung Text: Course 2277C: Implementing, managing, and maintaining a Microsoft Windows Server 2003 network infrastructure: Network services - Module 10

Module 10: Configuring Network Access
Overview • Introduction to a Network Access Infrastructure • Configuring VPN Access • Configuring DialUp Access • Configuring Wireless Access • Controlling User Access to a Network • Centralizing Authentication by Using IAS • Protecting Remote Access by Using Network Access Quarantine
Lesson: Introduction to the Network Access Infrastructure • Multimedia: Introduction to the Network Access Infrastructure • Components of a Network Access Infrastructure • Configuration Requirements for a Network Access Server • Types of Network Access Clients • Network Access Authentication and Authorization • Available Methods of Authentication
Multimedia: Introduction to the Network Access Infrastructure The objective of this presentation is to provide a highlevel overview of the network access infrastructure and how network access services work together
Components of a Network Access Infrastructure DHCP Network Access Server Server Domain Controller IAS Server VPN Client Wireless Dial-Up Access Point Client Network access service Network access clients Wireless Authentication service Client Active Directory
Configuration Requirements for a Network Access Server A network access server acts as a gateway to a network for a remote client To configure the network access server, you will need to know: Whether the server will also act as a router Authentication methods and providers Client access requirements IP address assignment PPP configuration options Event logging preferences
Types of Network Access Clients Type of Description Client Connects to a network across a shared or public network Emulates a point-to-point link on a VPN Client private network Creates a physical connection to a port on a remote access server on a private network Dial-Up Uses a modem or ISDN adapter to dial Client in to the remote access server Connects to a network by infrared light Wireless or radio frequency technologies Client Includes many different types of devices
Network Access Authentication and Authorization 2 1 Network Network Domain Access Access Controlle Client Server r 1Authenticat Validates a user’s credentials during a connection attempt ion 2 Verifies that the authenticated user is allowed to access the resource Authorizati on
Available Methods of Authentication Remote and wireless authentication methods include: MS-CHAP v2 CHAP EAP-TLS PAP PEAP SPAP MD-5 MS-CHAP Challenge Recommended authentication method is EAP-TLS used with smart cards
Lesson: Configuring VPN Access • How a VPN Connection Works • Components of a VPN Connection • Encryption Protocols for a VPN Connection • Configuration Requirements for a VPN Server • Practice: Configuring VPN Access
How a VPN Connection Works A VPN extends a private network across shared or public networks, such as the Internet Domain VPN Server Controlle r VPN Client 1VPN client calls the VPN server authenticat VPN server 3and authorizes the clien 2 VPN server answers the call 4 VPN data server transfers
Components of a VPN Connection VPN Tunnel Tunneling VPN Protocols Server Tunneled Data VPN Domain Client Controller Authenticat Transit Network ion DHCP Address and Name Server Server Allocation
Encryption Protocols for a VPN Connection Category Description PPTP Uses PPP user authentication and MPPE Uses PPP user authentication over a L2TP/IPSec connection that is encrypted with IPSec Examples of Remote Access Server Using L2TP/IPSec Remote Remote Access Server Access Server Remote User to Branch Office to Branch Corp Net Office
Configuration Requirements for a VPN Server Before adding a remote access/VPN Identify which network interface connects server: to the Internet and which network interface connects to your private network Identify whether clients receive IP addresses from a DHCP server or the VPN server Identify whether to authenticate by using RADIUS or by using the VPN server
Practice: Configuring VPN Access In this practice, you will: Configure user dial-in settings Configure a VPN server Configure a VPN client
Lesson: Configuring DialUp Access • How DialUp Network Access Works • Components of a DialUp Connection • Authentication Methods for a DialUp Connection • Configuration Requirements for a Remote Access Server
How DialUp Network Access Works Dial-up clients make a temporary connection to a remote access server by using a telecommunications provider Domain Remote Controlle Access r Server Dial-up Client 1 Dial-up client calls the RA server 3RA server authenticates and authorizes the clien 2 RA server answers the call 4 RA server transfers data
Components of a DialUp Connection Remote Access LAN and Remote Access Server Protocols WAN Options: Telephone, ISDN, Domain X.25, or ATM Dial-Up Client Controller Authentication DHCP Server Address and Name Server Allocation
Authentication Methods for a DialUp Connection Authentication methods for dial-up include: CHAP MS-CHAP v2 PAP EAP-TLS SPAP EAP-MD5 MS-CHAP Challenge Mutual Authentication Remote Access Server Remote Access User Strongest method: EAP-TLS with smart cards
Configuration Requirements for a Remote Access Server Before adding a remote access server for Configure dial-up the appropriate hardware access: Identify whether clients receive IP addresses from a DHCP server or the remote access server Identify whether to authenticate connection requests by using RADIUS or by using the remote access server