Terminal Services  «Prev  Next»

Lesson 1

Routing Remote Access Services (Intro)

In the last module, you learned about some of the new protocols available in the Windows 2000 Routing and Remote Access Service server. You also learned how you can use a Windows 2000 RRAS server to create a secure private connection over public and private networks by taking advantage of either PPTP or L2TP/IPSec to secure the connection. In this module, we will delve into the configuration specifics of the RRAS server to enable outbound and inbound connections. Keep in mind that when the RRAS server makes an outbound connection it actually becomes an RAS client, and when it receives inbound connections it becomes an RAS server.
We will cover how to create a VPN connection, including the process an administrator must complete in order to enable a VPN connection. We will also explore how you can use a direct cable connection to network two PCs via a serial port. Of course, serial ports are the currency of modems, so we will talk about how to setup and configure your modem connections as well.

Configuration specifics of the RRAS server Windows Server 2022

Here's a breakdown of the configuration specifics you'll need to address on your RRAS (Routing and Remote Access Services) server in Windows Server 2022 for outbound and inbound connections: Inbound Connections (Remote Access)
  1. Server Role Installation: --> Use Server Manager or PowerShell to install the "Remote Access" role. Choose the "DirectAccess and VPN (RAS)" option within the role setup.
  2. VPN Configuration:
    • Open the Routing and Remote Access management console.
    • Right-click on your server and select "Configure and Enable Routing and Remote Access".
    • Choose either:
      • Custom Configuration: For advanced setups.
      • VPN Access: For simple VPN-only scenarios.
    • Follow the wizard, select VPN access.
    • Choose the network interface connected to the internet.
    • Specify the IP address range to assign to VPN clients.
  3. Firewall:
    • Open Windows Firewall with Advanced Security.
    • Inbound Rules:
      • Enable the rules that start with "Routing and Remote Access". These might include rules for PPTP (port 1723) or L2TP (ports 1701, 500).
      • You may need to create additional rules if using other VPN protocols (SSTP, IKEv2).
Outbound Connections (NAT)
  1. NAT Configuration:
    • In the Routing and Remote Access console, right-click your server and go to "Properties".
    • Select the "IPv4" tab. --> Enable NAT on this interface: Select the internet-facing network interface. \
    • This automatically creates the basic NAT configuration.
  2. Firewall: Outbound Rules: No explicit rules are needed for basic NAT, but make sure no rules are blocking outbound traffic relevant to your network setup.

Additional Considerations:
  • Authentication: Choose appropriate authentication methods (e.g., username/password, certificates) in RRAS server properties and create user accounts.
  • Routing: If you need to access internal resources on other networks behind the RRAS server, ensure proper routes are configured.
  • DHCP: If assigning IP addresses to VPN clients dynamically, you might need a DHCP server on your network.

Important Notes
  • The exact firewall port requirements will depend on the specific VPN protocols you choose.
  • For complex scenarios, you might need to customize the NAT configuration in depth.

  • Always use strong passwords or certificate-based authentication.
  • Regularly audit firewall rules to ensure only necessary traffic is allowed.
  • Keep your server and networking software updated with the latest security patches.

By the end of this module, you should be able to:
  1. Create and configure a dial-up connection
  2. Create a connection to a VPN
  3. Create a direct cable connection to another computer
  4. Define and configure an Internet connection server
  5. Configure a VPN port
  6. Configure a modem and cable port

The next lesson demonstrates how to create a dial-up connection.

SEMrush Software1