TCP/IP Networking and Remote Access

1
TCP/IP Networking and Remote Access

• Lecture 9
• Hassan Shuja
• 11/23/2004

2
TCP/IP Networking and Remote Access

• TCP/IP
• TCP/IP protocol is used on the Internet
• TCP/IP is supported by Windows OS, UNIX, NetWare,
  Macintosh, MS-DOS, and etc...
• IP Addressing
• 32-bit binary number broken up in four 8-bit
  sections
• Subnet Mask determines the size of the Network ID
  and the Host ID
• Default Gateway specifies the IP address of the
  device that needs to be used if there is a need
  to communicate outside of the subnet
• ipconfig /all , nslookup, ping, and
  traceroute are good utilities to troubleshoot
  TCP/IP issues

3
TCP/IP Networking and Remote Access

• Dynamic Host Configuration Protocol (DHCP)
• A DHCP server assigns IP addresses to clients on
  the network automatically
• IP address is leased to the client for a specific
  amount of time
• DNS servers are automatically assigned at this
  time
• DHCP is a service and must be started and only
  available on all three Server mode flavors of W2K
• DHCP allows you to manage IP addresses centrally
  and prevent duplicate IP addresses
• DHCP also allows for regain of IP addresses if
  they are no longer being used
• Authorization in AD is needed of the DHCP server
  before it can begin to work
• Prevents non-authorized W2K servers from coming
  onto the network and giving out wrong IP
  addresses

4
TCP/IP Networking and Remote Access

• DHCP (cont.)
• DHCP Server will register non-W2K machines with
  the DNS server
• A Scope must be set that determines the range of
  IP addresses that a DHCP server can assign
• By default no scope exists
• Addresses can be excluded from scope
• In addition to a regular DHCP scope, there are
  two other types
• Super Scope A range of IP addresses that spans
  several subnets
• Multicast Scope Assigns Class D addresses to
  clients
• IP Address reservation allows for specific
  addresses to be only assigned to specific NIC
  cards
• Understand process for obtaining DHCP address
• Discussed in Class

5
TCP/IP Networking and Remote Access

• Routing
• Routing and Remote Access service needs to be
  enabled for routing to work
• All 3 flavors of Windows 2000 Server are capable
  of becoming routers on the network
• The server that becomes a router needs to have
  two different methods of communication
• Either a second NIC card or a modem, ISDN
  adapter, and etc..
• Static routes can be added for networks behind an
  interface to build the routing table
• Dynamic routing uses a routing protocol to build
  the routing table
• Additional software is needed for dynamic routing
• RIP, OSPF, and IGMP are the different dynamic
  protocols that can be used

6
TCP/IP Networking and Remote Access

• NAT and PAT
• Network Address Translation (NAT) is the
  translation of many IP addresses from one range
  to another
• Port Address Translation (PAT) is the translation
  of many IP addresses to one single address
• Routing has to be enabled for a Server to be
  configured with NAT or PAT
• NAT is configured on a routing interface

7
TCP/IP Networking and Remote Access

• Remote Access
• Remote Access is a very important aspect of a
  network these days because of such a mobile
  workforce
• Routing and Remote Access service needs to be
  enabled for remote access to work
• This service is only available on the 3 flavors
  of W2K Server
• Several connection protocols are available for
  remote access connection
• PPP - Point-to-Point Protocol support multiple
  transport protocols
• PPMP Point-to-Point Multilink Protocol is and
  extension of PPP and combines the bandwidth from
  multiple physical connections
• PPTP Point-to-Point permits a Virtual Private
  Network (VPN) connection between two networks
• L2TP Layer Two Tunneling Protocol is similar to
  PPTP. The difference is PPTP uses Microsoft
  encryption and L2TP uses IPSec encryption
• Microsoft RAS Used for legacy client computers
  such as MS-DOS or Windows 3.1. NetBEUI is the
  only transport protocol that is allowed

8
TCP/IP Networking and Remote Access

• Remote Access
• Authentication can be done through Active
  directory or a Radius Server
• DHCP can be used to assign IP addresses to remote
  clients
• Remote Access Server (RAS) can be set to allow
  IPX, NetBEUI, and AppleTalk from the client
• Remote Access policies can be set to enhance
  security and has three components
• Conditions Predefined attributes that must be
  matched by the client. Common conditions are day
  and time of connection, client phone number, and
  computer name
• Permissions Grants or Denies permission access
  to the RAS
• Profile The profile sets such settings as IP
  address, authentication methods, and encryption
  options
• Encryption can be set to the following settings
• No Encryption
• Basic 56 bit DES L2TP and 40 bit for Microsoft
  Point-to-Point Encryption (MPPE)
• Strong 56 bit DES or 56 bit for MPPE
• Strongest 168 bit 3DES or 128 bit for MPPE