Scribd
Upload
2 views

network access VPN

The document outlines the components and roles of Network Access Services, including VPN servers, DHCP servers, and authentication methods. It details the processes for configuring VPN access, creating network policies, and troubleshooting TCP/IP issues. Various authentication protocols and their security levels are also discussed, along with the integration of DHCP servers for remote client IP configuration.

Uploaded by

pettagsco
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
2 views

network access VPN

The document outlines the components and roles of Network Access Services, including VPN servers, DHCP servers, and authentication methods. It details the processes for configuring VPN access, creating network policies, and troubleshooting TCP/IP issues. Various authentication protocols and their security levels are also discussed, along with the integration of DHCP servers for remote client IP configuration.

Uploaded by

pettagsco
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 15

Components of a Network Access Services

Infrastructure
VPN Server
Active IEEE 802.1X
Directory Devices

Health
Registration
Authority
Internet
NAP Health
DHCP Server
Perimeter Intranet Policy Server
Network

Restricted
Network
Remediation
NAP Client with
Servers
limited access
What Is the Network Policy and Access Services Role?

Component Description

The Microsoft implementation of


Network Policy Server
RADIUS Server and proxy

Provides VPN and dial-up solutions for


Routing and Remote users, deploys full-featured software
Access routers, and shares Internet
connections across the intranet
Health Registration Issues health certificates to clients
Authority when using IPsec NAP enforcement
Host Credential Integrates with Cisco network access
Authorization Protocol control server
Network Authentication and Authorization

Authentication:

• Verifies the credentials of a connection attempt

• Uses an authentication protocol to send the credentials from


the remote access client to the remote access server in
either plain text or encrypted form

Authorization:

• Verifies that the connection attempt is allowed

• Occurs after successful authentication


Types of Authentication Methods
Protocol Description Security Level

Uses plaintext passwords. Typically The least secure authentication


used if the remote access client and protocol. Does not protect against
PAP remote access server cannot replay attacks, remote client
negotiate a more secure form of impersonation, or remote server
validation. impersonation.

An improvement over PAP in that the


A challenge-response authentication password is not sent over the PPP link.
protocol that uses the industry- Requires a plaintext version of the
CHAP
standard MD5 hashing scheme to password to validate the challenge
encrypt the response. response. Does not protect against
remote server impersonation.

An upgrade of MS-CHAP. Two-way


authentication, also known as
mutual authentication, is provided.
MS-CHAPv2 The remote access client receives Provides stronger security than CHAP.
verification that the remote access
server that it is dialing in to has
access to the user’s password.

Allows for arbitrary authentication of


Offers the strongest security by
a remote access connection through
EAP providing the most flexibility in
the use of authentication schemes,
authentication variations.
known as EAP types.
Integrating DHCP Servers with the Routing and
Remote Access Service

You can provide remote clients with IP


configurations by using either:
• A static pool created on the Routing and Remote
Access server for use with remote clients

• The corporate DHCP server located on the


corporate LAN

DHCP servers running Windows Server

• Provide a predefined user class called the


Default Routing and Remote Access Class

• Are useful for assigning options that are provided to


Routing and Remote Access clients only
Lesson 2: Configuring VPN Access
• What Is a VPN Connection?

• Components of a VPN Connection

• Tunneling Protocols for a VPN Connection

• Configuration Requirements

• Demonstration: Configuring VPN Access


What Is a VPN Connection?

Corporate Headquarters
Large Branch Office

Small Branch Office

VPN Server
VPN Server
VPN Server
Medium Branch Office

VPN
Home Office with
VPN Client

VPN Server
Remote User with VPN Client
Components of a VPN Connection

VPN Tunnel Client Operating System


Routing and
Remote Access

VPN Server VPN Client

Virtual Network
Authentication

IP Configuration

Domain Controller

DHCP Server
Tunneling Protocols for a VPN Connection
Encrypted

PPTP:

IP GRE PPP PPP payload


header header trailer (IPv4 packet)

PPP frame
L2TP:
PPP payload
IP UDP L2TP PPP
(IP diagram, IPX datagram,
header header header header
NetBEUI frame)

PPP frame

L2TP frame

UDP message

SSTP:
• Encapsulates PPP frames in IP datagrams, and uses port 443 (TCP)
for tunnel management and PPP data frames
• Encryption is performed by the SSL channel of the HTTPS protocol
Configuration Requirements

VPN server configuration requirements include:

• Two network interfaces (public and private)

• IP Address allocation (static pool or DHCP)

• Authentication provider (NPS/Radius or the


VPN server)

• DHCP relay agent considerations

• Membership in the Local Administrators group


or equivalent
Components of a Dial-Up Connection

Remote Access LAN and Remote Access


Server Protocols

WAN Options:
Telephone, ISDN,
X.25, or ATM Dial-Up Client
Domain
Controller
Authentication

DHCP
Server Address and Name Server Allocation
Lesson 3: Overview of Network Policies
• What Is a Network Policy?

• Process for Creating and Configuring a Network Policy

• How Are Network Policies Processed?


What Is a Network Policy?

A network policy consists of the


following elements:

• Conditions
• Constraints
• Settings
Process for Creating and Configuring a
Network Policy

✓ Determine authorization by user or group

Determine appropriate settings for the user account’s


✓ network access permissions

✓ Configure the New Network Policy Wizard:


• Configure Network Policy conditions
• Configure Network Policy constraints
• Configure Network Policy settings
TCP/IP Troubleshooting Tools

Command Description
Displays current TCP/IP network configuration
values, updates, or releases; DHCP allocated
Ipconfig
leases; and used to display, register, or flush
DNS names
Sends ICMP Echo Request messages to verify
Ping that TCP/IP is configured correctly and that a
TCP/IP host is available
Displays a path of a TCP/IP host and packet
Pathping
losses at each router along the way

Tracert Displays the path of a TCP/IP host

You might also like