2008 and Vista – Setting Up NAT and VPN Server – Part 2

and the speak remote access works is a very full-featured service I’m not only can you do not in VPN and dial-up servers it offices as a full-blown router the router etiquettes will open up some of the bits and pieces now and take a quick look at them what we’re interested in is on our IP version 4 but I approximate let’s start out here network interfaces here’s my private on my public interfaces and I can see where then there which one’s connected let me kind of scroll this over a little bit and I’m going to go down here to ports and you can see the boards that you can connect on her here’s SSTP ports and every each one of these has the capability to host a tie-in and then that we will become active when someone dials in over that port so in this case here’s my secure socket tunneling etiquette let’s go down scroll down here and we’ll witnes some pptp here’s my point-to-point tunneling protocol for older machines and then here are some more sockets waiting for ties-in stratum two tunneling etiquette l2tp so it depends on which type of connection I would adopt with my patient now I can see here that I have not yet been remote access buyers connected more so let’s keep moving on down if I had configured a remote access program I’m going to go ahead and do this will propel NPS and I’ll show you what what I’m talking about when we you know talk about a remote access policy what a moment to add the snapping now there’s two ways to do this I’ll do both exclusively one highway is required but i’ll do both precisely to show you there are default or remote access policies and we could always create a brand-new one if i wanted to create a brand-new one I could right sounds and say new and I could pay it a new program specify and we’ll call it policy it will try to be a little more explanatory their new remote access plan I guess we’re done to rat plan of it do you have a rat plan okay and then we could include in such cases different users and groups that will be governed by that we got the main users okay a little bit less a little bit too much power there alright demain users and let’s go ahead we can choose by default whether access will be granted or denied we can apply multiple policies I’ll just go with the defaults we could mount the time people can dial in when they’re allowed to tell em when they’re not allowed to dial in and this in this case this would be my brand-new hip-hop plan now i’m going to delete that i’m going to use a default policy that’s in place and i want to show you something what you want to do is by default it’s to be more secure it set to deny access but i’m going to set it to grant access in this case and i’ll click ok and you are eligible to have various plans applied in the last policy referred as you know provides the end result here i want to go and enable this and I want to say grant access and that’ll be enough because by default customer details and Active Directory are configured to control access through a remote access policy so our network policies now but just to show you the other way of doing things let’s go to Active Directory users and computers and and active victory consumers and computers let me go to find my head chronicle here’s what we’ll use to connect here if I go to the dial-in tab notice my alternatives now control access to MPs network policy I can affirm access which would overrule that plan which was denying but is now granting access or if I had not changed that network program I could check allow access and that would allow me access to dial in to my VPN server let’s just look at a few more things I’m going to go down and click on or adopt the IP version 4 node here in my management console precisely look at some of the options now under general I could add new interfaces if I had added a you know a new nic placard and my multi residence machine i have been able to lend routing etiquettes dynamic routing etiquettes for routing i can get a little bit of information let me pull this back here and look at the IP addresses and the incoming and outgoing bites and any kind of filtering that’s going on my interfaces there i can go to static itineraries and if i wanted to add a new static superhighway I could and actually said static route entry to my routing table I can also show my IP routing table equivalent to a demonstrate IP route command from the command prompt and check where my traffic’s going I can configure a DHCP relay agent now if I did this remember a DHCP relay agent allows you to send dhcp broadcast traffic which is normally characterized you know to a subnet and does not reverse a router it would allow you to send that to another subnet now the exception is if your router is RFC 1542 compliant it will allow data sea people discover broadcast to go from one subnet to another but in this instance know so we could set up a DHCP relay agent and in that case we could configure either one of the following options boundaries with the static IP and it would listen like say if i wanted to configure this interface it would listen for a dhcp discover programmes and the hop tally threshold in this case by default is set to four but it would relay those packets and i’ve selected an boundary let me go ahead and now in this case I don’t really wanted to go but I would also want to configure it with the static IP say it was 192 168 100 100 which is it that’s not that is my DHCP server but it’s also this server so in this example it’s sort of useless because I’m relaying dhcp have a request to myself but in other words simply suppose that that’s another IP address of another time CP server on a different subnet well our real negotiator would sit here on this subnet and listen for this dhcp discover broadcast and when it hurt it it would send them to the IP address of the server on another subnet it would have already in its recognition of that particular i’m going to go ahead and get rid of this here because i don’t want a real agent setup I in this case I have a date to the server in a abrupt of it you understand that’s what that would be used for and that behavior that you could have a dhcp server that would serve more than one subnet through those real workers I’m not really agent assistance I’m going a group management protocol now I’m again I could contribute new interfaces or group table and then here’s my network address translation let me go down now and again I can select my boundaries and let me show you here’s where you can gain some access or restraint to the far wall I can choose to enable not on this interface address pull services and ports select what I allow or what I will not allow through um you know incoming and outgoing traffic so there’s a full selection of a filtering that’s capable and a pretty good firewall that’s lay with system address rendition or not when you are installing or configure net okay now that we’ve gone through all these things let’s go ahead and let’s go ahead and make a connection now so we’ll hop on over to our Vista ultimate workstation and consumer

You May Also Like