43
Remote Access Service HCL CDC Etawah

remote accessB service-

Embed Size (px)

DESCRIPTION

ECE

Citation preview

Remote Access Service

Remote Access Service HCL CDC Etawah1. What is Remote Access Service (RAS) and its Types ?2. RAS Client Supported Connection Type 3. RAS Supporting Clients4. Required RAS Server components5. RAS Client supported Connection, Transport Authentication, VPN, and Bandwidth ProtocolsContents for Remote Access Service:6. Working with RASWith a remote access connection, employees can access the corporate remote access server and log in to the network with their regular user account.

Employees can then use all the resources that would be available from the office desktop computer. What is Remote Access?

Remote Access Service (RAS):It is considered to be a WAN connection. It is built into Windows NT that enables Users to log into an NT-based LAN using a Modem.

Remote Access ServerRemote Access ServerType 1: Dial-up Remote AccessA dial-up remote access connection comprises remote access clients, a remote access server (RAS), and some telecommunication infrastructure (typically, an analog phone line). A remote client uses the telecommunication infrastructure to create a temporary physical or virtual circuit to a port on the RAS. After the circuit is created, the connection parameters are set. If RAS and remote access clients are not located in a local telecommunication boundary, incremental long distance charges are incurred. Even though it has limited scalability, this solution is good for corporations that have a low requirement for remote access.

Type 2: VPN Remote AccessA VPN remote access connection between a user and the enterprise data center consists of a VPN client, a VPN device or server, and the Internet. When a client accesses the Internet through a local ISP, a virtual point-to-point connection is created with a RAS acting as the VPN server. Once this connection is created, the parameters for the VPN connection can be set and a VPN tunnel established with the VPN device or server to access enterprise resources. In this case, the client is not required to dial long distance.RAS Supported Connection Type:1. Public Switched Telephone Network (PSTN)2. Integrated Service Digital Network (ISDN)3. X.254. Asynchronous Transfer Mode (ATM) over Asymmetric Digital Subscriber Line (ADSL)6.VPN Connection 5. Digital Links and V.90 Public Switched Telephone Network (PSTN):

Integrated Services Digital Network(ISDN):

X.25Asynchronous Transfer Mode (ATM) over Asymmetric Digital Subscriber Line (ADSL)

Digital Links and V.90:

VPN Connection For RAS:RAS Supporting Clients:1. TCP/IP Clients using PPP2. LAN Manager3. DOS RAS4. Windows for Workgroups5. Windows 95/986.Windows NT 3.1 and above7. Windows 2000/XpRequired RAS Server Components:1. Modem

or2. ISDN Interface

or3. X.25 PAD

4. ATM

Networking:

Routing And Remote Access Server (RRAS):RAS Supported Connection Protocols:1. Point to Point Protocol (PPP)2. Serial Line Internet Protocol (SLIP)3. Compressed SLIP (CSLIP)4. Point to Point Multilink Protocol (PPMP)5. Microsoft RAS or AsyBEUI6. Callback Control Protocol (CBCP)Point to Point Protocol (PPP):PPP (Point-to-Point Protocol) is designed for simple links which transport packets between two peers. These links provide full-duplex simultaneous bi-directional operation and are assumed to deliver packets in order. PPP provides a common solution for the easy connection of a wide variety of hosts, bridges and routers. Serial Line Internet Protocol (SLIP):The Serial Line Internet Protocol is an encapsulation of the Internet Protocol designed to work over Serial Ports and Modem Connections. SLIP has been largely replaced by the Point to Point Protocol. SLIP will only support transport of IP Packets.Compressed SLIP (CSLIP):CSLIP is essentially for data compression of the SLIP Protocol. It reduce packet overhead drastically. It requires CSLIP support on both the Client and Server ends. This may also be used with PPP and called CPPP.Point to Point Multilink Protocol:Point to Point Multilink Protocol is a variation on the PPP that makes it possible to deploy multiple Physical Layer Connections and have them perceived as a single data link layer Connection by the upper layer protocols. It is typically used as a bandwidth-on-demand technique. Or combines bandwidth from several physical connections into one logical connection.Microsoft RAS or AsyBEUI:It was not technically possible for an AsyBEUI client to "bridge" to IPX/SPX and talk NCPs to a NetWare server for resource sharing. Then AsyBEUI make the RAS server would pick up the traffic and send it to the IPX/SPX stack using its NetBIOS interface capability. This allowed you to use IPX/SPX as the protocol between two Windows NT machines.Or AsyBEUI Client can now bridge to IPX/SPX and talk to Server.Callback Control Protocol (CBCP):It allows the server to negotiate with the Client to call the Client back to establish the connection. CBCP negotiates the use of callback where the remote access server, after authenticating the remote access client, terminates the physical connection, waits a specified amount of time, and then calls the remote access client back at either a static or dynamically configured phone number. Common CBCP options include the phone number being used by the remote access server to call the remote access client back.RAS Client Transport Protocols:1. NetBIOS Extended User Interface (NetBEUI)2. Internetwork Packet Exchange/Sequence Packet Exchange (IPX/SPX- NWLink)3. Transmission Control Protocol/Internet Protocol (TCP/IP)4. AppleTalkNetBIOS Extended User Interface (NetBEUI):It is an enhanced version of the NetBIOS Protocol.It is used by Network Operating Systems such as LAN Manager, LAN Server, Windows for Workgroups, Windows95 and Windows NT. NetBEUI was originally designed by IBM for their LAN Manager server and later extended by Microsoft and Novell.It is easy to configure and faster.Internetwork Packet Exchange/Sequence Packet Exchange(IPX/SPX- NWLink):NWLink is Microsofts implementation of Novells IPX/SPX/NetBIOS Protocols.

IPX is Novells implementation of the Xerox Internet Datagram Protocol. IPX is a connectionless datagram protocol that delivers packets across the Internet.

SPX is Novells version of the Xerox Sequenced Packet Protocol. It is a transport layer protocol providing a packet delivery service for third party applications.

Transmission Control Protocol/Internet Protocol (TCP/IP):The TCP/IP suite of protocols is the set of protocols used to communicate across the internet. TCP provides a reliable stream delivery and virtual connection service to applications through the use of sequenced acknowledgment with retransmission of packets when necessary.IP is the routing layer datagram service of the TCP/IP suite. All other protocols within the TCP/IP suite, except ARP and RARP, use IP to route frames from host to host. The IP frame header contains routing information and control information associated with datagram delivery.AppleTalk:The Apple Talk Protocol suite includes the following protocols:AARP:AppleTalk Address Resolution ProtocolDDP:Datagram Delivery ProtocolRTMP:Routing Table Maintenance ProtocolAEP:AppleTalk Echo ProtocolATP:AppleTalk Transaction ProtocolNBP:Name-Binding ProtocolZIP:Zone Information ProtocolASP:AppleTalk Session ProtocolPAP:Printer Access ProtocolADSP:AppleTalk Data Stream ProtocolAFP:AppleTalk Filing ProtocolRAS Supported Authentication Protocols:1. Password Authentication Protocol (PAP)2. Challenge Handshake Authentication Protocol (CHAP)3. Microsoft CHAP (MS-CHAP) or MD54. Remote Authentication Dial-In User Service (RADIUS)5. Extensible Authentication Protocol (EAP)Password Authentication Protocol (PAP):Password Authentication Protocol provides a simple method for the peer to establish its identity using a 2-way handshake. The PAP packet is encapsulated in the Information field of a PPP data link layer frame.

Almost all Networking Operating System remote servers support PAP.The least secure authentication protocolUses plain text passwords for authenticationChallenge Handshake Authentication Protocol (CHAP):Challenge Handshake Authentication Protocol is used to periodically verify the identity of the peer using a 3-way handshake. This is done upon initial link establishment and may be repeated any time after the link has been established.Exactly one CHAP packet is encapsulated in the Information field of a PPP data link layer frame.Microsoft CHAP (MS-CHAP) or MD5:Microsoft version of RSA Message Digest 5 (MD5) challenge and reply protocol. It only works non Microsoft Systems and enables data encryption.Selecting this authentication method causes all data to be encrypted.It is provide an authenticator-controlled password change mechanism.And it is also provides an authenticator-controlled authentication retry mechanism.It is defines failure codes returned in the Failure packet message field.Remote Authentication Dial-In User Service (RADIUS):Remote Authentication Dial-In User Service (RADIUS) is a networking protocol that provides centralized Authentication, Authorization, and Accounting (AAA) management for computers to connect and use a network service. RADIUS serves three functions:1. Authenticate Users or Devices before granting them access to a Network.2. Authorize those Users or Devices for certain Network Services.3. Account for usage of those services.

Extensible Authentication Protocol(EAP):EAP is used between a dial-in Client and Server to determine what authentication protocol will be used. The Extensible Authentication Protocol (EAP) is best considered as a framework for transportingauthentication protocols, rather than as an authentication protocol itself. EAP can be usedfor authenticating Wireless, Dial-up and VPN connections, and also Local Area Network (LAN) ports in conjunction with IEEE 802.1X.RAS Supported VPN Protocols:1. Point to Point Tunneling Protocol (PPTP)2. Layer Two Tunneling Protocol (L2TP)3. Internet Protocol Security (IPSec)Point to Point Tunneling Protocol(PPTP):PPTP works at the Link Layer. No encryption or key management included in specifications. A VPN tunneling Protocol used to send secure communications from point to point. It is used to access a network through the network using the speed of modem. It uses PPP encryption or Microsoft Point to Point Encryption over TCP as a transport Protocol. Layer Two Tunneling Protocol (L2TP):L2TP combines features of L2F and PPTP and it is works on the Link Layer. No encryption or key management is included in specifications. It uses IPSec for encryption.Internet Protocol Security (IPSec):IPSec works on Layer 3. It is a collection of security measures that address data privacy, integrity, authentication, and key management, in addition to tunneling.IPSec supports two encryption modes: Transport and Tunnel. Transport mode encrypts only the data portion (payload) of each packet, but leaves the header untouched. The more secure Tunnel mode encrypts both the header and the payload. On the receiving side, an IPSec-compliant device decrypts each packet.RAS Supported Bandwidth Allocation Protocols:1. Bandwidth Allocation Control Protocol (BACP)2. Bandwidth Allocation Protocol (BAP)Bandwidth Allocation Control Protocol (BACP):BACP is an Internet protocol that helps users manage a combination of dial-up links, usually over ISDN connections. BACP provides what is called dial on demand (or bandwidth on demand), a technique for providing additional bandwidth as needed by combining two or more circuits into a single circuit with a higher data throughput rate. The technique is useful for accommodating bursts in traffic, videoconferencing, backup sessions, and other requirements.You use dial on demand to automatically combine channels when data traffic increases beyond the capacity of a single channel. Bandwidth Allocation Protocol (BAP):The Bandwidth Allocation Protocol (BAP) manages the number of links in a multilink bundle. BAP defines datagram's to coordinate adding and removing individual links in a multilink bundle, as well as specifying which peer is responsible for decisions regarding managing bandwidth during a multilink connection.

Remote Access for a Client:Login Window for RAS Thank YouBy- Apoorw [email protected]