Microsoft Corporation Microsoft Windows Server 2003 Deployment Kit(c) Deploying Network Services 2003

Deploying a dial-up remote access server involves three major tasks: configuring a Windows Server 2003-based server as a dial-up remote access server, configuring the LAN adapter to provide the server with a connection to the intranet, and configuring the appropriate level of encryption strangth in the dial-up remote access policy. Figure 8.8 shows the process for deploying a dial-up remote access server solution.

Figure 8.8: Deploying a Dial-up Remote Access Server Solution

Configuring a Dial-up Remote Access Server

To provide dial-up access to your organization's intranet, configure a computer running Windows Server 2003 as a dial-up remote access server.

Before configuring the server as a dial-up remote access server, you must enable the Routing and Remote Access service, which is installed automatically with Windows Server 2003. Use the Routing and Remote Access Server Setup Wizard. For instructions on using the wizard, see "Remote access/VPN server role: Configuring a remote access/VPN server" in Help and Support Center for Windows Server 2003.

With Routing and Remote Access enabled, configure the properties of a dial-up remote access server by using the Routing and Remote Access snap-in.

• To configure a server for dial-up remote access

  1. Open the Routing and Remote Access snap-in.

  2. In the console tree, right-click the server name, and then click Properties.

  3. On the General tab of the Server Properties dialog box, verify that the Remote access server check box is selected.

  4. On the Security tab, set up authentication for dial-up remote access clients:

     1. Click Authentication Methods, and in the dialog box select the authentication methods that the server will accept for dial-up connections.

        Note

        The server is configured by default to accept certain authentication methods. You can use remote access policies to control which authentication methods to accept. For more information about using Windows Server 2003 remote access policies, see "Introduction to remote access policies" in Help and Support Center for Windows Server 2003.

     2. Under Authentication Provider on the Security tab, select the authentication provider to use for dial-up networking clients.

     3. Under Accounting Provider, select and configure the accounting provider to use for recording dial-up connection accounting information.

  5. On the IP tab, set up routing for remote access clients:

     1. Verify that the Enable IP routing and Allow IP-based remote access and demand-dial connections check boxes are selected.

     2. If you are using DHCP to obtain IP addresses for remote access clients, select Dynamic Host Configuration Protocol (DHCP).

        -Or-

        Select Static address pool, and then configure ranges of IP addresses that are dynamically assigned to dial-up networking clients.

        If the static IP address pool consists of ranges of IP addresses for a separate subnet, either enable an IP routing protocol on the remote access server or add static IP routes for each range to your IP routing infrastructure. If the routes are not added, remote access clients cannot receive traffic from resources on the intranet.

Configuring a Dial-up Connection to the Intranet

A LAN adapter provides the connection from a dial-up remote access server to the intranet. To enable this connection, you must configure TCP/IP on the LAN adapter and, on the dial-up remote access server, configure the modem ports for remote access.

Configuring TCP/IP on the LAN Adapter

Configure the following TCP/IP settings on the LAN adapter that provides the connection from the dial-up remote access server to the intranet:

• The IP address and subnet mask assigned by a network administrator.

• The default gateway of a local router.

• The IP addresses of DNS and WINS servers.

Configuring a Connection to Dial-up Networking Clients

To enable multiple dial-up clients to connect to the intranet simultaneously, the dial-up solution must have a modem bank connected to a telecommunications provider. The modem bank adapter includes drivers that you install on the dial-up remote access server.

Configuring Dial-in Ports for Remote Access

With the modem bank adapter drivers installed, the modem bank appears as a device with multiple modem ports. Use the Routing and Remote Access snap-in to configure all of the active modem bank ports on the server for remote access.

• To configure the ports of a device for remote access

  1. Open the Routing and Remote Access snap-in.

  2. In the console tree, right-click Ports, and then click Properties.

  3. In the Ports Properties dialog box, select the device that you want to configure, and then click Configure.

  4. In the Configure Device dialog box, select the appropriate routing connection options.

Configuring Encryption for a Dial-up Solution

In the remote access policy that governs connections for remote access on the dial-up remote access server, use Routing and Remote Access to set the appropriate encryption level. For a procedure for entering encryption settings in a remote access policy, see "Configuring authentication and data encryption" in Help and Support Center for Windows Server 2003.

In the remote access policy for dial-up connections on the dial-up remote access server, choose one of the following encryption levels:

• To use MPPE with a 40-bit key, select Basic.

• To use MPPE with a 56-bit key, select Strong.

• To use MPPE with a 128-bit key, select Strongest.

For more information about using Windows Server 2003 remote access policies, see "Introduction to remote access policies" in Help and Support Center for Windows Server 2003.