Routing and Remote Access
Overview
- Configuring Routing and Remote Access is essential for enabling remote access between clients and servers.
- Windows Server uses Routing and Remote Access Service (RRAS) for this purpose.
- Linux uses Secure Shell (SSH) via PuTTY.
- PuTTY is a free and open-source terminal emulator supporting protocols like SCP, SSH, Telnet, and raw socket connections.
Routing and Remote Access in Windows
- Routing and Remote Access Service (RRAS) is a Microsoft API and server software.
- It allows creating applications to administer routing and remote access capabilities.
- It functions as a network router and implements routing protocols.
- An Application Programming Interface (API) provides the connection between applications and data sources.
Definition of RRAS
- RRAS is a suite of network services in Windows Server that enables a server to act as a conventional router.
- It provides connectivity for remote users and offices to the corporate network.
- The API facilitates the development of applications for administering network services.
- Remote access clients can use standard Windows tools to access network resources.
Services Included in RRAS
- Remote access
- Dial-up remote access server
- VPN remote access server
- IP router for connecting subnets
- Network address translation services
- Dial-up and VPN site-to-site demand-dial router
RRAS Integrated Support
- Dynamic routing protocols:
- Routing Information Protocol (RIP) version 2
- Open Shortest Path First (OSPF)
- RRAS can be configured for:
- LAN-to-LAN routing
- LAN-to-WAN routing
- Virtual Private Network (VPN) routing
- Network Address Translation (NAT) routing
- IP multicasting
- Packet filtering
- Demand-dial routing
- DHCP relay
Virtual Private Networks (VPN)
- RRAS supports remote user or site-to-site connectivity via VPN or dial-up connections.
- A VPN is a private network using a public network (usually the Internet) to connect remote sites or users.
- VPNs use virtual connections routed through the internet, ensuring secure communication between a company's private network and remote locations or employees.
VPN Use Cases
- Head office and branch office connections via routers or VPN concentrators.
- Home office/traveling personnel connecting to the head office via VPN Client.
- VPN connections are not limited to head office to branch office; they can be configured in various topologies.
- Both Site-to-Site and Site-to-Client VPNs can be established.
Types of VPNs
IPSec VPN
- Internet Protocol Security VPN establishes a VPN using tunneling, encryption, and authentication.
- It assumes a trusted relationship between sites or computers, ensuring data integrity, authenticity, and confidentiality.
- IPSec VPN operates at the Network layer.
- A "tunnel" is the encrypted connection a VPN establishes to securely send traffic across the Internet.
Advantages of IPSec VPN
- Established and field-tested technology.
- Client-based, connecting only trusted sites/devices.
- Better packet drop performance, even in high-capacity usage.
- Preferred for Site-to-Site VPNs; can also establish Site-to-Client VPNs with installed clients.
- Full access to head office Intranet applications.
- Supports multiple authentication methods, preventing