Configuring Remote Connectivity
Given a remote connectivity scenario (IP, IPX, dial-up, PPPoE, authentication, physical connectivity, etc.) configure the connection.
The capability to remotely access networks has become an important part of the modern IT infrastructure. All organizations, from the smallest business to the largest corporation, are taking advantage of the potential that remote network access provides. Therefore, today's network administrators are as likely to be responsible for managing remote network access as they are for LAN access. Configuring and managing remote access requires knowledge of the protocols and procedures involved in establishing a remote connection.
The following sections explore some of the common considerations in configuring a remote connection, including a discussion of physical connections, protocols (which facilitate the connection), software (which establishes the connection), the dial-up connection method, and security.
NOTE
Remote Access The focus of this section is remote access—that is, the use of a remote system to dial in to a private network. This is important because in certain cases, even though the Internet might be used as a means to access a private network, it is not required.
For information on remote access protocols, refer to Chapter 8, “Remote Access and Security Protocols.” For more information on troubleshooting remote access, refer to Chapter 13, “Troubleshooting Connectivity.”
Physical Connections
There are many ways to connect to a remote network. Some, such as the plain old telephone system (POTS), offer a direct connection between you and the remote host. Others, such as cable and Digital Subscriber Lines (DSL), allow you to connect, but the connection occurs over a public network (the Internet), which can bring additional considerations such as authentication and security problems. The methods that can be used to establish a remote connection are discussed in detail in Chapter 8. For that reason, only a brief recap is included in this section:
Public switched telephone network (PSTN)— The PSTN offers by far the most popular method of remote connectivity. A modem and a POTS line allow for inexpensive and reliable, if not fast, remote access.
Integrated Services Digital Network (ISDN)— ISDN is a dial-up technology that works much like the PSTN, but instead of using analog signals to carry the data, ISDN uses digital signals. This makes it faster than the PSTN.
Cable— In an effort to take advantage of the increasing demand for high-speed Internet access, cable TV providers now offer broadband Internet access over the same connection that is used to carry cable TV signals.
DSL— DSL services are the telecom companies' broadband offering. xDSL (that is, the family of DSL services) comes in many different varieties, and as with cable, you need a special modem in order to use it.
Satellite— Perhaps the least popular of the connection methods discussed here, satellite provides wireless Internet access, although in some scenarios a PSTN connection is also required for upstream access. Of the technologies discussed in this section, satellite is the least suitable for remote access.
Protocols
When you have decided on the physical aspect of the connection, the next consideration is the protocols that allow you to make a connection to the remote server.
To facilitate a connection between a remote system and a remote access server, common protocols must be used between the systems. Two types of protocols are required to establish a remote connection. You first need to have the protocols that communicate at the data-link layer, including the following:
Point-to-Point Protocol (PPP)— PPP is actually a family of protocols that work together to provide connection services. PPP allows remote clients and servers to negotiate authentication between devices. PPP can employ a variety of encryption methods to secure transmissions.
Serial Line Internet Protocol (SLIP)— SLIP is an older connection protocol than PPP, and it was originally designed to allow data to be transmitted via Transmission Control Protocol/Internet Protocol (TCP/IP) over serial connections in a Unix environment. Unfortunately, SLIP does not support encryption or authentication and therefore has largely fallen out of favor. If you have users that use SLIP to connect from remote systems, you should move them to PPP connections as soon as possible.
Point-to-Point Protocol over Ethernet (PPPoE)— PPPoE is a method of using PPP connections over Ethernet. Using PPPoE and a broadband connection such as xDSL or cable Internet access, it is possible for individual users to have authenticated access to high-speed data networks, which provides an efficient way to create a separate connection to a remote server for each user. This strategy allows Internet access and billing on a per-user basis rather than a per-site basis.
Users accessing PPPoE connections require the same information as required with standard dial-up phone accounts, including a username and password combination. As with a dial-up PPP service, an Internet service provider (ISP) will most likely automatically assign configuration information such as the IP address, subnet mask, default gateway, and DNS server information.
After a data link has been established the as connection between the devices, other network-layer and transport-layer protocols are required to facilitate signal transmission. Examples of these protocols include the following:
TCP/IP— TCP/IP is the most widely used protocol today, and it is the protocol that is most commonly used to configure remote connectivity. As with access for systems on a LAN, remote access requires unique TCP/IP addressing. The most common way for remote clients to get IP information from the remote server is through automatic assignment from a DHCP server. However, it is possible to manually assign IP addresses from a static pool of addresses that have been assigned to the remote access server by the network administrator.
Internetwork Packet Exchange/Sequenced Packet Exchange (IPX/SPX)— Like TCP/IP, IPX/SPX is a fully routable protocol, and it can therefore be used for connecting to a remote system. However, just as TCP/IP is replacing IPX/SPX on LANs, it is also replacing IPX/SPX on remote access links.
Generally speaking, TCP/IP is the protocol suite to use for remote access. However, popular remote access solutions such as Microsoft Remote Access Service (RAS) can accommodate connections established using IPX/SPX, so you should be aware of the fact that IPX/SPX can be used.
NOTE
Using PPPoE How do you know if your ISP is using PPPoE? If you have xDSL or cable, you can just open your browser and be online. With PPPoE, authentication is required before you can access the Internet.
Software
With the physical connection and the protocols in place, you are almost ready to establish a connection. You just need some software to make the magic happen.
To establish a remote connection, the remote system typically requires software that initiates contact with the remote server. This software can take many forms: In some Windows client systems, for example, a remote connection can be configured by using Dial-Up Networking. Figure 11.1 shows the Connect To screen on a Windows Me system.
In addition to the client-side software that initiates the remote connection, server-side software that is responsible for answering the request is required. The server responding to the remote access requests is referred to as the remote access server. On Windows server platforms, the network service responsible for handling remote client connections is RAS. Figure 11.2 shows the Routing and Remote Access Service dialog box on a Windows 2000 system. (The steps required to install RAS are described in Chapter 8.)
EXAM TIP
Windows RAS Many remote access products are available; however, Windows RAS is the most likely of these products to appear on the Network+ exam.
Dial-up Access
As noted previously, dial-up is one of the most popular methods of gaining remote access to a LAN. There was a time when dial-up referred to using a modem on a POTS line, but today the term is applied generally to any connection that must be manually established to a remote system. For example, the establishment of a virtual private network (VPN) connection to a remote system over a cable Internet connection would be considered a dial-up connection.
The specifics of configuring dial-up access to a remote server depend on the client system being used. Linux, Macintosh, and the various Windows client systems all have different methods and means of connecting to a remote server via a dial-up connection. Instead of individually documenting the procedures for configuring each of the respective client systems, the following list identifies the configuration information and hardware required by all client systems to access a remote server using a dial-up connection:
Hardware— In order to access the remote server, the client system has to have the correct hardware installed to make the connection. Most dial-up remote connections require a modem on the client and a modem on the server system.
Phone number, hostname, or IP address— To connect to a remote access server over a dial-up connection, you need to have the phone number of the remote server, the IP address, or the hostname.
Transmission protocols— You need to choose the compatible protocol used by the remote server—NetBIOS Extended User Interface (NetBEUI), TCP/IP, or IPX/SPX. If the server is using TCP/IP, you might need to configure the IP configuration information manually, or this information might be assigned through a remote DHCP server.
Security— On the client system, you might need to establish security information so it can be authenticated by the server. The security information includes a username-and-password combination that will be verified by the remote server, as well as data encryption options.
Client connection options— On the client side, you can configure connection options such as redialing or disconnecting after a certain amount of time.
Dial-up Connection Troubleshooting
It would be nice if every time you dialed in to a remote server, it answered, and you were authenticated to the network. Although this usually happens most of the time, there are times when you just can't connect. If you are unable to establish the remote connection through dial-up, consider the following:
Verify that the remote access server is operational— You might be trying to log on to a remote server that is down. This might require a call to the remote network administrator to confirm.
Verify that you have correct authentication information— To access the remote access server, you need a valid user account for the remote network and permissions to access the server.
Confirm that you are calling the correct number or trying to connect to the correct server— Frequently, the cause of a problem can be traced to something simple. In the case of remote connectivity, this can often be using the wrong phone number or IP address for the remote server.
Verify local settings— In order to connect to the remote server, the client system needs to be correctly configured to access the server. These configuration settings include protocol information and compatible security settings.
Security
In today's world, it is necessary to establish security measures for remote network connections. In the same way users on local network systems must be authenticated to use network services and resources, remote clients must also be authenticated. The intention of remote authentication is to ensure that only users who have permission to access the remote network can access it. Most remote authentication requires at least a username and password combination, similar to that required for local network connections. More sophisticated systems use token generators or special authentication devices.