pc micro systems
 


Home
Back
Company Info


Using Microsoft Remote Access Service (RAS)


Microsoft RAS is a feature in the Windows Server family, and is included in all versions of Windows Server. A Limited version of RAS is also included in Desktop (client) editions of Windows, including Windows 10/8/7/Vista/XP Vista. RAS allows remote dial-up clients to connect to a Local Area Network using analog phone lines or ISDN lines. A typical use would be by an ISP (Internet Service Provider) to allow users to dial in to their LAN, or by a corporate network administrator to allow their users to connect to the corporate LAN from remote sites. The remote clients connect to RAS using the TCP/IP protocol encapsulated in the Point-to-Point (PPP) protocol, which allows the remote client to access the LAN as if they were plugged directly into it.

A RAS Server will typically have either multiple analog phone lines, or it will have one or more ISDN T1, E1, or BRI lines for the incoming calls. When a large number of telephone lines are required, they are usually provided by the phone company in bundles of lines known as 'T1 ISDN-PRI' or 'E1 ISDN-PRI' lines. A T1 contains 23 phone lines, and an E1 contains 30 phone lines. An ISDN-BRI only contains two phone lines. These lines will either connect to digital modems, which can support both analog and digital calls, or they will connect to analog modems. Digital modems require a digital connection from the telephone company (T1, E1, or single ISDN-BRI lines). If you use analog modems on your RAS server, the maximum speed is 33.6k rather then 56k, because 56k speeds require one end of the connection to be a digital modem.

Building a Microsoft Remote Access Service (RAS) can be very simple, but there are some security precautions that need to be addressed before you begin. The RAS server is responsible for authenticating that the user is really who they claim to be, and granting them access.

If your users always dial in from a specific phone number, then one of the best methods of securing your RAS is a function known as 'call back'. The way this works is when a particular user dials in, they log in with their username and password, and then the server disconnects them and immediately calls them back on their pre-defined phone number. This makes it virtually hack proof, even if the users password was ever breached.

Once a users dials in, they are assigned an IP address on the network, which can be done by the RAS server, or by a seperate DHCP server on the network.

You will need to choose to use either 'workgroup' security, or the more advanced 'domain' type of security. Workgroup security is very basic and harder to administer, and the Domain method is more secure. A domain controller maintains a list of users, and you can configure which ones are allowed Dial-In access, what days and times they are allowed in, and set an optional call-back number. On a larger network you might want to consider using AIS>, which is a RADIUS based security system included with Windows Server. RADIUS stands for Remote Authentication Dial-In User Service. The AIS in the standard edition of Windows Server 2003 supports a maximum of 50 RADIUS clients, so if you need support for more clients you will need Windows Server 2003 Enterprise Edition, or DataCenter Edition, or you can use a third-party RADIUS solution. There is an excellent open source FreeRADIUS Server designed for Linux which can also be run under Windows using CygWin, MinGW32, or the Microsoft Windows Linux Subsystem.
If you wish to allow your network users to be able to dialout on the same pool of modems which RAS uses for inbound conections, you can install a third party modem pooling server such as NetModem which is designed to co-exist with RAS.

Detailed information on how to configure Microsoft RAS policies and security features can be found on the Microsoft Windows Server Deployment guide, under the sections titled:
Configure Remote Access Server
and:
Deploy Remote Access in an Enterprise

 



hot deals on computers


Modem Pool


Copyright © 1995 - 2007 pcmicro.com    All rights reserved