|
Section 1 -- Virtual Private Networking
Virtual Private Networking Overview
Elements of a VPN Connection
VPN Connections
Remote Access VPN Connection
Router-to-Router VPN Connection
VPN Properties
Encapsulation
Authentication
Data Encryption
Address and Name Server Allocation
Internet and Intranet-Based VPN Connections
Internet-Based VPN Connections
Remote Access over the Internet
Connecting Networks over the Internet
Connecting Networks Using Dedicated WAN Links
Connecting Networks Using Dial-Up WAN Links
Intranet-Based VPN Connections
Remote Access over an Intranet
Connecting Networks over an Intranet
Managing Virtual Private Networking
Managing Users
Managing Addresses and Name Servers
Managing Access
Managing Authentication
Managing Accounting
Network Management
Point-to-Point Tunneling Protocol
Tunnel Maintenance with the PPTP Control Connection
PPTP Data Tunneling
Encapsulation of PPP Frame
Encapsulation of GRE Packet
Data-Link Layer Encapsulation
Processing of the PPTP Tunneled Data
PPTP Packets and Windows NT 4.0 Networking Architecture
VPN Security
PPTP Connections
User Authentication with PPP
Encryption with MPPE
PPTP Packet Filtering
Addressing and Routing for VPNs
Remote Access VPN Connections
IP Addresses and the Dial-up VPN Client
Default Routes and Dial-up Clients
Default Routes and VPNs over the Internet
Public Address
Private Addresses
Overlapping or Illegal Addresses
Router-to-Router VPN Connections
Temporary vs. Persistent Router-to-Router VPNs
VPNs Using Dial-Up ISP Connections
Static vs. Dynamic Routing
VPNs and Firewalls
VPN Server and Firewall Configurations
VPN Server in Front of the Firewall
VPN Server Behind the Firewall
Troubleshooting VPNs
Common VPN Problems
Connection Attempt is Rejected when it Should be Accepted
Unable to Reach Locations Beyond the VPN Server
Unable to Establish Tunnel
Troubleshooting Tools
Unreachability Reason
Network Monitor
PPP Log or PPP Tracing
Section 2 -- Introduction to TCP/IP
The TCP/IP Protocol Suite
Microsoft TCP/IP
TCP/IP Standards
TCP/IP Protocol Architecture
Network Interface Layer
Internet Layer
Transport Layer
Application Layer
TCP/IP Core Protocols
IP
ARP
ICMP
IGMP
TCP
UDP
TCP/IP Application Interfaces
Windows Sockets Interface
NetBIOS Interface
IP Addressing
Address Classes
Class A
Class B
Class C
Class D
Class E
Network ID Guidelines
Host ID Guidelines
Subnets and Subnet Masks
Subnet Masks
Dotted Decimal Representation of Subnet Masks
Network Prefix Length Representation of Subnet Masks
Determining the Network ID
Subnetting
Variable Length Subnetting
Supernetting and Classless Interdomain Routing
The Address Space Perspective
Public and Private Addresses
Name Resolution
Host Name Resolution
Domain Names
Domain names are not case sensitive.
Host Name Resolution Using a HOSTS File
Host Name Resolution Using a DNS Server
Combining a Local Database File with DNS
NetBIOS Name Resolution
IP Routing
Direct and Indirect Delivery
IP routing is a combination of direct and indirect deliveries.
The IP Routing Table
IP Routing Table Entry Types
The Route Determination Process
Example Routing Table for Windows NT
Routing Processes
IP on the Sending Host
IP on the Router
IP on the Destination Host
Static and Dynamic IP Routers
Physical Address Resolution
The ARP Cache
The ARP Process
For More Information
Section 3 -- Unicast Routing Principals
Internetwork Routing
Routing Concepts
Host Determination of the First Hop
Host Routing Table
Dynamic Updates of Host Routing Table
Eavesdropping
Default Router
Querying the Network for the Best Route
Host Determination of the Entire Path
Routing Table Structure
Network ID
Forwarding Address
Interface
Metric
Lifetime
Locality of the Routing Table
Static Routing
Dynamic Routing
Routing Loops
Black Holes
Foundations of Routing Protocols
Routing Infrastructure
Interior Gateway Protocols (IGPs)
Exterior Gateway Protocols (EGPs)
For More Information
Section 4 -- Unicast IP Routing
Windows NT 4.0 with RRAS and IP Routing
Windows NT 4.0 with RRAS Router Features for IP Routing
RIP for IP
RIP and Large Internetworks
RIP and Hop Counts
RIP and Routing Table Entries
RIP Route Advertising
RIP Convergence
Convergence in RIP Internetworks
Reducing Convergence Time
RIP for IP Operation
Initialization
Ongoing Maintenance
Administrative Router Shutdown
Downed Link
Downed Router
RIP for IP Version 1
Version A 1-byte field set to the value of 0x01 for RIP v1.
Problems with RIP v1
RIP for IP Version 2
Features of RIP v2
RIP v2 Message Format
Authentication in RIP v2
Mixed RIP v1 and RIP v2 Environments
Windows NT 4.0 with RRAS as a RIP for IP Router
Troubleshooting RIP for IP
Improper Routes in a Mixed RIP v1 and RIP v2 Environment
Silent RIP Hosts Are Not Receiving Routes
OSPF
OSPF Operation
Formation of the LSDB Using Link State Advertisements
The Router ID
Calculating the SPF Tree Using Dijkstra’s Algorithm
OSPF Operation
Compiling the LSDB
Calculating the SPF Tree
Creating Routing Table Entries
OSPF Network Types
Synchronizing the LSDB Through Adjacencies
Forming an Adjacency
Neighbor States
Adjacency Configuration Parameters
Adding a Router to a Converged OSPF Internetwork
Designated Routers
DRs on Broadcast Networks
DRs on NBMA Nets
Backup Designated Router
Interface States
Communication on OSPF Networks
OSPF Areas
The Backbone Area
OSPF Router Types
Inter-Area Routing
External Routes
External Route Filters
ASBRs and Default Routes
Stub Areas
Troubleshooting OSPF
Adjacency Is Not Forming
Virtual Link Is Not Forming
Lack of OSPF Routes or Existence of Improper OSPF Routes
DHCP Relay Agent
DHCP Across IP Routers
Initial DHCP Configuration
DHCPDISCOVER
DHCPOFFER
DHCPREQUEST
DHCPACK
DHCPREQUEST
DHCPACK/DHCPNACK
Troubleshooting the DHCP Relay Agent
IP Packet Filtering
Windows NT 4.0 with RRAS IP Packet Filtering
IP Header
UDP Header
ICMP Header
Input Filters
Output Filters
Configuring a Filter
Filtering Scenarios
Preventing the Ping of Death
Denying Spoofed Packets from Private IP Addresses
ICMP Router Discovery
Additional Resources
Section 5 -- IPX Routing
Windows NT 4.0 with RRAS and IPX Routing
Windows NT 4.0 with RRAS Router Features for the IPX Protocol Suite
IPX Packet Filtering
IPX Header Structure
Demultiplexing an IPX Packet
The Windows NT 4.0 with RRAS Router IPX Packet Filtering
Configuring an IPX Filter
RIP for IPX
IPX Routing Tables
RIP for IPX Operation
RIP for IPX Packet Structure
Operation
RIP for IPX Route Filters
Static IPX Routes
To add a static route
SAP for IPX
IPX Routers and the Internal Network Number
IPX Traffic Before the IPX Internal Network
IPX Traffic After the IPX Internal Network
The Windows NT 4.0 with RRAS Router and the IPX Internal Network and Internal Adapter
SAP Tables
SAP Operation for an IPX Router
SAP Packet Structure
SAP Filters
Static Services
NetBIOS Broadcasts
The IPX WAN Broadcast
IPX WAN Broadcasts and Microsoft Networking
NetBIOS Over IPX Broadcast Packet Structure
Static NetBIOS Names
Additional Resources
Section 6 -- Remote Access Server
Remote Access Overview
Remote Access Versus Remote Control
Elements of a Dial-Up Remote Access Connection
Remote Access Client
Remote Access Server
Dial-Up Equipment and WAN Infrastructure
Remote Access Protocols
LAN Protocols
Elements of Secure Remote Access
Secure User Authentication
Mutual Authentication
Data Encryption
Callback
Managing Remote Access
Managing Users
Managing Addresses
Managing Access
Managing Authentication
Windows NT 4.0 Authentication
RADIUS Authentication
Managing Accounting
Network Management
Remote Access Server Architecture
IP and IPX Router
Packets from Remote Access Clients
Packets to Remote Access Clients
TCP/IP On-Subnet and Off-Subnet Addressing
On-Subnet Addressing and Proxy ARP
Off-Subnet Addressing and IP Routing
NetBIOS Gateway
The Point-to-Point Protocol
PPP Encapsulation
PPP on Asynchronous Links
PPP on Synchronous Links
PPP Link Negotiation with LCP
LCP Packet Structure
LCP Options
LCP Negotiation Process
Callback Negotiation with the Callback Control Protocol
Packet Structure
Negotiated Options
PPP Network Layer Negotiation with NCP
IPCP
Packet Structure
Negotiated Options
IPXCP
Packet Structure
Negotiated Options
NBFCP
Packet Structure
Negotiated Options
Compression Control Protocol
Packet Structure
Negotiated Options
MPPE and MPPC
ECP
The PPP Connection Process
Phase 1: PPP Configuration
Phase 2: Authentication
Phase 3: Callback
Phase 4: Protocol Configuration
A Sample PPP Connection
Network Monitor
PPP log for Windows NT 4.0 Remote Access Service
PPP Tracing for RRAS
Example of a PPP log or trace
PPP Connection Termination
PPP Authentication Protocols
PAP
SPAP
CHAP
MS-CHAP v1
MS-CHAP v2
Remote Access and LAN Protocols
TCP/IP
IP Address Allocation
DNS and WINS Address Assignment
IPX
Multilink
Troubleshooting the Remote Access Server
Common Remote Access Problems
Connection Attempt Is Rejected When It Should Be Accepted
Unable to Reach Locations Beyond the Remote Access Server
Miscellaneous Remote Access Problems
Multilink Is Not Working
Troubleshooting Tools
Network Monitor
PPP Log or PPP Tracing
Section 7 -- Demand Dial Routing NT 4.0 with RRAS
Introduction to Demand Dial Routing
Demand Dial Routing and Remote Access
On-Demand and Persistent Connections
Demand Dial Interface Configuration
Components of Demand Dial Routing
Calling Router
Answering Router
Connection Medium
Demand Dial Routing Process
On-Demand Router-to-Router VPN
Testing Demand Dial Connections
Manual Test
Automatic
Demand Dial Routing Security
Dialin Permission
Authentication
One-Way and Two-Way Authentication
Encryption
Demand Dial Interface Packet Filtering
Creating User Accounts with the Demand Dial Wizard
Demand Dial Routing and Routing Protocols
On-Demand Connections
Manual Configuration of Static Routes
Using a Default IP Route for an On-Demand Connection
Autostatic Updates
Manual Autostatic Updates
Scheduled Autostatic Updates
Persistent Connections
IPX Demand Dial Connections
Troubleshooting Demand Dial Routing
Troubleshooting Tools
Section 8 -- Installing, Configuring, and Using PPTP with Microsoft
Clients and Servers
Using PPTP
Planning for PPTP and Virtual Private Networks
Hardware Requirements
The PPTP server
The PPTP client
Network Protocols on the Private Enterprise Network
Before Installing PPTP
Installing and Configuring PPTP on a PPTP Server
Installing PPTP on a PPTP Server
Adding VPN Devices as RAS Ports on a PPTP Server
Configuring PPTP Server Encryption and Authentication Options
Configuring Server Encryption for PPTP
Configuring PPTP Filtering on the PPTP Server
Configuring LAN Routing on the PPTP Server
Enable IP forwarding
Adding the DontAddDefaultGateway registry entry
Adding static routes for the private network
Installing and Configuring PPTP on a PPTP Client
Installing PPTP on a PPTP Client
Adding a VPN Device as a RAS Port on the PPTP Client
To configure a VPN device on the PPTP client:
Configuring Dial-Up Networking on the PPTP Client
Creating the Phonebook Entry to Dial a ISP
To create a new ISP entry by using the Phonebook Wizard:
To verify or edit your ISP phonebook entry:
Creating the Phonebook Entry to Dial a PPTP Server
To create an phonebook entry to dial-up a PPTP server by using a VPN device:
To verify or edit your phonebook entry for the PPTP server:
Using PPTP to Connect to a PPTP Server by Dialing an ISP
To connect to a PPTP server using a PPTP client to dial up an ISP:
Dialing-up an ISP PPTP Service to Connect to a PPTP Server
Using PPTP Over the LAN to Connect to a PPTP Server
To connect to a PPTP server over a LAN connection:
Section 9 -- Frequently Asked Questions about Microsoft VPN
Security
Is Windows NT 4.0 Based Virtual Private Networking Secure?
Are There Other Aspects Of Security That I Should Consider When Making A Decision About A VPN
Solution?
Are The Security Issues Different For RAS Than For VPN Access?
What Security Features Are Built Into PPTP?
How Is PPTP Secured?
What Types Of Attack Are Used Against VPNs?
What Has Microsoft Done To Protect Against Various Types Of Attacks?
How Important Is Good Password Security?
Are IPSec-Based VPNs More Secure Than PPTP-Based VPNs?
Are L2TP-Based VPNs More Secure Than PPTP-Based VPNs?
Is VPN Outsourcing Secure?
Is A Server-To-Server Based VPN Solution More Secure Than A Client-Server Solution?
What Are Smart Cards?
Does Microsoft Support Smart Card Authentication For VPNs?
What Are Token Cards?
What Are The Tradeoffs Between Smart Cards, Token Cards And Password Based Security?
References
Section 10 -- Update to Routing and Remote Access Service for
Windows NT Server: FAQ
Section 11 -- Additional Microsoft Resources
Deployment Roadmap
|
