Friday, November 27, 2015

Enable Routing and Remote Access

  • Enable Routing and Remote Access.
  • Configure the demand-dial interface for the remote site connection.
  • Configure an additional demand-dial interface for a temporary ISP link.

Enable Routing and Remote Access

When you run the Routing and Remote Access Wizard to enable the Routing and Remote Access service, the choices you make are the same for dial-up routing and for VPN routing.

To enable the Routing and Remote Access service

Note
  • You can skip step 1 if either of the following is true:

    • If this server uses local authentication or authenticates against a RADIUS server.
    • If you have administrative rights to add the computer account of the Routing and Remote Access server to the RAS and IAS Servers security group. The wizard automatically adds the computer to RAS and IAS Servers.
    1. Enable the router as follows:
Ask your domain administrator to add the router’s computer account to the RAS and IAS Servers security group for this domain by using the Active Directory Users and Computers snap-in or the netsh ras add registeredserver command.
If this router must access other domains, ask your domain administrator to add the router’s computer account to the RAS and IAS Servers security group of the other domains.
Restart the router for the change to take effect immediately.
  1. Open Routing and Remote Access, select the computer on which you want to enable the Routing and Remote Access service (probably the computer you are currently working on), and then, on the Action menu, select Configure and Enable Routing and Remote Access to start the Routing and Remote Access Wizard. Complete the wizard pages as shown in Table 10.13.
Configuration: 
                           Select Secure connection between two private networks.

Demand-Dial Connections:

                           Select Yes (to use demand-dial routing to access remote networks).

IP Address Assignment:

Choose one of the following alternative options: Select Automatically to use DHCP if you want to assign addresses automatically without using a specified range of addresses. -or- Select From a specified range of addresses if you want to specify an address range (recommended):
  1. On the Address Range Assignment screen, select New, and then type values for the following:

    • Starting address
    • Ending address
    You can use public or private address ranges. Based on what you specify for the starting and ending addresses, the Number of addresses for the IP address pool field is prepopulated for you. Note. For example, for a two-way connection, you might specify the range 192.168.10.1–192.168.10.2 on the calling router and the range 192.168.0.220–192.168.0.221 on the answering router. In this case, if the calling router initiates the connection, the calling router assigns 192.168.10.1 to itself, and it assigns 192.168.10.2 to the answering router.
  2. If the static IP address pool address range is an off-subnet address range, ensure that the routes to the address range exist in the routers of your intranet. 
When the Routing and Remote Access Wizard completes, you might see the message "Windows was unable to add this computer to the list of valid remote access servers in the Active Directory. Before you can use this computer as a remote access server, the domain administrator must complete this task." If you see this message, click OK. Later, after you complete the Demand-Dial Interface Wizard (described next), you will add the computer account to the RAS and IAS Servers security group.

No comments:

Post a Comment