Detailed analysis of routes and Remote Access Servers

The configuration of routes and remote access is an essential step in the networking. With the development of the routing technology, we believe that the remote access server will become more mature. This is an address range on the subnet of the Intranet that the route and remote access server are connected. Whenever the Routing and Remote Access Server obtain the IP address of the remote access client from the DHCP server, or when the manually configured static pool contains an IP address within the address range of a connected subnet, this type of address is used. The advantage of using subnet addresses is that you do not need to make any changes to the routing infrastructure.

Outer subnet address range

This is an address range that logically connects to a different subnet for remote access to the server. This type of address is used when the static pool contains IP addresses located on a separate subnet. The advantage of using an external subnet address is that the IP address of the remote access client is easier to identify. The address type determines how traffic is forwarded from an Intranet node to the connected remote access client. When a remote access client of a connection sends a package, the following process occurs:

1. The package will be sent to the Routing and Remote Access server through the PPP link.

2. routing and Remote Access Servers use IP forwarding to forward packets to neighboring hosts on a connected subnet, or more likely forward packets to a connected Intranet) A nearby router. For more information about the IP forwarding process, see understanding the IP route table. When the traffic is sent to the Routing and Remote Access client, the process of transmitting it to the remote access server is different, depending on the remote access client is allocated to a sub-network address, or is it assigned to an external subnet address.

Packet transmission for subnet addresses

For a sub-network address, the remote access server will act as a proxy "Address Resolution Protocol ARP" device. For the IP addresses assigned to the connected routes and remote access clients, it is responsible for responding to ARPRequest frames targeting these addresses. The remote access server maintains a list of IP addresses assigned to the remote access client, and responds to ARP requests on behalf of these clients. For a remote access client that is using a sub-network address, the packet transmission process is as follows:

1. A node on the Intranet subnet connected to the remote server sends an ARPRequest frame, requesting the MAC address of the node allocated to the IP address of the remote access client.

2. the remote access server receives ARP requests, checks the remote access client table of the connection, and finds a match, use an ARPReply message containing its own MAC address to respond to the ARP request.

3. nodes on the Intranet subnet forward packets to the remote access server.

4. The remote access server receives the packet, checks the target IP address, determines the corresponding PPP connection, and then forwards the packet through this PPP connection. For addresses in the subnet, the neighboring node performs direct transmission, as if the remote client is directly connected to the subnet of the neighboring node. Neighboring nodes do not know that the destination is actually accessed through remote access to the server.

Packet Transfer from an external subnet address

For non-subnet addresses, the remote access server acts as a router, and the node on the connected subnet is usually a router) and forwards packets between the connected remote access client. For a remote access client that is using an external subnet address, the packet transmission process is as follows:

1. A node on the Intranet subnet connected to the remote server sends an ARPRequest frame, requesting the MAC address corresponding to the IP address of the remote access server.

2. The remote access server uses an ARPReply message containing its own MAC address to respond to the ARP request.

3. nodes on the Intranet subnet forward packets to the remote access server.

4. The remote access server receives the packet, checks the target IP address, determines the corresponding PPP connection, and then forwards the packet through this PPP connection.

For addresses outside the subnet, the neighboring nodes perform indirect transmission and treat the remote access server as a vro. In order for a remote access client assigned with a subnet outer address to access nodes on the Intranet, the routing infrastructure must contain a route that matches the subnet outer address range, these routes must point to an Intranet interface that remotely accesses the server. To add these routes, you can perform one of the following operations: Because the routes corresponding to the outer subnet address range are automatically added to the route table of the remote access server, you can configure a routing protocol for the route and remote access server, such as the routing information protocol RIP) or open the Shortest Path First OSPF protocol, to spread routes not on the subnet to the neighboring router. Add the route corresponding to the outer subnet address range as a static route to a neighboring router, and configure the router to route the route to its neighboring router. For a small network that does not use a routing protocol such as RIP or OSPF, you can also manually add a route corresponding to the outer subnet address range to the router.

How to obtain an IP address

You can configure the "Routing and Remote Access" service to automatically obtain the IP address of the remote access client, or obtain the address from a static IP address pool. This configuration will be performed when you use the "route and Remote Access Server Installation Wizard, you can modify the attributes of a remote access server in the "Routing and Remote Access" management unit on the IP tab.

Automatically obtain the IP address

When configured to automatically obtain the IP address, the "Routing and Remote Access" service instructs the DHCP client component of the TCP/IP to use DHCP to obtain 10 IP addresses at a time. The "Routing and Remote Access" Service tries to obtain the first 10 IP addresses when the first remote access client is connected instead of when the "Routing and Remote Access" server is started. The "Routing and Remote Access" Service uses the first IP address obtained from DHCP for Internal) interface can be seen from the "IP Route \ regular" node in the "Routing and Remote Access" Management Unit ). The subsequent addresses will be allocated to the clients during the remote access based on IP addresses. Any IP address recovered when the remote client is disconnected will be reused.

When the first 10 IP addresses obtained from DHCP are all used at the same time, and the other remote access client tries to establish a connection, the "Routing and Remote Access" Service uses the DHCP client component to obtain 10 other addresses. You can change the number of addresses obtained at a time by changing the value of the HKEY_LOCAL_MACHINE \ System \ CurrentControlSet \ Services \ RemoteAccess \ Parameters \ Ip \ InitialAddressPoolSize registry key DWORD. If you cannot contact a DHCP server, the DHCP Client returns an address in the range of "automatic private IP address APIPA)" from 169.254.0.1 to 169.254.255.254. APIPA addresses are non-subnet addresses. They do not have corresponding routes in the Intranet Routing infrastructure. The remote access client is assigned an APIPA address, but cannot communicate with the remote access server.

Note: There are some ways to allow the APIPA address to be used as a subnet address or an external subnet address. However, the existence of an APIPA address may mean that a configuration error or connectivity problem exists, so that it cannot be connected to the DHCP server, or, the IP address of the subnet used for remote access to the server is missing in the range of the DHCP server. These problems should be corrected, rather than configuring these methods to use the APIPA address for remote access to the client.