Implement Remote Access Service in Windows 2000

With the rapid development of the Internet and the increasing demand for mobile office, more and more people want to remotely access the LAN located in the company. Thus, remote access technology emerged. Next we will discuss how to implement remote access service-ras in a Windows 2000 network ).

The remote access service is a standard C/S mode (Client/Server) service, divided into two parts: remote access server and remote access client. First, find a computer in the internal network as the remote access server. In the family of Windows 2000, only Windows 2000 or later versions can be used as the remote access server. Open the Routing and Remote Access console on the computer on which you want to remotely access the server, start the Routing and Remote Access Services, and select "remote access server" in the server type ", follow the wizard prompts to configure the computer as a remote access server, as shown in Figure 1-1.

Figure 1-1 create a remote access server

Next, you need to set the dial-in attribute of the user account on the remote access server to allow these users to access the remote access server. On the remote access server, open the User Properties dialog box and set the remote access permission of the user's dial-in attribute to "Allow access ". 1-2.

Figure 1-2 set Remote Access Permissions

Next, set the remote access client to connect to the remote access server. Create a connection on the remote access client and select "Dial-to-dedicated network" in the network connection type, as shown in figure 1-3.

Figure 1-3 dialing to a private network

Click "Next" to select the device used for dialing. Then, the dialog box 1-4 appears. Enter the phone number of the remote access server, follow the wizard prompts to establish a connection with the remote access server.

Figure 1-4 enter the phone number of the remote access server

Remote access using Ras brings convenience to users, but this method also has major disadvantages:
First, because the RAS server uses a telephone number to provide services (the telephone line must be inserted into the modem), only one user is allowed to connect at the same time. If multiple users need to connect at the same time, the RAS server must have multiple modem, which increases the hardware overhead;
Second, because the client computer must dial the phone number of the RAS server, if the client and the server are located in different cities or even different countries, the telephone fee is very high.
In view of the shortcomings of the RAS method, a remote access method-VPN (Visual Private Network) is generally used in practical applications.
Compared with Ras, VPN has the following advantages: the VPN Server that provides remote access services uses an IP address instead of a telephone number to identify itself. Therefore, the VPN Server must have a public IP address. Because the IP address is logical, it can accept access requests from multiple users at the same time, and the VPN Server only needs a hardware connection that can be provided to the Internet, therefore, hardware overhead is reduced. For the client computer to access the VPN Server, you only need to connect to the Internet to obtain a unique public IP address on the Internet, and then dial the public IP address of the VPN Server, you can establish a connection with the VPN Server. The cost of this connection is only the telephone fee required by both parties to connect to the local ISP, avoiding the expensive long-distance telephone fee caused by the RAS method. Since both parties use public IP addresses to identify themselves, and the public IP addresses are unique on the Internet, it seems like they have opened up a channel for these two computers on the Internet, therefore, this method is called "virtual VPC ".
The VPN Server settings are similar to those of the RAS server. Open the Routing and Remote Access console on the computer where you want to act as the VPN Server, and start the Routing and Remote Access Services, select "Virtual Private Network (VPN) server" in the server type, and configure the computer as a VPN Server according to the wizard, as shown in figure 1-5.

Figure 1-5 create a virtual private network (VPN) Server

Create a connection on the VPN Client, and select "connect to a private network through the Internet" in the network connection type, as shown in figure 1-6.

Figure 1-6 connecting to a private network through the Internet

Click "Next". The dialog box shown in Figure 1-7 is displayed. Enter the host name or IP address of the VPN Server to be connected. Follow the wizard prompts to establish a connection with the VPN Server.

Figure 1-7 enter the IP address of the VPN Server

To sum up, there are two remote access services: Ras and VPN. The RAS mode requires the server to provide a reliable physical connection for each user, and the cost is relatively high; VPN allows multiple users to connect at the same time, and the cost is relatively low. In addition, you can set the "Callback" option for the two remote access methods, or set a remote access policy to further control the use of users. We will introduce these two methods later.