Remote

Access
Service
HCL CDC
Etawah

Contents for Remote Access

Service:
1. What is Remote Access Service (RAS) and its
Types ?
2. RAS Client Supported Connection Type

3. RAS Supporting
Clients
4. Required RAS Server
components
5. RAS Client supported Connection, Transport
Authentication, VPN, and Bandwidth Protocols
6. Working with RAS

WhatisRemoteAccess?
With a remote access
connection, employees
can access the
corporate remote
access server and log in
to the network with
their regular user
account.
Employees can then
use all the resources
that would be available

Remote Access Service

It
is considered to be a WAN connection. It is
(RAS):
built into Windows NT that enables Users to
log into an NT-based LAN using a Modem.

Remote Access
Server Remote Access
Server

Type 1: Dial-up Remote Access

A dial-up remote access connection comprises remote access clients, a
remote access server (RAS), and some telecommunication infrastructure
(typically, an analog phone line). A remote client uses the
telecommunication infrastructure to create a temporary physical or virtual
circuit to a port on the RAS. After the circuit is created, the connection
parameters are set. If RAS and remote access clients are not located in a
local telecommunication boundary, incremental long distance charges are
incurred. Even though it has limited scalability, this solution is good for
corporations that have a low requirement for remote access.

Type 2: VPN Remote Access

A VPN remote access connection between a user and the enterprise data
center consists of a VPN client, a VPN device or server, and the Internet.
When a client accesses the Internet through a local ISP, a virtual point-topoint connection is created with a RAS acting as the VPN server. Once this
connection is created, the parameters for the VPN connection can be set
and a VPN tunnel established with the VPN device or server to access
enterprise resources. In this case, the client is not required to dial long

RAS Supported Connection

Type:
1. Public Switched Telephone Network
(PSTN)
2.
Integrated Service Digital Network
(ISDN)
3. X.25
4. Asynchronous Transfer Mode (ATM)
over Asymmetric Digital Subscriber Line
(ADSL)
5. Digital Links and V.90
6.VPN Connection

ublic Switched Telephone Networ

PSTN):

ntegrated Services Digital Netwo

ISDN):

X.25

Asynchronous Transfer
Mode (ATM) over
Asymmetric Digital
Subscriber Line (ADSL)

Digital Links and V.90:

VPN Connection For RAS:

RAS Supporting
Clients:
1. TCP/IP Clients using PPP
2. LAN Manager
3. DOS RAS
4. Windows for Workgroups
5. Windows 95/98
6.Windows NT 3.1 and above
7. Windows 2000/Xp

Required RAS Server

1.
2. ISDN Interface
Components:
Modem

or
3. X.25
PAD

4. ATM

or

Networking:

Routing And Remote Access

Server (RRAS):

RAS Supported Connection

Protocols:
1. Point to Point Protocol (PPP)
2. Serial Line Internet Protocol (SLIP)
3. Compressed SLIP (CSLIP)
4. Point to Point Multilink Protocol
(PPMP)
5. Microsoft RAS or
AsyBEUI
6. Callback Control Protocol (CBCP)

Point to Point Protocol

(PPP):

PPP (Point-to-Point Protocol) is designed for

simple links which transport packets between
two peers. These links provide full-duplex
simultaneous bi-directional operation and are
assumed to deliver packets in order. PPP
provides a common solution for the easy
connection of a wide variety of hosts, bridges
and routers.

Serial Line Internet Protocol

(SLIP):
The Serial Line Internet Protocol is an
encapsulation of the Internet Protocol
designed to work over Serial Ports and Modem
Connections. SLIP has been largely replaced
by the Point to Point Protocol. SLIP will only
support transport of IP Packets.

Compressed SLIP
(CSLIP):
CSLIP is essentially for data compression of the
SLIP Protocol. It reduce packet overhead
drastically. It requires CSLIP support on both the
Client and Server ends. This may also be used
with PPP and called CPPP.

Point to Point Multilink

Protocol:
Point to Point Multilink Protocol is a variation on
the PPP that makes it possible to deploy
multiple Physical Layer Connections and have
them perceived as a single data link layer
Connection by the upper layer protocols. It is
typically used as a bandwidth-on-demand
technique. Or combines bandwidth from
several physical connections into one logical
connection.

Microsoft RAS or AsyBEUI:

It was not technically possible for an AsyBEUI client
to "bridge" to IPX/SPX and talk NCPs to a NetWare
server for resource sharing. Then AsyBEUI make the
RAS server would pick up the traffic and send it to
the IPX/SPX stack using its NetBIOS interface
capability. This allowed you to use IPX/SPX as the
protocol between two Windows NT machines.
Or AsyBEUI Client can now bridge to IPX/SPX and
talk to Server.

Callback Control Protocol

(CBCP):
It allows the server to negotiate with the Client
to call the Client back to establish the
connection. CBCP negotiates the use of callback
where the remote access server, after
authenticating the remote access client,
terminates the physical connection, waits a
specified amount of time, and then calls the
remote access client back at either a static or
dynamically configured phone number.
Common CBCP options include the phone
number being used by the remote access server
to call the remote access client back.

RAS Client Transport

Protocols:
1. NetBIOS Extended User Interface
(NetBEUI)

2.

Internetwork Packet
Exchange/Sequence Packet Exchange
(IPX/SPX- NWLink)
3. Transmission Control Protocol/
Internet Protocol (TCP/IP)
4. AppleTalk

NetBIOS Extended User

Interface (NetBEUI):
It is an enhanced version of the NetBIOS
Protocol.
It is used by Network Operating Systems such
as LAN Manager, LAN Server, Windows for
Workgroups, Windows95 and Windows NT.
NetBEUI was originally designed by IBM for
their LAN Manager server and later extended
by Microsoft and Novell.
It is easy to configure and faster.

Internetwork Packet Exchange/

Sequence Packet Exchange
(IPX/SPX- NWLink):
NWLink is Microsofts implementation of Novells
IPX/SPX/NetBIOS Protocols.
IPX is Novells implementation of the Xerox Internet
Datagram Protocol. IPX is a connectionless datagram
protocol that delivers packets across the Internet.
SPX is Novells version of the Xerox Sequenced Packet
Protocol. It is a transport layer protocol providing a
packet delivery service for third party applications.

Transmission Control Protocol/

Internet Protocol (TCP/IP):
The TCP/IP suite of protocols is the set of protocols
used to communicate across the internet.
TCP provides a reliable stream delivery and virtual
connection service to applications through the use of
sequenced acknowledgment with retransmission of
packets when necessary.
IP is the routing layer datagram service of the TCP/IP
suite. All other protocols within the TCP/IP suite,
except ARP and RARP, use IP to route frames from
host to host. The IP frame header contains routing
information and control information associated with
datagram delivery.

AppleTalk:
The Apple Talk Protocol suite includes the following
protocols:
AARP: AppleTalk Address Resolution Protocol
DDP:

Datagram Delivery Protocol

RTMP: Routing Table Maintenance Protocol

AEP:
ATP:
NBP:
ZIP:
ASP:
PAP:

AppleTalk Echo Protocol

AppleTalk Transaction Protocol
Name-Binding Protocol
Zone Information Protocol
AppleTalk Session Protocol
Printer Access Protocol

ADSP: AppleTalk Data Stream Protocol

AFP:

AppleTalk Filing Protocol

RAS Supported
Authentication Protocols:
1. Password Authentication Protocol
(PAP)
2. Challenge Handshake
Authentication Protocol (CHAP)
3. Microsoft CHAP (MS-CHAP) or MD5
4. Remote Authentication Dial-In
User Service (RADIUS)

5. Extensible Authentication Protocol (EAP)

Password Authentication Protocol

(PAP):
Password Authentication Protocol provides a
simple method for the peer to establish its
identity using a 2-way handshake. The PAP
packet is encapsulated in the Information
field of a PPP data link layer frame.
Almost all Networking Operating System
remote servers support PAP.
The least secure authentication
protocol
Uses plain text passwords for
authentication

Challenge Handshake
Authentication Protocol (CHAP):
Challenge Handshake Authentication Protocol is
used to periodically verify the identity of the peer
using a 3-way handshake. This is done upon
initial link establishment and may be repeated
any time after the link has been established.
Exactly one CHAP packet is encapsulated in the
Information field of a PPP data link layer frame.

Microsoft CHAP (MS-CHAP) or MD5:

Microsoft version of RSA Message Digest 5
(MD5) challenge and reply protocol. It only
works non Microsoft Systems and enables data
encryption.
Selecting this authentication method causes all
data to be encrypted.
It is provide an authenticator-controlled
password change mechanism.
And it is also provides an authenticatorcontrolled authentication retry mechanism.
It is defines failure codes returned in the Failure
packet message field.

Remote Authentication Dial-In

User Service (RADIUS):
Remote Authentication Dial-In User Service (RADIUS)
is a networking protocol that provides centralized
Authentication, Authorization, and Accounting (AAA)
management for computers to connect and use a
network service.
RADIUS serves three functions:
1. Authenticate Users or Devices before granting
them access to a Network.
2. Authorize those Users or Devices for certain
Network Services.
3. Account for usage of those services.

Extensible Authentication Protocol

(EAP):
The Extensible Authentication Protocol (EAP) is
best considered as a framework for transporting
authentication protocols, rather than as an
authentication protocol itself. EAP can be used
for authenticating Wireless, Dial-up and VPN
connections, and also Local Area Network (LAN)
ports in conjunction with IEEE 802.1X.
EAP is used between a dial-in Client and Server
to determine what authentication protocol will be
used.

RAS Supported VPN

Protocols:
1. Point to Point Tunneling Protocol
(PPTP)
2. Layer Two Tunneling Protocol
(L2TP)
3. Internet Protocol Security (IPSec)

Point to Point Tunneling Protocol

(PPTP):
PPTP works at the Link Layer. No encryption or
key management included in specifications. A
VPN tunneling Protocol used to send secure
communications from point to point. It is used
to access a network through the network using
the speed of modem. It uses PPP encryption or
Microsoft Point to Point Encryption over TCP as a
transport Protocol.

Layer Two Tunneling Protocol (L2TP):

L2TP combines features of L2F and PPTP and it is
works on the Link Layer. No encryption or key
management is included in specifications. It
uses IPSec for encryption.

nternet Protocol Security (IPSec):

IPSec works on Layer 3. It is a collection of
security measures that address data privacy,
integrity, authentication, and key management,
in addition to tunneling.
IPSec supports two encryption modes:
Transport and Tunnel. Transport mode encrypts
only the data portion (payload) of each packet,
but leaves the header untouched. The more
secure Tunnel mode encrypts both the header
and the payload. On the receiving side, an
IPSec-compliant device decrypts each packet.

RAS Supported Bandwidth

Allocation Protocols:
1. Bandwidth Allocation Control
Protocol (BACP)
2. Bandwidth Allocation Protocol
(BAP)

Bandwidth Allocation Control

Protocol (BACP):
BACP is an Internet protocol that helps users
manage a combination of dial-up links, usually over
ISDN connections.
BACP provides what is called dial on demand (or
bandwidth on demand), a technique for providing
additional bandwidth as needed by combining two
or more circuits into a single circuit with a higher
data throughput rate. The technique is useful for
accommodating bursts in traffic, videoconferencing,
backup sessions, and other requirements.
You use dial on demand to automatically combine
channels when data traffic increases beyond the

Bandwidth Allocation Protocol (BAP):

The Bandwidth Allocation Protocol (BAP)
manages the number of links in a multilink
bundle. BAP defines datagram's to coordinate
adding and removing individual links in a
multilink bundle, as well as specifying which
peer is responsible for decisions regarding
managing bandwidth during a multilink
connection.

RemoteAccessforaClient:

Login Window for RAS

Thank
You
By- Apoorw
apoorw.hcle@gmail.com
Pandey