Chapter 18

Managing Remote Access Service

This chapter covers the following topics:

• Remote access architectures
• 32-bit TAPI in Windows NT 4.0
• Installing RAS Dial-Up Networking
• Installing and testing RAS clients
• Monitoring RAS connections
• Using PPTP to create virtual private networks

Rising sales of laptop and notebook computers for mobile computing, combined with continuing growth in the number of telecommuting workers, makes remote access to computer networks a necessity. Most of today's mobile PC users are limited to dial-up networking over a 28.8kbps modem connection, which can be agonizingly slow. Future implementation of wireless Personal Communication Services (PCS) promises to deliver increased bandwidth without the need for a wired POTS (plain old telephone service) connection. Telecommuters now can take advantage of the increased bandwidth of relatively low-cost ISDN connections. Those lucky enough to participate in trials of cablemodems and xDSL (various high-speed digital subscriber line systems) implementations get dial-up networking at T-1's 1.44mbps or better, at least in the downstream (receiving) direction.

Windows NT Server 4.0's Remote Access Service (RAS) and dial-up networking (DUN) represents a substantial improvement over the Windows NT 3.51 implementation. Windows NT 4.0 finally supports 32-bit TAPI (Telephony API) 2.0 and the Unimodem driver, both of which originated in Windows 95. TAPI 2.0 brings a client/server architecture to Windows telephony, which makes setting up and administering RAS and DUN a relatively easy task. Even in otherwise NetWare-only environments, Windows NT Server 4.0 is likely to carve a niche as a dedicated RAS server as a result of its relatively low cost and capability to support up to 255 simultaneous RAS connections.

Windows 95 is likely to remain the client operating system of choice for most mobile PC users because of Windows 95's better support for PC Cards and its battery-saving power management features. Most telecommuters will continue to use Windows 95 at home because of Plug-and-Play modem installation, legacy hardware support, and lesser resource requirements than Windows NT Workstation 4.0. The emphasis of this chapter is on conventional analog modem and ISDN connections for RAS; a brief description of new digital technologies for telecommuters appears near the end of this chapter.

Touring the New Communications Features of Windows NT Server 4.0

Windows NT Server 4.0 provides the following new telecommunications features, most of which are derived from earlier Windows 95 implementations:

• TAPI is one of Microsoft's recent additions to WOSA, the Windows Open Services Architecture. TAPI 2.0's architecture is based on 32-bit telephony service providers, such as Unimodem, that plug into the TAPI framework. (Windows NT 4.0 now doesn't support the voice features of Windows 95's Unimodem/V upgrade.) Later, the "Understanding TAPI 2.0" section describes the structure and technical features of TAPI 2.0.
• Autodial and Log-on Dial are client features that let you map an association between a DUN entry and a network address for access to files. As in Windows 95, when you double-click a file icon in Explorer and the file isn't accessible on the network, a popup window asks whether you want to connect via DUN.
• Restartable file copy eliminates the frustration of having to start file downloads from scratch after interruption of a RAS connection. Restartable file copy remembers the status of an interrupted file transmission; when you reconnect, RAS sends only the missing part of the file.
• Idle disconnect automatically terminates a RAS connection after a specified period of time of no communication activity.
• PPP Multilink, combined with RAS Multilink, lets you combine (bond) two or more physical communications links to increase RAS throughput when using TCP/IP to connect to the Internet or a private intranet. This feature primarily is useful for supporting multiple simultaneous ISDN connections. If you have a limited number of inbound ISDN lines, remote users can combine two B (bearer) channels for a 112kbps connection when traffic is light and drop back to a single B channel as more remote users connect.
• Point-to-Point Tunneling Protocol (PPTP) lets you connect to your network via the Internet to save long-distance telephone charges. PPTP running on Windows NT Server 4.0 adds virtual private networking (VPN) support for Windows NT Workstation 4.0 clients. PPTP provides a secure connection through encryption of TCP/IP, IPX, and NetBEUI protocols. To take advantage of PPTP, your Internet service provider (ISP) must support PPTP.

With the exception of TAPI 2.0, which benefits Server and Workstation RAS implementations, the new communication features of Windows NT 4.0 primarily are directed to client-side communication. Microsoft's objective is to bring Windows NT 4.0's communication features up to the ease-of-use level of Windows 95. PPP Multilink and PPTP are Internet-specific technologies that are expected to play a more important role as the use of ISDN increases and more ISPs support PPTP.

Deciding on a Dial-Up Networking Architecture

Before you implement DUN via Windows NT RAS on a production basis, you must decide on the system architecture. Hardware and software requirements depend on the number of inbound lines you intend to support, as well as the method of connection of the hardware to your network. Following are the most common types of RAS architecture:

• Single or multiple internal modems. If you have enough ISA slots available on your RAS server and have a built-in PS/2 mouse port, you can install up to a total of four internal modems on COM1, COM2, COM3, and COM4, sharing interrupts IRQ4 (COM1 and COM3) and IRQ3 (COM2 and COM3). Users also can connect to individual modem-equipped client PCs on the network; the Windows 95 Plus! pack adds RAS server capabilities to clients. Figure 18.1 illustrates a Windows NT RAS server with two external modems and a Windows 95 client providing DUN services.

18.1

A small dial-up networking installation with Windows NT and Windows 95 RAS servers communicating with analog modems.

Reliable interrupt sharing by modems depends on the make and model of the modems you install, plus the server's system BIOS and motherboard. (It's seldom practical to install more than two internal modems in a server.) Some Plug-and-Play modems are difficult to install under Windows NT. Before you buy three or four modems, test two modems sharing IRQ3 or IRQ4 with simultaneous inbound connections.

• Multiple external modems with multiport serial cards. Multiport serial cards are the safest choice for providing more than two inbound connections. Relatively low-cost serial cards are available in four-port and eight-port versions. The modem configuration is the same as that shown in figure 18.1. Some multiport serial cards have built-in microprocessors to minimize server CPU resources devoted to handling multiple connections.
• You can use some multiport serial cards to connect to a combination of analog modems and external ISDN devices. Make sure that the supplier includes software that supports Windows NT 4.0 RAS.

Make sure that the modems you buy support the new V.34 standard, which provides 33.6kbps bandwidth. To take advantage of V.42-bis MNP 5 hardware data compression offered by most V.34 modems, be sure to buy modems for both ends of the connection from the same supplier. Hardware compression, which can increase data transmission rates by a factor of two or more, seldom works properly between modems from different vendors. U.S. Robotics Sportster V.34+ 28.8kbps modems are used for the examples in this chapter. These modems usually (but not always) provide a 57.6kbps connection, equivalent to a 1-B ISDN connection with an external ISDN adapter.

• Internal or external ISDN adapters. External ISDN adapters emulate analog modems, so you simply connect one or two external ISDN adapters to the server's serial port(s). External ISDN adapters provide slower connections because the serial protocol includes stop and start bits, which consume 20 percent of the available bandwidth. Internal ISDN adapters, which don't require stop and start bits, provide connections at the maximum ISDN data rate. Internal ISDN adapters installed in Intel-based servers can use the ISDN miniport driver that originated in Windows NT 3.5. Regardless of the type of ISDN adapter you select, verify that the device supports Windows NT 4.0 RAS before purchasing.
• ISDN Ethernet adapters. Simple ISDN Ethernet adapters have an NT-2 ISDN and a 10BaseT Ethernet connector. You assign a NetBIOS name to the adapter, which emulates a server. Multiple users can share a single ISDN Ethernet adapter (with bridging) for outbound connections to an ISP offering ISDN service. As an example, the Ascend Pipeline-25Fx supports up to four users and has analog connections for a telephone and fax machine. One Ethernet adapter can support two 1-B inbound connections to a single telephone line provisioned as a hunt group.
• ISDN Routers. ISDN routers provide IP and IPX routing in addition to bridging. Some ISDN Ethernet adapters offer IP and/or IPX routing as an option. The Ascend Pipeline-50, for instance, provides bridging for an unlimited number of users and supports IP and IPX routing, including PPP Multilink. ISDN routers are the best choice for handling high volumes of inbound ISDN traffic. High-end ISDN routers handle multiple BRI lines or a single PRI line, which provides 23 B channels and one D channel. U.S. Robotics' Total Control Enterprise Network Hub supports a combination of analog modems (in groups of four), ISDN adapters, switched-56 lines, and T-1 connections for up to a total of 64 simultaneous connections. Figure 18.2 illustrates an Ethernet router that accommodates both ISDN adapters and analog modems.

18.2

A combination ISDN and analog Ethernet router for dial-up networking for telecommuters and mobile PC users.

See "Selecting an ISDN Connection," (Ch 19)

Ascend Communications, Inc., which claims to have more than 40 percent of the market for ISDN networking bridges and routers, offers an extensive glossary of ISDN terminology at http://www.ascend.com/techdocs/glossary.html. A U.S. Robotics' white paper, "The Shape of the ISDN Market: 1996 and Beyond," at http://www.usr.com/business/3022.html offers an overview of ISDN technology for Internet and telecommuting applications.

Unless you need to support only a few mobile users or telecommuters, choose a multiple-port serial card and external modems for analog connections. You can add external 28.8kbps modems and phone lines as traffic warrants. For ISDN connections, the trend is to ISDN routers because of their rapidly decreasing cost. If you plan to provide users with outbound ISDN connections to your ISP, be sure to install another line to support your telecommuters' inbound calls.

Microsoft's Get ISDN program for Windows 95 provides a simplified ordering system for installation of ISDN lines in North America. The details of the program are available at http://www.microsoft.com/windows/getisdn/. Windows 95 clients using internal ISDN modems require the ISDN Accelerator Pack, which you can download from http://www.microsoft.com/windows/getisdn/dload.htm, and compatible drivers for your adapter. The ISDN Accelerator Pack isn't required for external ISDN adapters.

Understanding TAPI 2.0

TAPI 2.0 is a 32-bit Windows NT service derived from TAPI version 1.4 introduced by Windows 95. TAPI 2.0 supports Intel and RISC symmetrical multiprocessing with multithreaded operation and preemptive multitasking. TAPI 2.0 supports Windows 95 32-bit TAPI 1.4 and Windows 3.1+ 16-bit TAPI 1.3 applications. TAPI 2.0 includes additional features for managing communications applications that run in the background. TAPI 2.0 is designed to support various telephony services, including call-center management and quality of service (QOS) negotiation. The discussion in this chapter is limited to TAPI 2.0's RAS features.

Figure 18.3 illustrates the basic architecture of TAPI 2.0. TAPI.DLL provides core 16-bit telephony services for Windows 95 and Windows 3.1+. In Windows NT 4.0, TAPI.DLL is only a 16-bit thunking layer that converts 16-bit to the 32-bit addresses required by Windows NT 4.0's Tapi32.dll. Tapi32.dll uses LRPCs (lightweight remote procedure calls) to pass function requests to Tapisrv.exe. Tapisrv.exe runs as a service process; all telephony service providers (TSPs) run in Tapisrv.exe's context, improving performance by eliminating context switching. Figure 18.3 shows the Unimodem TSP (Unimodem.tsp, a DLL) connected to Unimodem.sys, a kernel mode component that provides access to serial ports and internal modems. The Unimodem.tsp and Unimodem.sys components support analog modems and external ISDN adapters that emulate modems. Support for internal ISDN adapters is provided by the ISDN miniport driver that originated in Windows NT 3.5.

18.3

The basic components of TAPI 2.0 that support 16-bit and 32-bit telephony services.

Tapi32.dll also supports user interface elements, such as talk/hangup dialogs, designed by third-party TSP suppliers. Many independent software vendors (ISVs) provide fax, call center, and other TAPI services. A brief technical paper, "Windows Telephony (TAPI) Support in Windows NT 4.0," available at http://www.microsoft.com/win32dev/netwrk/tapiwp.htm, provides additional technical details on TAPI 2.0.

If you update Windows NT Server 3.5x to Windows NT Server 4.0, installed internal or external modem(s) use the existing Modem.inf file and don't use TAPI 2.0's Unimodem driver. You must remove and reinstall the modem(s) to gain TAPI 2.0 and Unimodem support.

Setting Up Windows NT Server 4.0 Remote Access Service

Setting up Windows NT Server 4.0 RAS involves the following overall steps:

• Install the modem(s)
• Configure RAS for dial-up networking
• Enable dial-in connections for users with the Remote Access Admin application

The following sections describe the RAS setup process for a single analog modem shared by multiple DUN users. Changes to the setup process for multiple modems and ISDN adapters are noted where applicable.

Installing Internal or External Modems

Windows NT Server 4.0 includes a modem setup process similar to that of Windows 95. After physically installing one or more modems, follow these steps to set up the modem for use with RAS:

1. In Control Panel, double-click the Modem tool. If this is the first modem installed on the server, the first Install New Modem dialog automatically appears (see fig. 18.4). If you're installing an additional modem, the Modems Properties sheet appears; click the Add button to display the Install New Modem dialog.

   
   18.4

   The first Install New Modem dialog.

2. Click Next with the Don't Detect my Modem check box cleared to see whether Windows NT can detect your modem. The detection process may fail, even for modems with drivers included on the Windows NT Server 4.0 distribution CD-ROM, resulting in the dialog shown in figure 18.5. (Failure to detect supported modems might be the reason that Microsoft doesn't append "Wizard" to the Install New Modem dialog's caption.)

   
   18.5

   A common response to Windows NT 4.0's attempt to detect a modem.

3. Click Next to display the dialog for selecting a modem manually. First, select the vendor in the Manufacturers list, and then locate the product in the Models list (see fig. 18.6). If you can't find the model, click Have Disk to use the vendor's driver disk if it includes Windows NT 4.0 drivers. Otherwise, select (Standard Modem Types) in the Manufacturers list and your modem's speed in the Models list. In most cases, the Standard Modem driver works, but it may not implement special features of your modem, such as hardware data compression.

   
   18.6

   Selecting a modem vendor and product from Windows NT 4.0's list of supported modems.

   

   Some external ISDN adapters, such as the Motorola BitSURFR, are supported with drivers included on the Windows NT Server 4.0 distribution CD-ROM. Vendors frequently update drivers for internal and external ISDN adapters, so the versions supplied with Windows NT Server 4.0 may not be the latest. Always check the vendor's Web site for recently updated drivers before installing an ISDN adapter.

   

4. Click Next to specify the COM port on which to install the modem. Most modems are factory-configured for installation on COM2, so select the default COM2 entry in the list (see fig. 18.7). If you've specified a different COM port when configuring the modem, click the All Ports button to make a selection.

   
   18.7

   Specifying the COM port on which to install the modem.

   

   You add more COM ports and specify IRQ and base address settings with Control Panel's Port tool.

   

5. Click Next to continue. The Modem Setup message box advises that you must restart the system for the modem to become operational. Click OK, but ignore the message; Windows NT automatically restarts during the RAS configuration process.
6. The final Install New Modem dialog indicates that modem installation is complete. Click Finish to display the Modems Properties sheet (see fig. 18.8), which supports entries for as many modems as you can install in the PC or connect to a multiport serial card.

   
   18.8

   The Modems Properties sheet, with an entry for a single modem.

7. Click Properties to display the Modem_Name Properties sheet. The General page lets you determine the speaker volume (usually off for RAS use) and the Maximum Speed in bps (see fig. 18.9). Accept the default value for the modem (usually 57,600bps) unless instructed otherwise.

   
   18.9

   The General Page of the property sheet for the selected modem.

8. Click the Connection tab to display the Connection property page. The standard serial protocol for RAS is 8N1-8 data bits, no parity, and 1 stop bit (see fig. 18.10). Call preferences relate only to dial-out operations. RAS settings override the Disconnect a Call if Idle for More Than... setting specified in this dialog.

   
   18.10

   The Connection page of the property sheet for the selected modem.

9. Click the Advanced button of the Connection page to display the Advanced Connection Settings dialog. If the modem supports V.42 MNP 2 through MNP 4 error control, the Use Error Control check box is enabled and marked by default. The Compress Data check box also is enabled and checked for modems that support V.42-bis MNP 5 data compression (see fig. 18.11). The default Use Flow Control setting and Hardware (RTS/CTS) option are satisfactory for all RAS connections to clients with modems manufactured during the last five years or so. To create a modem log file for troubleshooting purposes, mark the Record a Log File check box. Click OK to close the dialog, and then click OK to close the specified modem's property sheet and return to the Modems Properties sheet.

   
   18.11

   The Advanced Connection Settings dialog for a V.34 modem supporting hardware error correction and data compression.

10. Click Dialing Properties to display the Dialing Properties sheet (see fig. 18.12). You need to set up these properties only if you plan to use the server to dial out. (Dialing out to an ISP or other remote server sometimes is useful for troubleshooting modem problems.) Click OK to close the property sheet.

    
    18.12

    Supplying dial-out information in the Dialing Properties sheet.

11. Click Close to close the Modems Properties sheet. A Modem Setup message box asks whether you want to configure Dial-up Networking, the subject of the next section (see fig. 18.13). Click Yes.

    
    18.13

    The message box leading to the configuration process for Dial-up Networking.

Configuring Dial-Up Networking

Before you can use the first or additional modems, you must configure DUN parameters. Any major changes to a modem's configuration require that you repeat the setup process. To set DUN parameters for a modem or ISDN adapter, follow these steps:

1. In the Remote Access Setup dialog, which lists all modems installed on the server (see fig. 18.14), select the modem to configure and click Configure to open the Configure Port Usage dialog.

   
   18.14

   The Remote Access Setup dialog with a single modem installed.

2. In most cases, the default Port Usage option, Receive Calls Only, is satisfactory for a RAS server (see fig. 18.15). If you want to test your modem by dialing out, select the Dial Out and Receive Calls option. Click OK to close the dialog.

   
   18.15

   Configuring the usage of the COM port on which the selected modem is installed.

3. Click Network in the Remote Access Setup dialog to open the Network Configuration dialog for the selected modem. By default, RAS supports each of the basic networking protocols (NetBEUI, TCP/IP, and IPX) installed on your server. If you don't use the modem for dial-out, the Dial Out Protocols check boxes are disabled (see fig. 18.16). To provide secure transmission of passwords, accept the default Require Microsoft Encrypted Authentication option if all your clients run Windows and support MS-CHAP (Microsoft Challenge Handshake Authentication Protocol) authentication; otherwise, select Require Encrypted Authentication. You also can specify that data be secured with the RSA Data Security RC4 encryption algorithm by marking the Require Data Encryption check box. If you're installing an ISDN adapter that supports bonding of ISDN B-channels, mark the Enable Multilink check box.

   
   18.16

   Setting allowable network protocols, encryption, and multilink options in the Network Configuration dialog.

4. To configure NetBEUI services, click the Configure button next to the NetBEUI check box to open the RAS Server NetBEUI Configuration dialog. The default option is to allow dial-in clients to connect to the Entire Network (see fig. 18.17). Click OK to close the dialog.

   
   18.17

   Setting the extent of network access for the NetBEUI protocol.

5. To configure TCP/IP services, click the adjacent Configure button to open the RAS Server TCP/IP Configuration dialog. Most RAS clients are configured to obtain a temporary TCP/IP address from the server. If you have DHCP (Dynamic Host Configuration Protocol) installed, select the Use DHCP to Assign Remote TCP/IP Client Addresses option. If you haven't installed DHCP, select the Use Static Address Pool option and specify beginning and ending addresses that provide a sufficient number of addresses to support the maximum number of inbound connections to the server plus a connection for the server itself (see fig. 18.18). The server occupies the first address-131.254.7.10 in figure 18.18. The rest of the address range, 13.254.7.11 through 131.254.7.20, provides for a maximum of 10 simultaneously connected RAS/DUN clients.

   
   18.18

   Setting options for the TCP/IP protocol and assigning a static pool of TCP/IP addresses for RAS clients.

   

   See "Dynamic Host Configuration Protocol (DHCP)," (Ch 17)

   

   

   Marking the Allow Remote Clients to Request a Predetermined IP Address check box requires that you specify a fixed TCP/IP address for clients' dial-up adapters. Doing so prevents the client from connecting to ISPs, such as The Microsoft Network, that assign temporary TCP/IP addresses to connected users.

   

6. Click OK to close the RAS Server TCP/IP Configuration dialog, click OK to close the Network Configuration dialog, and then click Continue in the Remote Access Setup dialog to install bindings for RAS services (see fig. 18.19, top). If you don't have DHCP installed, you receive the Error - Unattended Setup message box shown in figure 18.19 (middle); click No to continue. When the binding process is complete, the Network Settings Change message box appears (see fig. 18.19, bottom). Click Yes to restart Windows NT Server with RAS operational.

   
   18.19

   RAS binding progress (top), a message received if DHCP isn't running (middle), and the message indicating the binding process is complete (bottom).

If you're installing multiple modems, you can avoid multiple server restarts by setting up all the modems, and then shutting down and restarting Windows NT Server.

Granting Client Access with the Remote Access Admin Application

After you set up RAS for DUN, you use the Remote Access Admin application to specify the users who can connect via RAS and control RAS operation. Follow these steps to enable clients to connect to your RAS server:

1. From the Start menu choose Programs, Administrative Tools, and Remote Access Admin to open the Remote Access Admin application, which connects to all RAS servers in your domain. Figure 18.20 shows the OAKLEAF domain with the OAKLEAF0 RAS server set up in the preceding section.

   
   18.20

   The Remote Access Admin application's window, with a single RAS server in the default domain.

   

   If you have a large number of services, such as the entire BackOffice suite, running on your RAS server, it might take up to a few minutes after rebooting for RAS to start.

   

2. From the Users menu choose Permissions to open the Remote Access Permissions dialog. Select a user in the Users list, which includes all domain and local users, and mark the check box to grant the user dial-in permission (see fig. 18.21). Alternatively, you can click the Grant All button to grant permission to all users, and then remove the permission from specific users, such as Guest. If you want to enable call-back for security or telco billing purposes, select the Set By Caller or Preset To option. If you select Set By Caller, a dialog appears when the client logs on, requesting a call-back number. If you select Preset To, type the client's telephone number (with area code) in the text box. You can add parentheses, hyphens, and spaces to make the entry more legible; the dialer ignores punctuation and white space.

   
   18.21

   Granting dial-in permission to individual Windows NT Server users.

3. Click OK to close the dialog. Before you can test the RAS server, you must set up one or more DUN clients. Setting up Windows 95 and Windows NT clients for DUN is the subject of the following sections.

Installing and Testing Dial-Up Networking on Clients

Setting up DUN for Windows 95 and Windows NT clients, with a few exceptions, is a relatively straightforward process. Windows 95 offers the advantage of supporting Plug and Play for simplified modem installation, plus hot-swapping of modems and other PC Cards for laptops. The following sections assume that the clients have a modem installed and operating, but no entries for dial-up networking.

You install modems in Windows NT Workstation 4.0 by using the same method as that described earlier for Windows NT Server 4.0 in the "Installing Internal or External Modems" section, except that you specify the Dial-Out Only option in the Configure Port Usage dialog.

Windows 95 Clients

Setting up and testing DUN on Windows 95 clients with a modem installed and tested involves the following steps:

1. From the Start menu choose Programs, Accessories, and Dial-Up Networking to open the Dial-Up Networking window (see fig. 18.22). Double-click the Make New Connection entry to open the first Make New Connection dialog.

   
   18.22

   Windows 95's Dial-Up Networking window with no DUN connections specified.

2. Type a name for the client connection in the text box and select the modem to use, if more than one modem is installed (see fig. 18.23).

   
   18.23

   Naming a connection and selecting a modem in the first Make New Connection dialog.

3. To gain a slight improvement in performance, click the Configure button to display the Modem_Name Properties sheet, and then display the Connection page (see fig. 18.24). Click Port Settings to open the Advanced Port Settings dialog, and set the Receive Buffer slider to High (see fig. 18.25). Click OK twice to close the dialog and the Modem_Name Properties sheet.

   
   18.24

   The property sheet for a specific modem.

   
   18.25

   Setting the Receive Buffer to maximum capacity to improve inbound data performance.

4. Click Next to display the second Make New Connection dialog. Type the area code and telephone number of the RAS server's modem, and select the country code, if necessary (see fig. 18.26). If the RAS server has multiple analog modems or ISDN adapters in a hunt group, use the first number of the hunt group.

   
   18.26

   Entering the dialing parameters.

5. Click Next to display the last Make New Connection dialog to confirm the connection name (see fig. 18.27). Click Finish to add the connection to the Dial-Up Networking list.

   
   18.27

   The last step in the Make New Connection sequence for Windows 95.

6. Right-click the new entry in the Dial-Up Networking list and choose Properties from the popup menu to display the ConnectionName Properties sheet. Click the Server Types button to display the Server Types dialog. Accept the default PPP: Windows 95, Windows NT 3.5, Internet entry in the Type of Dial-Up Server drop-down list. Mark all Advanced Options check boxes, and clear the Allowed Network Protocols check box for any protocol not supported by the server (see fig. 18.28).

   
   18.28

   Setting additional connection properties in the Server Types dialog.

7. Click the TCP/IP Settings button to display the TCP/IP Settings dialog. Make sure that the Server Assigned IP Address and Server Assigned Name Server Address options are selected. (Specifying a TCP/IP address or a name server prevents connection, unless the RAS server is specifically set up to accommodate these client settings.) The Use IP Header Compression and Use Default Gateway on Remote Computer check boxes are marked by default (see fig. 18.29).

   
   18.29

   Specifying conventional TCP/IP settings for DUN.

8. Click OK to close the TCP/IP Settings dialog, click OK to close the Server Types dialog, and then click OK again to close the ConnectionName Properties sheet.
9. If you must specify special dialing parameters, such as dialing 9 for an outside line, double-click the connection entry in the Dial-Up Networking window to display the Connect To dialog (see fig. 18.30). Click the Dial Properties button to open the Dialing Properties sheet (see fig. 18.31). Make any necessary changes and click OK to return to the Connect To dialog.

   
   18.30

   The Connect To dialog with the setting specified in the Make New Connection sequence.

   
   18.31

   Setting special dialing parameters for the RAS connection.

   

   If you're setting up a client that's connected to the network, it's a good idea to log off the network at this point. Although you can maintain a simultaneous network and RAS connection using the same account, testing RAS with only a dial-up connection is a more foolproof process.

   

10. Type your user name, if necessary, and password in the Connect To dialog. The Save Password check box is disabled when the client isn't logged on to the network. Click Connect to start the DUN process. A series of windows displays the connection progress (see fig. 18.32). The first time you make a connection, the standard Windows 95 network logon dialog appears, and you must enter your password for verification.

    
    18.32

    The sequence of dialogs during the RAS logon process.

11. Click the Details button of the Connected to ConnectionName window to show the protocol(s) in use (see fig. 18.33).

    
    18.33

    Displaying network protocol(s) in use in the detailed version of the Connect To window.

12. Launch Network Neighborhood, and then expand the display of shares for the server to which you're connected (see fig. 18.34).

    
    18.34

    Using Network Neighborhood to display DUN shares on the OAKLEAF0 server.

13. To terminate the connection, click the Disconnect button in the Connected to ConnectionName window.

    

    The notorious "could not negotiate a compatible set of protocols" Dial-Up Networking message (see fig. 18.35) indicates a problem with your Windows 95 networking protocol(s). If you've selected only NetBEUI as your protocol and the client is connected to the server on the network, two attempts to register the same NetBEUI computer name creates the problem. This message also appears on a relatively small percentage of Windows 95 clients that attempt to connect with TCP/IP. Although a client with this problem can't connect to a Windows NT 4.0 RAS server, it likely can connect via TCP/IP to a Window NT 3.5+ RAS server. The only currently known solution to this problem is to remove all the network protocols on the client, reboot the client, and then reinstall the protocols from scratch with the Windows 95 distribution CD-ROM.

    

    
    18.35

    The message that indicates a problem with Windows 95's currently installed networking protocols.

Windows NT Clients

Installation and operation of Dial-Up Networking on a Windows NT 4.0 client varies significantly from Windows 95's approach. The following steps describe how to install the RAS software from the Windows NT 4.0 distribution CD-ROM, and then set up and test Windows NT 4.0 DUN:

1. From the Start menu choose Programs, Accessories, and Dial-Up Networking. The Dial-Up Networking dialog indicates that DUN isn't installed (see fig. 18.36). Click the Install button.

   
   18.36

   The dialog indicating that Windows NT 4.0 Dial-Up Networking hasn't been installed.

2. The Files Needed dialog vaguely indicates that Some files on (Unknown) are needed (see fig. 18.37) if you didn't specify RAS when you installed Windows NT 4.0. If you previously installed the files, skip to step 4.

   
   18.37

   The dialog that indicates you need to install RAS files from the distribution CD-ROM or a network installation share.

3. Click Browse and specify the \I386 (or other processor) folder of the distribution CD-ROM. The file needed is Rascfg.dl_ (see fig. 18.38). Click Open to return to the Files Needed dialog (see fig. 18.39). Click OK to install the RAS files.

   
   18.38

   Specifying the \I386 folder of the distribution CD-ROM for RAS installation.

   
   18.39

   The Files Needed dialog with the path to the files on the CD-ROM.

4. The Add RAS Device dialog has a list of RAS Capable Devices (see fig. 18.40). If you have only one modem installed, accept the default; otherwise, choose the modem to use with RAS/DUN. Click OK to continue.

   
   18.40

   Selecting a RAS-capable modem.

5. In the Configure Port Usage dialog, select the Dial Out Only option unless you want to configure the client as a RAS server (see fig. 18.41). Windows NT Workstation 4.0 supports a single RAS/DUN connection, similar to the RAS server feature installed by the Windows 95 Plus! pack. Click OK to continue.

   
   18.41

   Selecting the RAS operating mode(s) in the Configure Port Usage dialog.

6. The Dial-Up Networking message box indicates that The phonebook is empty (see fig. 18.42). Windows NT 4.0 uses a phonebook metaphor, rather than Windows 95's Dial-Up Connection, for selecting a RAS/DUN connection. Click OK to launch the New Phonebook Entry Wizard.

   
   18.42

   The message that appears when you haven't added an entry to the DUN phonebook.

7. Type the name of the RAS connection in the Name the New Phonebook Entry text box (see fig. 18.43). Click Next to continue.

   
   18.43

   Naming a new RAS connection in the first New Phonebook Entry Wizard dialog.

8. The Server dialog offers connection options for the Internet, plain (clear) text passwords, and non-Windows NT RAS servers (see fig. 18.44). None of these options apply when using Windows NT Server 4.0 DUN, so click Next to open the Phone Number dialog.

   
   18.44

   Choosing options for connecting to the Internet, with unencrypted passwords, and to RAS servers other than Windows NT.

9. You can type the phone number directly in the text box (see fig. 18.45), or mark the Use Telephony Dialing Properties check box to make the extended dialing parameters appear. Select the Country Code and Area Code, and type the Phone Number for the connection (see fig. 18.46).

   
   18.45

   The default version of the Phone Number dialog.

   
   18.46

   The TAPI version of the Phone Number dialog.

10. If you want to add alternate numbers to dial, in case the main number is busy, click Alternates to display the Phone Numbers dialog (see fig. 18.47). To add another number, type it in the New Phone Number text box and click the Add button. Click OK to close the dialog.

    
    18.47

    Displaying current RAS server phone numbers.

11. In the final New Phonebook Entry Wizard dialog, click Finish to add the entry to the phonebook and open the Dial-Up Networking dialog with the first phonebook entry selected (see fig. 18.48).

    
    18.48

    The DUN phonebook entry for dialing a Windows NT 4.0 RAS server.

12. Click Dial to start the RAS connection. A series of dialogs monitors the connection progress (see fig. 18.49).

    
    18.49

    Dialogs that monitor the progress of your DUN connection.

13. If the client you're testing is directly connected to the network and you use NetBEUI as one of your network and RAS protocols, you receive the error message shown in figure 18.50. Click Accept to accept a connection via TCP/IP.

    
    18.50

    The error message that occurs if you're logged on to the network and attempt a RAS connection with NetBEUI protocol.

14. When the connection succeeds, the Connection Complete dialog appears (see fig. 18.51). After making the first connection, mark the Do Not Display This Message Again check box, and then click OK.

    
    18.51

    The final step in completing the first DUN connection.

15. You can monitor the status of the connection by right-clicking the DUN icon at the right of the taskbar and choosing Dial-Up Monitor to open the Dial-Up Networking Monitor property sheet (see fig. 18.52). Two of the more interesting statistics of the Status page are the Compression In and Compression Out percentages, which indicate the efficiency of hardware compression.

    
    18.52

    Using the Dial-Up Networking Monitor tool to check the performance of the DUN connection.

16. To terminate the connection, right-click the DUN icon of the task bar and choose Hang Up, and then click Yes when requested to confirm the disconnect.

    You also can start DUN by double-clicking the Dial-Up Networking icon in My Computer (see fig. 18.53).

    
    18.53

    Starting Dial-Up Networking from My Computer.

Monitoring Connections with Remote Access Admin

In addition to enabling RAS for users, described earlier in the section "Granting Client Access with the Remote Access Admin Application," Remote Access Admin also lets you supervise RAS connections to the server. To use Remote Access Admin to monitor RAS connections, follow these steps:

1. Launch Remote Access Admin, if necessary. Remote Access Admin's window displays all the servers in the domain set up as remote access servers, and the number of active connections of each (see fig. 18.54).

   
   18.54

   Remote Access Admin displaying a single RAS server with one connected user.

2. Double-click an active server entry in the list to display the Communication Ports dialog. An entry for each COM port of the server set up for RAS appears in the list, along with the user name and the time the connection started (see fig. 18.55). You can disconnect the user or, if messaging service is enabled on both ends of the connection, send a popup message to the user.

   
   18.55

   Displaying the entry for the RAS server's COM port.

3. Click Port Status to display the Port Status dialog (see fig. 18.56). The Port Status dialog is similar to the Status page of the Dial-Up Networking Monitor property sheet for an outbound RAS connection (refer to fig. 18.52). If the server has more than one COM port assigned to RAS, you can select the port from the drop-down Port list.

   
   18.56

   The Port Status dialog for a TCP/IP RAS connection immediately after user logon.

If you haven't enabled dial-out RAS on the server, the Dial-Up Networking icon doesn't appear in the taskbar. In this case, you launch Dial-Up Networking Monitor from the Dial-Up Networking tool of Control Panel.

Using the Point-to-Point Tunneling Protocol

Microsoft's Point-to-Point Tunneling Protocol (PPTP) is an encryption system that provides secure communication between computers over the public Internet. Microsoft has submitted PPTP to the Internet Engineering Task Force (IETF) for incorporation into the IP-Sec (Secure IP) service standard. PPTP uses MS-CHAP for authentication and allows NetBEUI and IPX protocols to "piggyback" on TCP/IP packets.

When this book was written, PPTP's status was that of a proprietary Microsoft protocol available only in Windows NT Server and Workstation 4.0. Microsoft promised that PPTP would be available for Windows 95 and Windows 3.1+ by the end of 1996. Microsoft's brief white paper, "Virtual Private Networking Using the Point-to-Point Tunneling Protocol (PPTP)," is available at http://www.microsoft.com/ntserver/communications/pptp.htm, which provides links to PPTP FAQs (Frequently Asked Questions) and the Internet Draft Standard for PPTP.

Using the Internet to provide remote access services for mobile users and telecommuters minimizes time-based telecommunications costs by providing network access through a local call to an ISP. VPNs created with PPTP also can replace costly telco-leased lines. PPTP is especially cost-effective for international connections to remote sites and overseas workers.

Another advantage of PPTP is that it eliminates the banks of modems needed to service multiple simultaneous RAS connections. You create a multihomed server by adding another network card to the server, enabling PPTP on the added card, and connecting the card to a PPTP router. The PPTP router can share existing T-1 or ISDN line(s) to the ISP.

You enable PPTP on Windows NT 4.0 clients and servers by marking the Enable PPTP Filtering check box on the Advanced IP Addressing dialog (see fig. 18.57), which you access from the IP Address page of the TCP/IP Properties sheet. The initial incarnation of PPTP is based on server-to-server connections to create virtual WANs. Windows NT Server 4.0's built-in routing capabilities are useful for isolating PPTP traffic from conventional TCP/IP traffic on the LAN. You also can use PPTP for dial-up networking over POTS or ISDN lines. A POTS or ISDN line is generally regarded as a secure channel, but such lines aren't immune from physical wiretaps or interception of a wireless segment of the connection. Window NT Server 4.0's Network.wri file in your \Winnt folder provides additional guidelines for dial-up networking with PPTP in the "Dial-Up Networking Notes" section.

18.57

Enabling PPTP filtering for a specified network adapter.

To implement PPTP, all participants in the communication path must have routers equipped to handle PPTP. Networking hardware suppliers, including Ascend, U.S. Robotics, and 3Com, were beta-testing PPTP in the fall of 1996 and should have software upgrades available for their remote-access products by the end of 1996. The extent to which ISPs upgrade their gateways and routers for PPTP depends on the initial demand by Windows NT 4.0 users.

From Here...

This chapter described the architecture of various types of remote access systems, ranging from simple analog modems to high-end RAS routers that combine multiple analog modems and ISDN adapters. Setting up Windows NT Server 4.0 as a RAS server with an internal or external modem, and configuring Windows 95 and Windows NT 4.0 RAS clients also was covered. The chapter concluded with a brief description of PPTP and its use for creating virtual private networks using the Internet as a backbone.

The following chapters include information related to the topics covered in this chapter:

• Chapter 4, "Choosing Network Protocols," explains how to select one or more of the three principal networking protocols supported by Windows NT based on your network configuration.
• Chapter 17, "Integrating Windows NT with Heterogeneous Networks," describes how to set up DHCP services for assigning TCP/IP addresses to DUN clients.
• Chapter 19, "Setting Up the Internet Information Server," describes the basics of ISDN and includes other useful information relating to telco connections between LANs and ISPs.

DISCLAIMER

© 1996, QUE Corporation, an imprint of Macmillan Publishing USA, a Simon and Schuster Company.