Objectives

• Configure routing in Windows Server 2008

• Configure Network Address Translation

1

Configuring Routing in 2008• Routing and Remote Access Services (RRAS)

– A Server Role service used to configure and manage network routing

– Recommended for use in small networks that require simple routing directions

– Not recommended for large and complex environments (use Cisco)

2

Configuring RRAS as a Router• Routers

– Responsible for forwarding packets between subnets, or networks with differing IP addressing schemes

3

Configuring Routers (continued)

Working with Routing Tables

• Routing tables are composed of routes

• Routes – Direct data traffic to its destination

• Routing tables – A list of routes– Can be managed in the RRAS console or from the

command line using the route command

5

Configuring Routes

• Static Routing Limitations:– Requires manual creation and management– Require reconfiguration if the network changes– Used in small network with less than 10 subnet

• Dynamic protocols– Route traffic based on information they discover about

remote networks from other routers

• Routing Information Protocol version 2 (RIPv2)– Uses partner routers, or RIP neighbors, in determining

the dynamic routes it can use for forwarding packets of data

– Can force authentication6

Routing Protocol

RIP v2• Can force authentication between

routers when announcements are sent• Password for authentication is plain text• Can configure which incoming and

outgoing routes are accepted• Split-horizon processing stops

information from going back in the direction it was received from

• Poison-reverse processing marks a network as unreachable if it goes down

Filtering Router Traffic

• Can control packets allowed to pass between routed networks using packet filters

• Packet filters are directional

• Packet filters are used to filter network traffic based on criteria such as:– Protocol– Source address– Destination address– Port number

Filtering Router Traffic (continued)

Configuring Packet Filters

Configuring Packet Filters

Configuring Dial-on-Demand Routing

• Demand-dial routing– Allows a server to initiate a connection only when it

receives data traffic bound for a remote network– Can use dial-up networks instead of more expensive

leased lines

12

Demand-dial Connections• Used to establish a connection between two routers

only when there is data to send

• Can also be used to initiate VPN connections between Windows routers and phone Dial-in connection

• A user account with remote access permission is required to establish a demand-dial connection

• Avoid sending plain-text passwords

• At least one static route is required to trigger the demand-dial interface

• Demand dial filters to control which types of network traffic trigger a demand-dial connection

Configure Demand-dial Settings• You can configure security settings and idle timeout• You can configure a set of dial-out hours

Demand-dial Filter• You can configure security settings and idle timeout• You can configure a set of dial-out hours

Configuring a DHCP Relay Agent

• DHCP relay agent – Manages the communication between a network’s

DHCP server and clients on subnets without a DHCP server

• With RRAS– Network adapters are added and configured to listen

for DHCP broadcast messages

16

Network Address Translation

• Allows you to shield internal IP address ranges from public networks by allowing internal clients to access the Internet through a shared IP address

17

NAT Components• Translation

– IP router– Static and dynamic address mapping– Proper translation of header fields– NAT editors

• Addressing– Public: Static IP bought from ISP or InterNIC– Private:

Class A – 10.0.0.0 through 10.255.255.255 Class B – 172.16.0.0 through 172.31.255.255 Class C – 192.168.0.0 through 192.168.255.255

• Name resolution

Using NAT to Transparently Connect an Intranet to the Internet

NAT Components

NAT Processing of Outbound Internet Traffic

NAT Processing of Inbound Internet Traffic

Using IPSec

Troubleshooting Routing

• Most problems result from an incorrect configuration

• First place to check for problems is the routing table

• A remote router may prevent a packet from reaching its destination network

• Can use the tracert command to see the path a packet takes from one router to another

Troubleshooting Routing (continued)

Troubleshooting NAT

• Are all interfaces added to Connection Sharing (NAT) protocol?

• Is translation enabled on Internet interface?

• Is Connection Sharing enabled on private interface?

• Is TCP/UDP port translation enabled?

• Is your range of public addresses set correctly?

• Is the protocol being used by a program translatable?

• Is Connection Sharing addressing enabled on the home office network?