With the rapid development of the Internet and the increase in mobile office needs, more and more people hope to access the local area network located within the company, and remote access technologies come. Let's discuss how to implement remote access services (Remote Access Service-Ras) in the network of Windows 2000.
Remote Access Service is a standard C / S mode (client / server) service, divided into remote access servers and remote access clients. First, find a computer in the intranet as a remote access server, and only Windows 2000 Server is available as a remote access server in the Family products of Windows 2000. Open the routing and remote access console on a computer to be used as a remote access server, start the routing and remote access service, select Remote Access Server in the Server class type, follow the wizard prompts to configure the computer to remote access server As shown in Figure 1-1.
Figure 1-1 Select Creating Remote Access Server
Next, set the dial-in attribute of the user account on the remote access server to allow these users to access the remote access server. Open the User Properties dialog on the remote access server and set remote access to the user's dial-in property to "Allow Access". As shown in Figure 1-2.
Figure 1-2 Setting User Remote Access Permissions
Next, set the remote access client to connect the remote access server. Add a new connection on the remote access client, select Dial-to-Speed Network in the Network Connection Type, as shown in Figure 1-3.
Figure 1-3 Dial-Download to a private network
Click the "Next" button to select the device used when dialing, then the dialog box as shown in Figure 1-4 will appear, enter the phone number of the remote access server, follow the wizard prompt, can establish and remote access server connection.
Figure 1-4 Enter the phone number of the remote access server
It is convenient to make remote access to users using RAS, but this way is also a shortcoming:
First, since the RAS server is to provide a service using the phone number (the telephone line is plugged into the MODEM), only one user connection is allowed at the same time. If you want to meet a request for multiple users at the same time, the RAS server must have multiple modems, which increases hardware overhead;
Second, since the client computer must dial the phone number of the RAS server, if the client is located in different cities in different cities, then the overhead of the charges brought is large.
In view of the above shortcomings in the RAS mode, another remote access method-VPN (Visual Private Network) virtual private network is generally employed in practical applications.
Compared with RAS, VPN has the following advantages: Providing a VPN server for remote access services is not using a phone number, but uses an IP address to identify yourself, so you will have a public IP address that you must have a public IP address. Since the IP address is logical, you can accept access requests for multiple users at the same time, while the VPN server can provide a connection to the Internet, thereby reducing the overhead of the hardware. For client computers, if you want to access the VPN server, just connect to the only public IP address on the Internet first, then you can establish a connection with the VPN server. The cost of this connection is just the telephone bills required by both parties to local ISPs, avoiding the expensive long-distance telephone bills brought by the RAS mode. Since both parties use public IP addresses to identify themselves, the public IP is unique on the Internet, so it seems like it is the same as a channel for these two computers, so it is called it. "Virtual Private Network".
The settings of the VPN server are similar to the RAS server. Open the routing and remote access console on a computer to be used as a VPN server, start the route and remote access service, select "Virtual Private Network (VPN) Server" in the server class type, next Follow the wizard prompts to configure the computer as a VPN server, as shown in Figure 1-5. Figure 1-5 Select Creating a Virtual Special Network (VPN) server
Add a new connection on the VPN client, select "Connect to the private network through the Internet" in the network connection type, as shown in Figure 1-6.
Figure 1-6 Connect to a private network via the Internet
Click the Next button to appear shown in Figure 1-7, where you should enter the host name or IP address of the VPN server you want to connect. Next, according to the wizard prompt, you can establish a connection to the VPN server.
Figure 1-7 Enter the IP address of the VPN server
In summary, the remote access service has two ways: RAS and VPN, the RAS mode requires the server side to provide a reliable physical connection for each user, and the cost is relatively high; and the VPN mode can allow multiple users to connect at the same time. And the cost is relatively low. In addition, the two remote access methods can also be used by setting the "callback" option for the user, or set the remote access policy to further control the user's use, we will introduce later.
