Migrating Routers from Windows NT 4.0 or Windows 2000
Article
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
If you have an existing site-to-site connection between remote offices using Windows NT 4.0–based or Windows 2000–based servers and plan to upgrade most of your network to Windows Server 2003, Windows Server 2003 can support your existing Routing and Remote Access or RRAS servers. Alternatively, you can take advantage of the new features in Windows Server 2003 by upgrading your demand-dial routers.
The following topics can help you decide whether to upgrade your demand-dial routers:
New features
Migrating router settings
New Features
In Windows NT Server 4.0, routing and remote access are separate services. In Windows 2000 Server and Windows Server 2003, these functions are combined in the single Routing and Remote Access service. Table 10.10 lists new features available in Windows Server 2003 and Windows Server 2000.
Table 10.10 New Features for Dial-up or VPN Site-to-Site Connections Since Windows NT Server 4.0 RRAS
Windows Release
New Features
Windows 2000 Server
L2TP/IPSec. An L2TP/IPSec VPN tunnel provides stronger security than a PPTP VPN tunnel.
Remote access policies. This feature gives administrators more flexibility in setting remote access permissions and connection restraints.
MS-CHAP v2. This type of password–based user authentication provides a stronger alternative to MS-CHAP. (MS-CHAP v2 is also available in Windows NT 4.0 SP4.)
EAP. Support for EAP lets you use installable authentication methods, such as EAP-TLS certificate-based user authentication, which is stronger than password-based user authentication.
Windows Server 2003
Improved wizards and snap-in. The Routing and Remote Access and Demand-Dial Interface wizards and the Routing and Remote Access snap-in are easier to use.
Intranet and Internet-connected interface improvements. By default, the Routing and Remote Access service now disables dynamic update on the intranet interface and disables dynamic update and NetBIOS over TCP/IP on the Internet-connected interface to ensure correct name resolution of the router and to ensure access to services running on the router.
Preshared keys. Support for configuring preshared keys using the Routing and Remote Access snap-in provides an alternative to computer certificates in L2TP/IPSec authentication.
NAT/Basic Firewall configuration. You can use Manage Your Server to configure the NAT/Basic Firewall component of Routing and Remote Access. NAT integration with static and dynamic packet filtering lets you configure NAT interfaces to work with Basic Firewall or with incoming or outgoing static packet filters.
NAT-T. IPSec NAT traversal (NAT-T) lets you create L2TP/IPSec connections from a calling or answering router that is located behind one or more NATs.
PPPoE. Support for PPPoE lets a small business use NAT/Basic Firewall and their broadband Internet connection to connect a branch office to their local ISP. Using PPPoE for an on-demand connection is faster than using a dial-up link to connect to the ISP.
Migrating Router Settings
When you upgrade from Windows NT 4.0 or Windows 2000 to Windows Server 2003, you retain all IP-based routing configuration, including demand-dial, RIP, OSPF, and DHCP Relay Agent settings. However, Windows Server 2003 does not support the NetWare routing protocol Internetwork Packet Exchange (IPX). If you upgrade from Windows NT 4.0 to Windows Server 2003, and IPX settings are detected, you are provided the option not to upgrade after all.