Windows 2000 Routing and Remote Access Service

  • Article

The Routing and Remote Access service for Windows 2000 Server continues the evolution of multiprotocol routing and remote access services for the Microsoft Windows platform. New features of the Routing and Remote Access service for Windows 2000 include:

  • Internet Group Management Protocol (IGMP) and support for multicast boundaries.

  • Network address translation with addressing and name resolution components that simplify the connection of a small office/home office (SOHO) network to the Internet.

  • Integrated AppleTalk routing.

  • Layer Two Tunneling Protocol (L2TP) over IP Security (IPSec) support for router-to-router VPN connections.

  • Improved administration and management tools. The graphical user interface program is the Routing and Remote Access administrative utility, a Microsoft Management Console (MMC) snap-in. The command-line utility is Netsh.

All of the combined features of the Windows 2000 Routing and Remote Access service make a Windows 2000 Server–based computer function as the following:

  • Multiprotocol router
    A Routing and Remote Access service computer can route IP, IPX, and AppleTalk simultaneously. All routable protocols and routing protocols are configured from the same administrative utility.

  • Demand-dial router
    A Routing and Remote Access service computer can route IP and IPX over on-demand or persistent WAN links, such as analog phone lines or ISDN, or over VPN connections using either PPTP or L2TP over IPSec.

  • Remote access server
    A Routing and Remote Access service computer can act as a remote access server providing remote access connectivity to dial-up or VPN remote access clients using IP, IPX, AppleTalk, or NetBEUI.

The combination of routing and remote access services on the same computer create a Windows 2000 remote access router.

An advantage of the Routing and Remote Access service is its integration with the Windows 2000 Server operating system. The Routing and Remote Access service works with a wide variety of hardware platforms and hundreds of network adapters; the result is a lower cost solution than many mid-range dedicated router or remote access server products.

The Routing and Remote Access service is extensible with application programming interfaces (APIs) that third-party developers can use to create custom networking solutions and that new vendors can use to participate in the growing business of open internetworking.

Combining Routing and Remote Access

One question that is commonly asked about the Routing and Remote Access service is: Why combine both routing and remote access into a single service? Both services worked fine separately in the original version of Windows NT 4.0.

The reason for combining the two services lies in the ** Point-to-Point Protocol (PPP) , which is the protocol suite that is commonly used to negotiate point-to-point connections for remote access clients. PPP provides link parameter negotiation, the exchange of authentication credentials, and network layer protocol negotiation. For example, when you dial an Internet service provider (ISP) using PPP, you agree to the size of the packets you are sending and how they are framed (link negotiation), you log on using a user name and password (authentication), and you obtain an IP address (network layer negotiation).

Demand-dial routing connections also use PPP to provide the same kinds of services as remote access connections (link negotiation, authentication, and network layer negotiation). Therefore, the integration of routing (which includes demand-dial routing) and remote access was done to leverage the existing PPP client/server infrastructure that existed for the remote access components.

The PPP infrastructure of Windows 2000 Server includes support for:

  • Dial-up remote access (remote access over dial-up equipment such as analog phone lines and ISDN) as either the client or server.

  • VPN remote access (remote access over VPN connections using either PPTP or L2TP over IPSec) as either the client or server.

  • On-demand or persistent dial-up demand-dial routing (demand-dial routing over dial-up equipment such as analog phone lines and ISDN) as either the calling router or the answering router.

  • On-demand or persistent VPN demand-dial routing (demand-dial routing over VPN connections using either PPTP or L2TP over IPSec) as either the calling router or the answering router.