Using the remote access server for Internet access

  • Article

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Using the remote access server for Internet access

You can use a server running Routing and Remote Access to provide both access to the Internet and traditional dial-up Internet service provider (ISP) services. If you want the remote access server to support multiple dial-up TCP/IP-based connections, complete the following steps:

  • Configure the connection to the Internet.

  • Configure the connection to the dial-up clients.

  • Configure the dial-in ports.

  • Configure the remote access server.

  • Configure multicast support.

  • Configure remote access policies.

The following illustration shows the elements of an ISP based on the Windows Server 2003 family.

An ISP example

Configuring the connection to the Internet

The connection to the Internet from Routing and Remote Access is a dedicated connection--a WAN adapter installed in the computer. The WAN adapter is typically a DDS, T1, Fractional T1, or Frame Relay adapter. As the ISP, you must contract with a local telephone company to run the appropriate physical wiring to your premises. You need to verify that the WAN adapter is compatible with Windows. (See Support resources.)

The WAN adapter includes drivers that are installed on the server running Routing and Remote Access so that the WAN adapter appears as a network adapter.

You need to configure the following TCP/IP settings on the WAN adapter:

  • IP address and subnet mask assigned from the Internet Assigned Numbers Authority (IANA) or a downstream ISP.

  • Default gateway of the downstream ISP or network access point (NAP) router.

Configuring the connection to the dial-up clients

To allow the connection of multiple, simultaneous dial-up clients, you must have modem pooling equipment (hereafter known as the modem bank) with the appropriate connections to the local telecommunications provider.

Typical modem banks include an adapter that installs on the server running Routing and Remote Access. You need to verify that the modem bank adapter is compatible with Windows. (See Support resources.)

The modem bank adapter includes drivers that are installed on the server running Routing and Remote Access so that the modem bank appears as a series of modem ports.

Configuring the remote access server

You can configure the properties of the remote access server in Routing and Remote Access. For more information, see View properties of the remote access server.

You can configure the remote access server to allow multiple dial-up clients access to the Internet during the Routing and Remote Access Server Setup wizard. If you did not configure this during setup, you need to manually configure the following settings:

  • General

    Verify that the Remote access server check box is selected.

  • Security

    • Authentication Methods

      Select the authentication methods that are supported by the remote access server to authenticate the credentials of dial-up clients. Microsoft dial-up networking clients typically use MS-CHAP authentication. Other dial-up networking clients might use CHAP, SPAP, and PAP authentication.

    • Authentication Provider

      You can verify the credentials of dial-up clients by using Windows Server 2003 family security features or a RADIUS server. If RADIUS is selected, you need to configure RADIUS server settings for your RADIUS server or RADIUS proxy.

    • Accounting Provider

      You can record dial-up client activity for analysis or accounting purposes by selecting and configuring an accounting provider.

  • IP

    Verify that the Enable IP routing and Allow IP-based remote access and demand-dial connections check boxes are selected.

    Click Static address pool and configure the ranges of IP addresses that are dynamically allocated to dial-up networking clients. Or, if a DHCP server is available, click Dynamic Host Allocation Protocol (DHCP).

    For more information about configuring IP address pools, see Create a static IP address pool.

Configuring multicast support

Depending on the options selected when the Routing and Remote Access Server Setup Wizard was run, multicast support might already be enabled. To configure multicast support manually, you need to complete the following steps:

  1. Add the IGMP Router and Proxy routing protocol. For more information, see Add the IGMP routing protocol.

  2. Add the Internal interface to the IGMP routing protocol and configure it in IGMP router mode. For more information, see Enable IGMP router and IGMP proxy mode.

  3. Add the interface that represents the permanent connection to the Internet to the IGMP routing protocol and configure the interface in IGMP proxy mode. For more information, see Enable IGMP router and IGMP proxy mode.

Configuring remote access policies

If you want to authorize remote access to the dial-up networking clients by user, do the following:

  1. For a stand-alone remote access server, use Local Users and Groups and set dial-in properties to Allow access for those users who will be making remote access connections.

  2. For a remote access server in an Active Directory domain, use Active Directory Users and Computers and set dial-in properties to Allow access for those users who will be making remote access connections.

If you want to grant remote access to the dial-up networking clients based on group membership and an access-by-policy administrative model, do the following:

  1. For a stand-alone remote access server, use Local Users and Groups and set dial-in properties to Control access through Remote Access Policy for all users.

  2. Do one of the following:

    • For a remote access server that is a member of a Windows 2000 mixed domain, use Active Directory Users and Computers and set dial-in properties to Allow access for all users.

    • For a remote access server that is a member of a Windows 2000 native or Windows Server 2003 domain, use Active Directory Users and Computers and set dial-in properties to Control access through Remote Access Policy for all users.

  3. Create a user group whose members will be able to create dial-up networking connections with the remote access server. For example, create a group named Clients.

  4. Add the appropriate user accounts to the new group.

  5. Delete the default remote access policies.

  6. Create a new remote access policy with the following properties:

    • Set Policy name to Remote Access if member of Clients (example).

    • Set the: Windows-Groups attribute to Clients (example).

    • Select the Grant remote access permission option.