Routing and Remote Access Deployment Guide
Published: April 30, 2010
Updated: April 30, 2010
Applies To: Windows Server 2008, Windows Server 2008 R2
The Routing and Remote Access service (RRAS) in Windows Server® 2008 R2, Windows Server® 2008, and Windows Server 2003 supports remote user or site-to-site connectivity by using virtual private network (VPN) or dial-up connections. RRAS consists of the following components:
. By using RRAS, you can deploy VPN connections to provide end users with remote access to your organization's network. You can configure the VPN connection to use Point-to-Point Tunneling Protocol (PPTP), Layer Two Tunneling Protocol (L2TP) with Internet Protocol security (IPsec), Secure Socket Tunneling Protocol (SSTP) in Windows Vista with Service Pack 1 (SP1) and Windows Server 2008 or later, or Internet Key Exchange version 2 (IKEv2) in Windows 7 or Windows Server 2008 R2. You can also create a site-to-site VPN connection between two servers at different locations.
. RRAS is a full-featured software router and an open platform for routing and networking. It offers routing services to organizations in local area network (LAN) and wide area network (WAN) environments or over the Internet by using secure VPN connections. Routing is used for multiprotocol LAN-to-LAN, LAN-to-WAN, VPN, and network address translation (NAT) routing services.
By configuring RRAS to operate as a remote access server, you can connect remote or mobile workers to organization networks. Remote users can work as if their computers are physically connected to the network.
Users run remote access software and initiate a connection to the remote access server. The remote access server running RRAS authenticates users and maintains connections until terminated by the user or network administrator. All services typically available to a LAN-connected user (including file and printer sharing, Web server access, and messaging) are enabled by means of the remote access connection.
Remote access clients use standard tools to access resources. For example, on an RRAS server, clients can use Windows Explorer to make drive connections and connect to printers. Connections are persistent: Users do not need to reconnect to network resources during their remote sessions. Because drive letters and universal naming convention (UNC) names are fully supported by remote access, most commercial and custom applications work without modification.
A server running RRAS provides two different types of remote access connectivity: dial-up networking and virtual private networking. This guide focuses primarily on virtual private networking.
A router is a device that manages the flow of data between network segments, which are also known as subnets. A router directs incoming and outgoing packets based on the information it holds about the state of its own network interfaces and a list of possible sources and destinations for network traffic. By projecting network traffic and routing needs based on the number and types of hardware devices and applications used in your environment, you can better decide whether to use a dedicated hardware router, a software-based router, or a combination of both. Generally, dedicated hardware routers handle heavier routing demands best, whereas less expensive software-based routers are sufficient for handling lighter routing loads.
A software-based routing solution, such as RRAS in Windows Server 2008, can be ideal on a small, segmented network with relatively light traffic between subnets. Conversely, enterprise network environments that have a large number of subnets and a wide range of performance requirements might need a variety of hardware-based routers to perform different roles throughout the network.
This guide is intended for use by network administrators and network engineers. It provides detailed guidance for deploying an RRAS design that has been preselected by you or an infrastructure specialist or network architect in your organization.
If your organization has not yet selected a design, first review the design options presented in the Routing and Remote Access Design Guide and select the most appropriate design — or combination of designs — for your organization.
This guide provides instructions for deploying the following RRAS designs:
VPN remote access server
Dial-up remote access server
Network address translation (NAT) router
VPN site-to-site connection
This guide does not provide the following:
Information that helps you plan and design various RRAS deployments to meet specific organizational requirements. For this information, see the Routing and Remote Access Design Guide.
Detailed information about supporting technologies, such as Active Directory, Dynamic Host Control Protocol (DHCP), and packet filtering.
Step-by-step procedures for configuring test deployments in a lab environment.