Module 12: Remote Access Service

blackstartNetworking and Communications

Oct 26, 2013 (4 years and 6 months ago)


Module 12: Remote Access Service


This module introduces Microsoft


Remote Access Service

(RAS). When RAS is installed on computers running Windows

NT, clients can
ect over telephone lines through RAS to a remote network. The RAS
server acts as a gateway between the remote client and the network. After a user
has made a connection, the telephone lines become transparent to the user, and
the user can access all networ
k resources as if sitting at a computer that is
directly attached to the network. For example, RAS makes a modem act like a
network adapter card, projecting a remote computer onto a LAN.

In Windows

NT version 4.0, RAS on the client side is called

and has a user interface that is consistent with Microsoft

95. Supporting Windows NT requires a knowledge of how a remote
client can access resources and services through RAS.


By the end of this module, you will be able to:

escribe RAS and Dial
Up Networking.

Explain the Telephony API (TAPI).

Install and configure RAS.

Install and configure Dial
Up Networking.

Troubleshoot RAS.

RAS and Dial
Up Networking

RAS and Dial
Up Networking enable th
e extension of a network beyond a
single location. RAS enables incoming connections from users at remote clients
that are using Dial
Up Networking or other Point
Point Protocol (PPP) or
Serial Line Internet Protocol (SLIP) dial
up software.

Up Netw
orking provides low
speed connections and is used by clients that
connect to a RAS server or an Internet service provider (ISP).

Using RAS and Dial
Up Networking, clients can be connected to remote
networks. After a connection is made, the remote links bec
ome transparent, and
a client can be used to gain access to network resources as if the client is
directly attached to the network.

After Dial
Up Networking is installed, the phone book feature can be used to
record telephone numbers that are needed to con
nect to remote networks.

By the end of this topic, you will be able to:

Explain WAN support in RAS.

Identify the remote access protocols of RAS.

Explain the function of the NetBIOS gateway and routers.

Describe the Point
Point Tunneling Protocol (PPTP).

Explain the security features of RAS.

WAN Connectivity

Remote clients can connect to a RAS server through a Public Switched
Telephone Network (PSTN), an X.25 network, or an Integrated Services Digital
Network (ISDN). They

can also connect remotely over a TCP/IP network, such
as the Internet, by using PPTP.

PSTNs and Modems


NT RAS uses standard modem connections over Public Switched
Telephone Networks (PSTN). A key advantage of PSTN is its worldwide

st modems that comply with industry standards can interoperate with other
modems. However, many difficult
diagnose problems can result from
incompatible modems.

Windows NT can automatically detect modems. This is especially useful when
the user is not s
ure which modem is installed on the remote clients (for
example, if his or her computer has an internal modem installed). If there is a
problem detecting a modem automatically, it is possible to install a modem
manually through the Modems program in Contro
l Panel.


An X.25 network transmits data with a packet
switching protocol. This protocol
relies on data communications equipment, which create an elaborate worldwide
network of packet
forwarding nodes that participate in delivering an X.25
packet to it
s designated address.

Up Networking clients can directly access an X.25 network by using an
X.25 Packet Assembler/Disassembler (PAD). Dial
up asynchronous PADs are
a practical choice for remote access clients because they do not require that an
X.25 l
ine be plugged into the back of the computer. The only requirement for a
up asynchronous PAD is the telephone number of the PAD service for the

RAS provides access to the X.25 network in one of two configurations (shown
in the following tabl
e), depending on the operating systems involved.



Client (for the Windows

95 or

NT operating systems)

Asynchronous packet
assemblers/disassemblers (PADs). The
PAD converts serially transmitted data into
X.25 packets. W
hen the PAD receives a
packet from an X.25 network, it puts the
packet out on a serial line, making
communication possible between the client
and the X.25 network.

Server and client (for the Windows

operating system only)

Smart cards. A direct connecti
on to the
X.25 network can be made through an X.25
smart card. An X.25 smart card is a
hardware card with a PAD embedded in it.
The smart card acts like a modem. To the
personal computer, a smart card looks like
several communication ports attached to


Integrated Services Digital Network (ISDN) is a digital system that offers much
faster communication than PSTN, communicating at speeds of 64 Kbps or
faster. ISDN lines must be installed at both the server and remote site.
Additionally, an ISDN ad
apter must be installed in both the server and the
remote client.

The ISDN adapter and the X.25 adapter are treated as network adapter
cards, thereby giving remote computers a direct data feed across a WAN to the


Point Tunneling Proto

RAS servers are usually accessed directly through a modem, an ISDN card, or
an X.25 PAD. They can also be accessed indirectly via the Internet with the
Point Tunneling Protocol (PPTP). PPTP is a networking tech
that supports multi
protocol virtual private networks (VPNs). This support
enables remote users to gain secure access to corporate networks across the
Internet. Using PPTP, first a connection to the Internet is established, and then a

connection to
the RAS server on the Internet is established.

PPTP Advantages

Using computers running Windows NT and PPTP to connect to a remote
network offers the advantages described in the following table.



Lower transmission costs

If local acc
ess is available through an ISP, access to the
remote network is less expensive than a long
telephone call or providing an 800 number for remote

Lower hardware costs

If PPTP is used, a RAS server needs only a connection
to the Internet. It

is not necessary for the RAS server to
have multiple modems, ISDN, or X.25 cards.

Lower administrative costs

With the version of PPTP that is included in

NT 4.0, a network is managed and secured at
the RAS server. It is necessary to manage only t
he user
accounts and RAS dial
in permissions.


PPTP provides security through data encryption. A
PPTP connection over the Internet is encrypted and
works with the NetBEUI, TCP/IP, and IPX protocols.
Data sent by means of a PPTP tunnel consists of
encapsulated PPP packets. If Dial
Up Networking is
configured to use data encryption, the data sent by
means of PPTP is encrypted when sent.

How PPTP Works

PPTP provides a way to route IP, IPX, or NetBEUI PPP packets over a TCP/IP
network. Because PPTP a
llows multi
protocol encapsulation, any of these
packets can be sent over a TCP/IP network. PPTP treats the existing corporate
network as a PSTN, ISDN, or X.25 network This virtual WAN is supported
through a public carrier, such as the Internet.

Because PP
TP supports IPX and NetBEUI in addition to TCP/IP, it is possible
for the Internet to be used as a backbone for IPX and NetBEUI. The remote
network that is being accessed can use any protocol; only the network between
the client and the remote network must

be a TCP/IP network, such as the

Comparing PPTP and Other WAN Protocols

When using PSTN, ISDN, or X.25, a remote access client establishes a PPP
connection with a RAS server over a switched network. After the connection is
established, PPP packe
ts are sent over the switched connection to the RAS
server for routing to the destination LAN.

In contrast, when using PPTP instead of a switched connection to send packets
over the WAN, a transport protocol such as TCP/IP is used to send the PPP
packets t
o the RAS server over the virtual WAN.

The resulting benefit for the corporation is a savings in transmission costs by
using the Internet rather than long distance dial
up connections.

PPTP Access Over the Internet

A Dial
Up Networking client with a PPTP d
river as its WAN driver can
connect to a Windows NT 4.0 RAS server by using the Internet. The
connection to the Internet can be made by either making a direct connection or
by calling an Internet Service Provider(ISP).

Method for connecting
to a RAS server


Direct connection to the

If a direct connection to the Internet is required, the client
must have a PPTP driver, and the RAS server must have a
enabled adapter to establish a PPTP tunnel via the
Internet. After being authen
ticated by the RAS server,
clients can access resources the same as if they had called
the RAS server directly.

Connection through an

If an ISP provides the connection, and the Point of Presence
(POP) for the ISP supports PPTP, then PPTP need not be
nstalled on the client. (A POP is a physical site where an
ISP has equipment to which users connect, typically by
dialing in over a modem and telephone line, to access the
Internet. The client establishes a connection to the ISP, and
then calls the Windows

NT RAS server to establish the
PPTP tunnel.


For more information about PPTP, see “Microsoft Virtual Private Networking”
in the appendixes. On the

menu, point to
, point to
NT 4.0 Core Technologies Training
, and then click

Remote Access Protocols

RAS supports two kinds of protocols: those that transmit data over LANs and
those that transmit data over WANs. Windows

NT supports LAN protocols
such as TCP/IP, NWLink IPX/SPX
transport protocol, and
NetBEUI, and remote access protocols such as SLIP, PPP, and the Microsoft
RAS protocol.

LAN Protocols


NT RAS supports NetBEUI, TCP/IP, and IPX. For this reason,

NT RAS can be integrated into existing Microsoft

UNIX, or
Novell NetWare networks using the PPP remote access standard. Clients
running Windows

NT RAS can also connect to existing SLIP
based remote
access servers (primarily UNIX servers). When RAS is installed and
configured, any supported protocols alr
eady installed on the computer are
automatically enabled for RAS.

Remote Access Protocols

RAS connections can be established through SLIP or PPP.

Serial Line Internet Protocol

SLIP is an industry standard that addresses TCP/IP connections made over
lines. SLIP is supported by Windows

NT Dial
Up Networking and gives
clients running Windows

NT access to Internet services. SLIP has several

Requires a static IP address, so SLIP servers cannot utilize DHCP or the
Windows Internet Name Service


Typically relies on text
based logon sessions, and usually requires a
scripting system to automate the logon process.

Supports TCP/IP, but it does not support IPX/SPX or NetBEUI.

Transmits authentication passwords as clear text.



RAS does not have a SLIP server component, so it cannot
be used as a SLIP server.

Point Protocol

PPP was designed as an enhancement to the original SLIP specification. PPP is
a set of industry standard framing and authentication protocols that e
nable RAS
clients and servers to interoperate in a multivendor network. PPP provides a
standard method of sending network data over a point
point link. PPP
supports several protocols, including Macintosh AppleTalk, DEC DECnet,
Open Systems Interconnecti
on (OSI), TCP/IP, and IPX. Windows

NT supports


NT Protocol Support Over PPP

PPP support enables computers running Windows

NT to dial in to remote
networks through any server that complies with the PPP standard. PPP
nce also enables a computer running Windows

NT Server to receive
calls from, and provide access to, other vendors’ remote access software.

The PPP architecture enables clients to load any combination of NetBEUI,
TCP/IP, and IPX. Applications written to the

Windows Sockets (WinSock),
NetBIOS, or IPX interface can be run on a remote computer running


Supporting TCP/IP makes Windows

NT “Internet ready” and allows remote
clients to access the Internet through WinSock applications.

up Networking
clients that have both the IPX interface and Client Service
for NetWare (CSNW) installed can access NetWare servers.

up Networking clients that do

have CSNW installed can still access a
NetWare server if Gateway Service for NetWare (GSNW) is insta
lled on a RAS
server. The RAS server then functions as a gateway to a NetWare server. In this
case, IPX is not required on the client.

CSNW enables a computer running Windows NT to connect directly to
and browse a NetWare server. GSNW enables a comp
uter running Windows
NT Server to function as a gateway to a NetWare server for clients running
Windows NT that do not have CSNW installed. For more information on
CSNW and GSNW, see Module 14, “Interoperating with Novell NetWare.”

On the server side, sup
porting PPP enables RAS servers to receive calls from,
and provide network access to, the remote access client software supplied by
other vendors.

RAS Setup automatically binds to NetBEUI, TCP/IP, and IPX if they are
installed on the computer when RAS is i
nstalled. After RAS is installed, each
protocol can be configured separately for use with RAS.



PPP Multilink Protocol

The PPP multilink protocol provides a means to increase data transmission rates
by combining multiple physical links into a logical bundl
e that increases
bandwidth. RAS with PPP multilink protocol can be used to combine analog
modem paths, ISDN paths, and even mixed analog and digital communications
links on both clients and servers. For example, a client with two 28.8 Kbps
modems, and two
PSTN lines, can use the PPP multilink protocol to establish a
single 57.6 Kbps connection to a PPP multilink protocol server. This will speed
up access to the Internet or to an intranet and reduce the time required for
remote connection, thus reducing the
cost of remote access.

Both the Dial
Up Networking client and the RAS server need to have the PPP
multilink protocol enabled for this protocol to be used.

The Microsoft RAS protocol is a proprietary protocol that supports the
NetBIOS standard. The Mi
crosoft RAS protocol is supported in all previous
versions of Microsoft RAS and is used on clients running Windows

NT version
3.1, Windows for Workgroups, Microsoft MS
, and Microsoft LAN
Manager. A Dial
up Networking client that is being used to dial
in to an earlier
version of Windows (for example, Windows

NT version 3.1) must use the
NetBEUI protocol. The RAS server then acts as a “gateway” for the remote
client, providing access to servers that use the NetBEUI, TCP/IP, or IPX


Gateways a
nd Routers

Windows NT RAS can act as a router or gateway in several situations.

NetBIOS Gateway

Windows NT RAS includes a NetBIOS gateway by which remote clients can
gain access to NetBIOS resources, such as file and print
services, on a network.
This enables clients running NetBEUI to gain access to RAS servers regardless
of which protocol is installed on the server. The NetBIOS gateway does this by
translating the NetBEUI packets into IPX or TCP/IP formats that can be
rstood by remote servers.

IP and IPX Routers


NT enhances the RAS architecture by adding IP and IPX router
capabilities. A RAS server that has IP and IPX routers installed can perform the
following functions:

Act as a router to link LANs and WANs.

Connect LANs that have different network topologies, such as Ethernet and
Token Ring.

In addition, a RAS server can be an IPX router and a SAP agent for Dial
Networking clients. SAP is similar in functionality to the Windows NT
Browser service. After i
t is configured, a RAS server enables remote clients to
access NetWare file and print services, and to take advantage of WinSock

RAS Security


NT RAS implements a number of security measures to validat
remote client access to a network.

Integrated Domain Security

Windows NT Server provides for organization
wide security using a single
network logon model. This eliminates the need for duplicate user accounts
across a multiple
server network. The single
network logon model extends to
RAS users. The RAS server uses the same user accounts database as the
computer running Windows

NT. This allows easier administration, because
users can log on to the domain remotely, using the same user accounts that they

at the office. This feature ensures that users with remote clients have the
same privileges and permissions that they have while in the office.

To connect to a RAS server, users must have a valid Windows

NT user account
and RAS dial
in permission. Clients

must be authenticated by RAS before they
can be used to log on to Windows


Encrypted Authentication and Logon Process

By default, authentication and logon information is encrypted when transmitted
over RAS. However, it is possible to allow any authenti
cation method,
including clear text. In addition, it is possible to configure Dial
Up Networking
and RAS so that all data that passes between a client and server is encrypted.


With Windows NT auditing enabled, RAS can generate audit information on

remote connections, including processes such as authentication and logon.

Intermediary Security Hosts

It is possible to add another level of security to a RAS configuration by
connecting a third
party intermediary security host between a Dial
orking client and a RAS server. When an intermediary security host is
used, users must type a password or code for the security device before
establishing a connection with the RAS server.

Callback Security

The RAS server can be configured to provide callb
acks as a means of
increasing security. When callback security is used, the server receives the call
from the client, disconnects the connection, and then calls the client back either
at a preset telephone number or at a number that was provided during the

call. This allows another level of security by guaranteeing that the connection to
the local network was made from a trusted site, such as a branch office.

PPTP Filtering

When using PPTP, the RAS server must have a direct connection to the Interne
and a company’s corporate network. This could pose a security risk, because
access to the corporate network could be gained through the RAS server. PPTP
filtering can be used to help ensure security on a corporate network. When
PPTP filtering is enabled,

all protocols other than PPTP will be disabled on the
selected network adapter. Enable PPTP filtering in the
Advanced IP

dialog box found in the
Microsoft TCP/IP


dialog box
of the Network program in Control Panel.

Telephony API

The Windows NT Telephony API (TAPI) provides a standard way for
communications applications to control telephony functions for data, fax, and
voice calls. TAPI virtualizes the telephone system by acting as a device driver

a telephone network. TAPI manages all signaling between a computer and a
telephone network, including such functions as establishing, answering, and
terminating calls. TAPI can also include supplementary functions such as hold,
transfer, conference, and c
all park, found in PBXs, ISDN, and other telephone

By the end of this topic, you will be able to:

Describe the functions of TAPI.

Identify TAPI settings.

Configure a TAPI location.

TAPI Settings

TAPI allows users
to centrally configure a computer for local dialing
parameters. The basic TAPI settings for a system are set up when a TAPI
program is run for the first time. Dial
Up Networking is a TAPI
application. If a TAPI
aware application has not been ru
n, the TAPI
configuration will be automatically installed when Dial
Up Networking is

Three TAPI settings that can be configured are locations, calling cards, and



in Windows

NT Dial
Up Networking is a set of informat
ion that
TAPI uses to analyze telephone numbers in international number format and to
determine the correct sequence of numbers to be dialed. A location does not
need to correspond to a particular geographical location, although it usually
does. A location

could include the special numbers needed to dial out from an
office or hotel room. Locations can be named anything that can help the user
remember them.

Location information includes:

Area (or city) code.

Country code.

Outside line access codes for both l
ocal and long distance calls.

Preferred calling card.

Calling Cards

TAPI uses calling cards to create the sequence of numbers to be dialed for a
particular calling card. The number is stored in scrambled form and will not be
displayed after it is entered.

This is a security feature that is used to avoid
unauthorized access to the number. Multiple calling cards can be defined.


TAPI drivers, also known as TAPI Service Providers (TSPs), are software
components that control TAPI hardware (for example,
a PBX, voice mail card,
phone system, or other equipment). Usually, TAPI drivers are installed with the
TAPI hardware. However, the TAPI driver for modems (Unimodem.tsp) is
automatically installed with the operating system.

All TSPs run in the same m
emory space, so it is possible for a
malfunctioning TSP to affect other TSPs.


Configuring a TAPI Location

Preparing a computer running Windows NT to use TAPI involves configuring a
TAPI location. Configure TAPI locations

through the
Dialing Properties

dialog box, which is accessible through the Telephony program in Control
Panel. The
Dialing Properties

dialog box contains tabs through which various
TAPI options can be configured.

The following table lists the configuratio
n options available on the

tab in the
Dialing Properties

dialog box.


Use this option to

I am dialing from
list and the


List the locations that are currently set up. To set up an
additional location, click

The area co
de is

Enter the area code for the TAPI location. If the location is in a
country other than the United States, type the city code, without
leading 0s. For example, if the city code is 071, type 71.

I am in

Display the current country name.

To access an o

Type the number(s) required to access an outside line for local
and long distance calls. In many cases, these numbers will be
the same. If no number is required to access an outside line,
leave both spaces blank.

Dial using Calling

y that the displayed calling card will be used when
calling from this location.



Change the calling card to be used for this location.

This location has
call waiting. To
disable it, dial

Specify whether this location uses call waiting. Call

should be turned off when dialing from a computer. Contact
the local telephone company for information about disabling
call waiting.

The phone system at
this location uses

Specify either tone or pulse dialing.

Installing and Configuring RAS

Configuring RAS differs from configuring Dial
Up Networking clients.
Although Dial
Up Networking clients are configured primarily to dial in to
remote networks, RAS servers are configured to provide access to network
s for those clients. RAS server configuration involves configuring
communication ports, network protocols (such as NetBEUI, TCP/IP, and IPX),
and encryption settings.

This topic discusses how to configure RAS servers to receive network requests
from Dial
p Networking clients.

By the end of this topic, you will be able to:

Install RAS.

Configure a RAS server.

Configure protocols on the server.

Configure NetBEUI on a RAS server.

Configure TCP/IP on a RAS server.

Configure IPX on a RAS server.

Installing RAS

RAS can be installed either during or after the installation of Windows

NT 4.0.
Remote access to the network

is selected during setup, both RAS and Dial
Up Networking will be automatically installed. One or both service
s can be
installed manually after installation of Windows


Whether RAS is installed during Windows

NT installation, or through the
Network program in Control Panel, the following information is required:

The model of the modem that will be used.

The typ
e of communication port to use for the RAS connection.

Whether this computer will be used to dial in, dial out, or both.

The protocols to be used.

Any modem settings such as baud rate or Kbps.

Security settings, including callback.


NT Server
4.0 supports 256 simultaneous inbound RAS
connections, while Windows

NT Workstation 4.0 supports only 1.

After Windows NT is installed, it is also possible to install Dial
Up Networking
manually. It can be installed through the Dial
Up Networking icon loc
ated in
My Computer or the Dial
Up Networking icon located on the



Configuring a RAS Server

The first step in configuring a RAS server is to specify the hardware that RAS
will use, including the type of m
odem and the port to which the modem will be

The drivers and ports used by RAS servers are configured through the
Access Setup

dialog box in the Network program of Control Panel. Click the

tab, click
Remote Access Service
, and th
en click
. The
Remote Access Setup

dialog box appears. The following table lists the
configuration options available through this dialog box.


Use this option to


Make a port available to RAS and install a modem, X.25 PAD, or a VPN


Make a port unavailable to RAS.


Change the RAS settings for the port, such as the attached device or the
intended usage (dialing out only, receiving calls only, or both).


Copy the same modem setup from one port to another.


Configure the network protocol and the multilink and encryption settings.

RAS Server Port Configuration Options

To configure the RAS server ports, in the
Remote Access Service

dialog box,
. The following table explains the optio
ns listed in the
Configure Port Usage

dialog box.


Use this option to enable

Dial out only

Up Networking clients to use the port to initiate calls.

Receive call only

RAS servers to receive calls from Dial
Up Networking clients
on the port.

Dial out and
Receive calls

RAS servers to use the port for either Dial
Up Networking client
or a server functions.

Port configuration options affect only the specified port. For example, if the
COM1 port for the server is configured to receive calls and
the COM2 port is
configured to dial out and receive calls, a user at a remote client can call in on
either COM port, but a local user could only use COM2 for outbound Dial
Networking calls.

After selecting the appropriate
Port Usage

option, click
. Th
Access Setup

dialog box reappears.

Configuring Protocols on the Server

RAS server enables users at a variety of remote clients to connect to the server
through different protocols. In general, the RAS server and t
he LAN should be
running the same protocols. This allows RAS clients to use any combination of
supported protocols to gain access to remote resources. Protocols can be
installed through the

tab in the Network program in Control Panel.

In the
te Access Service

dialog box, click

to use the

dialog box to select and configure the LAN protocols. Network
protocol configuration applies to RAS operations on all RAS
enabled ports.

The following table describes the protocol

configuration options available in
Network Configuration

dialog box.


Use this option to

Dial out Protocols

Select the dial out protocols.

Server Settings

Select and configure the protocols that the RAS server can use for

servicing remote c


Select an authentication level ranging from clear text for down
level clients to Microsoft encrypted authentication for clients
running Windows NT or Windows 95.


Microsoft encrypted authentication

is selected, the

data encryption

check box can also be selected.

Enable Multilink

Enable the Dial
Up Networking PPP multilink protocol. To use
the PPP multilink protocol, both the client and the server must
have the PPP multilink protocol enabled.

Configuring a
RAS Server to Use NetBEUI

If the NetBEUI protocol has been installed, the RAS Setup program enables
NetBEUI and the NetBIOS gateway by default. RAS servers use NetBEUI to
provide remote clients with access to small workgrou
ps or department
LANs. NetBEUI is the smallest, and often the fastest, protocol used over RAS.

To configure a RAS server to use NetBEUI, in the
Network Configuration

dialog box, select the

check box, and then click

next to
RAS Server NetBEUI Configuration

dialog box appears. Use
this dialog box to enable remote NetBEUI clients to gain access to the

Entire network
. This option grants remote clients permission to gain access
to resources on the network.

This com
puter only
. This option grants remote clients permission to gain
access only to the resources on the RAS server.

Recall that the NetBIOS gateway translates NetBEUI packets to IPX or TCP/IP
as needed.

Configuring a RAS Server to Use TCP/IP

To configure a RAS server to use TCP/IP, in the
Network Configuration

dialog box, select the

check box, and then click
. The
Server TCP/IP Configuration

dialog box appears. Use this dialog box to
grant network access p
ermissions and IP addresses to Dial
Up Networking
clients. The following table outlines the available configuration options.


Use this option to

Allow remote
TCP/IP clients to

Allow Dial
Up Networking clients to gain access to the entire
twork or only the resources on the RAS server.

Use DHCP to assign
remote TCP/IP
client addresses

Use a DHCP server to dynamically assign an IP address to a
Up Networking client. Dial
Up Networking clients require
an IP address to communicate on TCP/
IP networks.

Use static address

Configure the IP address range; designate beginning and
ending values for the IP address range. Use the


buttons to exclude any IP addresses that are not to be

Allow remote clients
to request a
determined IP

Enable Dial
Up Networking clients to request a predetermined
IP address.

Configuring a RAS Server to Use IPX

Use the
RAS Server IPX Configuration

dialog box to grant remote IPX
clients access to the

network and to allocate network numbers.

To configure a RAS server to use IPX, in the
Network Configuration

box, select the

check box, and then click
. The
RAS Server
IPX Configuration

dialog box appears.

Up Networking clients can

gain access to NetWare server file and print
sharing resources through RAS servers that support IPX.

Use the
RAS Server IPX Configuration

dialog box to grant network access
permissions and to allocate NetWare network numbers to Dial
Up Networking

The following table outlines the configuration options.


Use this option to

Allow remote IPX
clients to access

Allow Dial
Up Networking clients to gain access to the
entire network or this computer only.

Allocate network
numbers automatically

ssign network numbers automatically to Dial
Networking clients. The same network number can be
assigned to all IPX clients.

Allocate network

Assign network numbers manually to Dial
Up Networking

Assign same network
number to all IPX

Assign a single network number to all IPX clients. Only
one network number will be added to the routing table for
all active Dial
Up Networking clients.

Allow remote clients to
request IPX node

Enable Dial
Up Networking clients to request an
IPX node
number rather than use the node number assigned by the
RAS server.

Installing and Configuring Dial
Up Networking

Up Networking enables users at remote clients to connect to a network
from a remote site, s
uch as home or a hotel. Dial
Up Networking is used to call
the dial
up server and establish a telephone connection with the network. After
the connection has been made, a Dial
Up Networking client can be used as if it
were connected directly to the network
. There are a number of options that can
be set in Dial
Up Networking, including phonebook entries, logging on using a
in entry, and the AutoDial feature.

By the end of this topic, you will be able to:

Install Dial
Up Networking.

Configure a phonebook


Use Dial
Up Networking to log on to a Windows NT domain.

Explain the AutoDial feature.

Installing Dial
Up Networking

Up Networking is automatically installed during Windows

NT installation
Remote access to
the network

is selected during Setup.

Up Networking is also automatically installed on computers running
Windows NT Server or Windows NT Workstation when RAS is installed, if
RAS is configured to dial out and receive calls, or to dial out only.

p Networking can also be manually installed by double
clicking the
Up Networking icon in My Computer.

Up Networking always runs on a client, while RAS always runs on
a server.


Configuring Phonebook Entries

Up Networking is used to connect a client to remote networks by using a
modem, ISDN, or another WAN adapter. A

entry stores all the
settings needed to connect to a particular remote network.

The Dial
Up Networking client stores all of its
configuration data for a single
connection in a phonebook file. A phonebook can be specific to an individual
user or shared among all users on the computer. A phonebook shared in this way
is called a
system phonebook
. To create or edit phonebook entries, a
ccess Dial
Up Networking through either My Computer or the

menu. To use

menu, click the

button, and then point to

Use the New Phonebook Entry wizard to create the first phonebook entry. After
gaining experience
with phonebook entries, it may be more efficient to turn off
the wizard by selecting the

know all about phonebook entries and would
rather edit the properties directly

check box.

To use the New Phonebook Entry wizard again, in My Computer,
lick the Dial
Up Networking icon, click
, and then click
. Then, click the

tab, click
Use wizard to create new
phonebook entries
, and then click
. The next time a new phonebook entry
is created, the wizard will automaticall
y start.


New Phonebook Entry Configuration

To create or configure a phonebook entry, in My Computer, double
click the
Up Networking icon, and then click
. If the New Phonebook Entry
wizard is disabled, when you click
, the
New Phonebook Entry

box appears. Use the tabs in the
New Phonebook Entry

dialog box to
configure the parameters described in the following table.


Use this tab


To configure a name for the phonebook entry.

To enter the telephone number and any alternate tele
phone numbers
and to use Telephony dialing properties, such as when calling long
distance or using a credit card.

To specify and configure the device used by the phonebook entry.

To enable the PPP multilink protocol, in the
Dial Using

list, click

, and then click
. In order to use the PPP
multilink protocol, multiple devices, such as modems, must be


To select the dial
up server type, choose PPP, SLIP, or an earlier
RAS protocol. The other options available depend o
n the server type
selected, but include selecting a network protocol, such as NetBEUI,
TCP/IP, or IPX/SPX compatible transport, and selecting software
data compression.


To specify a terminal window or script file if manual intervention is
before or after dialing to establish a remote access session.


To select a level of authentication and encryption.


To select an X.25 network provider and to configure connectivity
information required by the X.25 network provider.

In addit
ion, the following TCP/IP settings (available on the

tab) may
need to be configured based on the dial
up server type that is selected. The
TCP/IP settings are only available for PPP and SLIP servers.



IP address

Automatically a
ssigned by the dial
up server or manually
configured on clients.

Name Server

Assign DNS and WINS server addresses. These can be assigned
by a DHCP server or manually configured at the client.

Use IP header

Enable header compression
for low
speed serial links.

Use default
gateway on remote

Select this check box if the Dial
Up Networking client is using a
network card to connect simultaneously to a LAN. When this
check box is selected, packets that cannot be routed on the loca
network are forwarded to the default gateway on the remote
network. In addition, address conflicts between the remote and
local networks are resolved in favor of the remote network.

Logging On Through Dial
Up Networking

When Dial
Up Networking is installed, Windows NT includes a logon option
that enables users to log on to a domain using Dial
Up Networking. With this
option, users can select a Dial
Up Networking phonebook entry that they will
use to log on. Dial
Up Netw
orking then establishes a connection to the RAS
server so that a domain controller for the specified domain can validate the
logon request.

Up Settings

The dial
up settings for establishing a connection for logging on are configured
using the
Logon Pr

dialog box on the Dial
Up Networking client. To
access the
Logon Preferences

dialog box, click
in the

dialog box, and then on the

menu, click


The following table describes the logon options that can

be configured in the
Logon Preferences

dialog box.


Use this tab to


Specify the number of and interval between redial attempts. It can
also be used to set an idle connection timeout period.


Configure the server to disconnect and to

call the client back
following authentication. This reduces telephone charges and
increases security.


Configure the Dial
Up Networking interface that appears during
logon, including options to allow number preview before dialing, to
show the l
ocation setting before dialing, to allow location edits
during the logon process, to show connection progress while dialing,
to close on dial, to allow phonebook edits during the logon process,
and to use the wizard to create new phonebook entries.


Specify the system phonebook or an alternate phonebook to be used
during logon.

User Profiles with Dial
Up Networking

The same logon process is used by Windows NT for logging on to a LAN
directly or through Dial
Up Networking. The reason this proce
ss is identical for
direct and remote logon is that a copy of a user’s profile is cached on the client
each time the user logs off. Consider using the locally
cached user profile rather
than the server
based profile when logging on through Dial
Up Networki
For example, if the server containing a server
based profile is unavailable, any
customization of the desktop that is stored in that profile will not occur.
However, if there is a locally
cached user profile, these customizations will

Windows NT to use the locally
cached user profile through the

tab, which is accessible through the System program in

Control Panel.



NT 4.0 Dial
Up Networking supports
. AutoDial maint
network addresses and maps them to phonebook entries. This mapping allows
automatic dialing when a user references the network address from an
application or from the command line.

AutoDial Mapping Database

The AutoDial database can include IP address
es (for example,,
Internet host names (for example,, or NetBIOS names (for
example, PRODUCTS1). Each address in the database is associated with a set
of entries. These are entries that RAS can use to dial from a particular TA
dialing location.

AutoDial automatically creates entries in its database if a user is unable to
connect to a network address, or if the phonebook entry was made through a
RAS connection. The following table describes the situations in which
AutoDial aut
omatically creates entries in its database.


AutoDial response

Failure to connect to
a network address

If there is no entry for the address in the mapping database, and
the computer is not connected to a network (either directly or
through RAS)
, AutoDial prompts the user to specify the
information necessary to establish a dial
up connection. If the
user provides the information and the dial
up connection
operation is successful, AutoDial stores the information in the

Connection to a
etwork through

When a user connects to a network address, AutoDial creates an
entry in the database. The entry maps the network address to the
phonebook entry that was used to establish the RAS connection.

Automatic Reconnection

AutoDial tracks all D
Up Networking connections so that clients can be
automatically reconnected.

AutoDial attempts to make a reconnection in the following situations:

If a client is disconnected from the network, AutoDial will attempt to
establish a connection whenever an
application is used that references a
network connection.

If a client is connected to a network, AutoDial attempts to create a network
connection for addresses that it has previously learned.

Enabling and Disabling AutoDial

A user can enable and disable A
utoDial in the


dialog box for
a phonebook entry. To enable AutoDial, in the
Up Networking

box, and then in the
Phonebook entry to dial

list, select an entry. Click
and then click
User Preferences
. Click the

tab, a
nd then in the
dial by location

list, select each location listed. To disable AutoDial, on

tab, click to clear each location listed in the
Enable auto
dial by


AutoDial only works when the Remote Access Autodial Manage
r is running.
To determine if the Remote Access Autodial Manager is running, double
the Services icon in Control Panel. If the Remote Access Autodial Manager is
started, then AutoDial is able to function. If the Remote Access Autodial
Manager is not
running, start it by selecting it, clicking
, setting the
Startup Type

to either

, and then clicking


95 and Windows

NT versions earlier than 4.0 do not support
AutoDial. AutoDial does not support IPX connectio
ns. AutoDial only works
with the TCP/IP and NetBEUI protocols. For more information about AutoDial,
see the Dial
Up Networking (RAS) Help.


Troubleshooting RAS

This topic describes some of the common errors that can occu
r when using
RAS, along with guidelines and tools for solving these problems.

Event Viewer

Event Viewer is used to view the system log, which contains events for all

NT internal services and drivers. Event Viewer is useful in
diagnosing RAS problem
s because many RAS events are entered in the system
log. For example, if the Dial
Up Networking client fails to connect, or if the
RAS server

fails to start, check the system log.

Problems with PPP Connections

If a user has problems being authenticated ove
r PPP, a Ppp.log file can be
created to provide debugging information to troubleshoot the problem. The
Ppp.log file is stored in the
Ras folder, and is enabled by
changing the following registry parameter value to


Authentication Problems

If a Dial
Up Networking client is having problems being authenticated over
RAS, try to change the authentication settings for that client. Try the lowest
authentication option on

each side, and if successful, start increasing the
authentication options to determine the highest level of authentication that can
be used between the two systems.

Up Networking Monitor

The Dial
Up Networking monitor, which can be accessed through
the Dial
Monitor program in Control Panel, shows the status of a session that is in
progress. It shows the duration of the call, the amount of data being transmitted
and received, and the number of errors. In addition, it can show which lines are
used for multilink sessions.

Multilink and Callback

If a user at a client uses a multilink
enabled phonebook entry to call a server
that is configured to call the user back, when the callback is made it will be to
one of the multilink devices. The reason f
or this is that the RAS Admin utility
allows only one number to be stored for callback purposes for each user
account. Therefore, the RAS server calls only one of the devices, and the
multilink functionality is lost.

If the link between the Dial
Up Network
ing client and the RAS server is made
by using ISDN with two channels that have the same telephone number, then
multilink will work with callback.

AutoDial Occurs During Logon

During the logon process, when Windows

NT Explorer initializes, any
persistent n
etwork connections or desktop shortcuts that reference network
locations will cause AutoDial to attempt to make a connection. To avoid this,
disable AutoDial or remove the persistent connections and shortcuts.

For more information about RAS server, s
ee “RAS Server Notes” in the
appendixes. On the

menu, point to
, point to
Windows NT 4.0 Core Technologies Training
, and then click




You would like to enable remote users to conn
ect to your company’s LAN
through the Internet. However, your manager is concerned about potential
unauthorized access from the Internet. How would you implement your plan
while allaying his concerns?

Implement PPTP, which uses the Internet as a connection

medium but
does not necessarily expose your network on the Internet. Only the
RAS server needs to be on the Internet, and PPTP filtering can be
enabled to prevent any packets other than PPTP packets from reaching
the internal network.


You are a frequent t
raveler, and you require dial
up access to your
company’s network through any of five remote access phone numbers
maintained by a RAS server. Changing all five access number properties to
match your area code and dialing conditions is tedious; how can you
simplify the process?

Configure a TAPI location with your local country and area code and
any other necessary dialing properties. This location can be applied to
all five of the Dial
Up Networking connections.


You use Dial
Up Networking frequently to acces
s your company’s network
from home. You use a 28.8 Kbps modem to connect, and it takes a very
long time to log on. Without buying another modem, how can you speed up
the process?

Configure your computer so that it does not download your server
based profil
e during the logon process across RAS.


Your network supports users who often work from home. These users only
require remote access to their home directories, which are maintained on a
RAS server. For security reasons, you do not want these users to be ab
le to
access the rest of your intranetwork from a remote location. What is the best
way to implement this?

Configure the RAS server so that it only allows access to itself and not
to the rest of the network. Although you could simply apply
permissions to o
ther network servers and resources to restrict the
remote users, these permissions would also apply when the users work
at the office, restricting them unnecessarily.


You receive a help desk call from a remote user who is having trouble
connecting to the R
AS server using PPP. How would you troubleshoot the

Enable PPP logging for the RAS server and see how far the user is able
to get in the connection process.