RAS Protocols

Knowing the options for configuration

Few articles in this magazine generate as much feedback as those about Windows NT's Remote Access Service (RAS). In May, I gave an overview of how to install and configure RAS in "Remote Access Service." In this article, I address configuring protocols in RAS. I will look at the remote access protocols and the LAN protocols RAS supports.

Which Protocols Does RAS Support?
RAS supports two sets of protocols: remote access protocols and LAN protocols. When you use the Remote Access Service, NT uses the remote access protocols to make the RAS connection to another computer, the Internet, or an Internet Service Provider (ISP). These protocols include Point-to-Point Protocol (PPP), Serial Line Internet Protocol (SLIP), the Microsoft RAS protocol, and Point-to-Point Tunneling Protocol (PPTP). The LAN protocols that NT uses to communicate over the RAS connection can be any of the protocols that you use in NT, including NetBEUI, NWLink, or TCP/IP. I will look first at the remote access connection protocols and then at how you must configure the LAN protocols to work with RAS.

The Remote Access Protocols: Client Configuration
When you configure NT 4.0 RAS for a server, the software supports PPP connections. So, this configuration gives you options about which remote access protocol to employ on the client side only.

SLIP. NT's RAS supports SLIP, but only from the client side. RAS clients can connect to existing SLIP servers, but an NT RAS server will not act as a SLIP server. SLIP does not support authentication as part of the protocol, so logon sessions use clear-text transmission of usernames and passwords. Also SLIP cannot negotiate automatic network connection settings. The main use for the SLIP protocol is for connecting to mostly UNIX-based Internet servers.

To configure the RAS client (known as Dial-Up Networking--DUN--in Windows 95 and NT 4.0) for SLIP, open the Phonebook entry, click More, choose Edit entry and modem properties, select the Server tab, and select SLIP:Internet under the Dial-up server type box, as Screen 1, page 222, shows. Many SLIP servers require a logon exchange, so you have two options. Under the Script tab, you can select the Pop up a terminal window option. Or you can use a Switch.inf file to automate the exchange of logon parameters. See the references at the end of this article for information about the contents of the Switch.inf file.

PPP. PPP is the most commonly used remote access protocol. It's a great improvement over SLIP, offering automated, encrypted authentication (although some service providers that use PPP still require a text-based logon exchange). Clients and servers that use the PPP protocol will automatically negotiate authentication and network settings.

To configure PPP in the Phonebook entry, follow the steps outlined for SLIP, but select PPP: Windows NT, Windows 95 Plus, Internet as the Dial-up server type. As with the SLIP logon, if the remote server requires that you log on, set the script option to Pop up a terminal window so that you can interact with the server and provide the required information, or use a script file.

Microsoft RAS Protocol. In Windows NT 3.1 and Windows for Workgroups 3.11, Microsoft supplied an earlier version of the RAS client (at that time, Dial-Up Networking was called the RAS client). It supports both the RAS Terminal and Switch.inf script files for making logon connections.

PPTP. PPTP lets a remote user use a dial-up networking connection to connect to an ISP. This connection transmits data in secure, encapsulated form via the Internet to the corporate Remote Access Server. Essentially, you're using the Internet as a Virtual Private Network (VPN), which helps to reduce costs and maintain security. (For more about PPTP and RAS, see Sean Daily, "Watch Your RAS," August 1997.)

The LAN Protocols: Client Configuration
After you establish the connection between the RAS client and the RAS server, you must decide which LAN protocol to use over that connection. At the client end, you choose the protocol from the Server tab under the Edit Entry and Modem Properties dialog box, as we saw in Screen 1. For TCP/IP, you will need to configure some options.

NetBEUI and IPX/SPX on the client. You have no options to configure for NetBEUI on the client. The same applies to the IPX/SPX Compatible option.

TCP/IP on the client. TCP/IP requires considerably more configuration than any other protocol, as Screen 2 shows. First, determine whether your network has a Dynamic Host Configuration Protocol (DHCP) server that can supply an IP address. If not, you must enter a static IP address. This entry can result in problems unless you use the dial-up connection to connect to the same server each time. Most ISPs and most companies that have RAS servers use DHCP. Even with DHCP, you must decide whether the DHCP server will supply the name server addresses for the Domain Name System (DNS) and Windows Internet Name Service (WINS). This issue is less of a concern when you're connecting to a corporate server, which often will supply these addresses. ISPs, however, might require entries for the DNS server.

In the PPP TCP/IP Settings window, which you see in Screen 2, leave the Use IP header compression option checked, unless you can connect but cannot transfer IP data in one or both directions. The window also has a check box to specify that you want to use the default gateway on the remote network. This option applies only if you are using a DUN connection into one network but have a network card in your computer that is talking to another network. If a packet cannot be routed on the local network, the routers will forward it to the default gateway on the remote network, not the default gateway on the local network. Uncheck this box if you don't want this behavior.

If SLIP is your remote access protocol, you have no option. You must use TCP/IP on the client computer, because SLIP is an Internet protocol.

Configuring LAN Protocols on the Server
To find the RAS settings on the server, go to Settings, Control Panel, Network and choose the Services tab. Select Remote Access Service, and then click Properties. When the Remote Access Setup dialog shown in Screen 3 appears, click the Configure button and select Dial out only (which you would not use for a RAS server), Receive calls only, or Dial out and Receive calls. Close this port settings window and click the Network button to configure the inbound and outbound protocols, shown in Screen 4. If you have RAS set for dial out only, you will see only the three protocols (i.e., NetBEUI, TCP/IP, and IPX) listed, with no configurable options. For incoming calls, you can select one or more protocols. For each protocol, you will see the same option, which is whether to let the dial-in user connect beyond the server to the rest of the network. If the intent is to let a user dial in from home and connect to his or her desktop system at the office, you can configure the desktop system as a RAS server, with no access beyond that one computer to the rest of the network.

NetBEUI on the server. NetBEUI is the simplest LAN protocol to configure on the server. The only option is whether to allow access to the rest of the network.

TCP/IP on the server. For an incoming call using TCP/IP, you have the option of assigning the client an IP address from your network DHCP server, as Screen 5 shows. But how can you assign IP addresses to clients if you do not have a DHCP server? The solution is to use the static address pool, which is a range of IP addresses allocated to the RAS server for assignment to clients. If you use this method, you'll need at least two IP addresses: one for the RAS server and the other for the remote client. Another approach, if your clients always connect to the same server, is to assign them a fixed IP address and have them request that address when they connect.

IPX on the server. When clients connect with IPX, you must provide a network number. The RAS server can allocate these numbers automatically by finding a network number not in use. Or, you can specify a starting network number. You can type an entry in the From: box in the RAS Server IPX Configuration window, but the RAS configuration software computes the To: based on the starting value and the number of ports. Network administrators often use this option when they want to identify RAS clients on the network by their network number. Or, you can assign the same network number to all the RAS clients, which adds only one entry to the routing table for all the connected RAS clients and reduces the size of the Routing Information Protocol (RIP) broadcasts. Be careful with the last option, which lets remote clients request an IPX node number instead of using one the RAS server provides. This option opens a possible security hole because a client can impersonate a previously connected client and access resources previously accessed by that client.

The NetBIOS Gateway
Microsoft RAS servers support the NetBIOS gateway, which gives users more flexibility. A gateway, by definition, converts between protocols. You can run only NetBEUI on the remote client, making a RAS connection into a RAS server. The RAS server can then translate the network traffic to IPX or TCP/IP, letting the remote client connect to another computer system on the network, even though that computer does not have NetBEUI installed. Although TCP/IP is the fastest protocol overall (at least since NT 4.0), NetBEUI might be the fastest protocol to run over a RAS connection and takes less resources on the client. This approach works well for access to file and print resources on an NT network. It does not let the client run applications that depend on having TCP/IP or IPX on the client computer. If your applications have this requirement, you will still need to install the appropriate protocols on the client.

Configuring Bindings
Don't forget to look at the bindings once you've configured the protocols. You might use some protocols only for the RAS connections or with the network card, as Screen 6 shows. To improve performance, disable bindings to enable only the appropriate combinations of network card and protocols, or RAS link (called WAN connection in the bindings window) and protocols. Or perhaps you use two protocols, but one takes priority for the network card and the other is used most often for the RAS connection. Changing the order of the protocols bound to each adapter is worth doing.

For More Information
One of the best sources of information about RAS is the documentation that comes with NT Server. The "Networking Supplement" contains five chapters on RAS. The Networking Guide volume of the Microsoft Windows NT Server Resource Kit also contains a great deal of useful information about RAS connections and protocols. For further reading on RAS, see the related articles in Windows NT Magazine box, page 222.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.