Previous Page | Next Page

  1. Introduction
  2. Windows 2000 Professional
  3. Windows 2000 Server
  4. Windows 2000 Advanced Server
  5. Windows 2000 Datacenter Server
  6. Application Support
  7. System Operation
  8. Disks and Volumes
  9. Filesystems
  10. Configuration Files
  11. Security
  12. Network Support
  13. Access Management
  14. Processes
  15. AD Structure
  16. AD Objects
  17. AD Object Naming
  18. AD Schema
  19. AD Sites
  20. Domains
  21. AD Functions
  22. AD Replication
  23. DNS
  24. AD Security
  25. AD Installation
  26. AD Configuration
  27. AD Performance
  28. Installation
  29. Installation Options
  30. Unattended Installation
  31. Software Distribution
  32. Remote Installation Service
  33. Language
  34. Accessibility
  35. File Attributes
  36. Shares
  37. Distributed File System
  38. Control Panel
  39. Active Directory Tools
  40. Computer Management Console Tools
  41. MMC Tools
  42. Network Tools
  43. Network Monitor
  44. System Performance Monitoring
  45. Tools
  46. Managing Services
  47. Connections
  48. TCP/IP
  49. DHCP
  50. Printing
  51. Routing
  52. IPSec
  53. ICS
  54. Fault Tolerance
  55. Backup
  56. System Failure
  57. Services
  58. Remote Access
  59. WINS
  60. IIS
  61. Certificate Server
  62. Terminal Services
  63. Web Services
  64. Authentication
  65. Accounts
  66. Permissions
  67. Groups
  68. User Rights and Auditing
  69. Auditing
  70. User Profiles
  71. Policies
  72. Group Policies
  73. Miscellaneous
  74. Terms
  75. Credits

Windows 2000 Routing

The "Routing and Remote Access" administrative tool is used to enable routing on a Windows 2000 server that is multihomed (has more than one network card). Windows 2000 professional cannot be a router. The "Routing and Remote Access" administrative tool or the "route" command line utility can be used to configure a static router and add a routing table. A routing table is required for static routing. Dynamic routing does not require a routing table since the table is built by software. Dynamic routing does require additional protocols to be installed on the computer. When using the "Routing and Remote Access" tool, the following information is entered:

  • Interface - Specify the network card that the route applies to which is where the packets will come from.
  • Destination - Specify the network address that the packets are going to such as 192.168.1.0.
  • Network Mask - The subnet mask of the destination network.
  • Gateway - The IP address of the network card on the network that is configured to forward the packets such as 192.168.1.1.
  • Metric - The number of routers that packets must pass through to reach the intended network. If there are more than 1, the Gateway address will not match the network address of the destination network.

Dynamic Routing

Windows 2000 Server supports Network Address Translation (NAT) and DHCP relay agent. Three Windows 2000 supported Dynamic routing protocols are:

  • Routing Information Protocol (RIP) version 2 for IP
  • Open Shortest Path First (OSPF)
  • Internet Group Management Protocol (IGMP) version 2 with router or proxy support.

The "Routing and Remote Access" tool is used to install, configure, and monitor these protocols and routing functions. After any of these dynamic routing protocals are installed, they must be configured to use one or more routing interfaces.

OSPF Terms

  • Area border router - A router that interfaces to subnets in more than one OSPF area.
  • Autonomous system - Routing areas that are administered by a single organization.
  • Autonomous system boundary router - A router that connects an autonomous system to another autonomous system or the internet.
  • Backbone area - The main OSPF or root routing area that is connected to all other areas with an ID of 0.0.0.0 (ID number does not reflect any IP address).
  • Internal router - Router that does internal routing.
  • Internal routing - Routing done in one routing area.
  • Routing area - A group of IP subnets connected by links with an ID similar to an IP address that is used to identify the area. In Active Directory, a routing area would likely be configured for each site. Passwords are used for each routing area.

Routing Configuration Issues

  • RIP - Tabs:
    • On the security tab of the RIP properties dialog box there as a selection of one of:
      • Accept announcements from all routers
      • Accept announcements from listed routers only - A list must be created.
      • Ignore announcements from all listed routers - A list must be created.
    • General - Maximum delay setting controlling how long the router waits to update other routers. Includes logging controls.
  • OSPF - Property box tabs:
    • Areas - In the OSPF properties dialog box (Areas tab?) select one of the following network types:
      • Broadcast - For normal local area networks.
      • Point-to-point - For demand dial interfaces.
      • Non-broadcast multiple access (NBMA) - For frame relay or X.25 networks.
    • General - Includes logging controls along with "Router Identification field" and "Enable Autonomous System Boundary Router" checkbox.
    • Virtual Interfaces - If an OSPF area is not connected directly to the backbone area, a virtual interface must be created to allow for it to go through one or more intermediate networks. The virtual interface tells OSPF which router has an interface that connects to the backbone area. The entered password must be the one required by the router with the interface connecting to the backbone area that packets are being sent to.
    • External Routing - Allow or reject external route table sources.
  • Internet Group Management Protocol (IGMP) version 2 Router and Proxy is used to manage routing of multicast network traffic.
    • Routers must be configured with IGMP to use multicasting on a network. The interface may be configured as an IGMP router or an IGMP proxy. An IGMP router will update its table with group information and forward multicast traffic.

The "Routing and Remote Access" tool server properties dialog box contains these tabs:

  • General - Can enable the computer as a router for LAN routing only or for LAN and demand dialing. Also the computer may be enables as a Remote Access Server (RAS).
  • Security - Can select Windows Authentication or RADIUS authentication for remote access and dial on demand connections. A provider to log all sessions with the router can be selected. Chioces are none, Windows accounting, or RADIUS accounting.
  • IP - Can "Enable IP routing", and "Allow IP-based remote access and demand-dial connections". The computer may also be configured to use a DHCP server to assign IP addresses to client computers or to use a static IP address pool.
  • PPP - Options:
    • Multilink connections
    • Dynamic bandwidth control using BAP or BACP
    • Link control protocol (LCP) extensions
    • Software compression
  • Event Logging - Can enable or disable PPP logging. Other options:
    • Log errors only
    • Log errors and warnings
    • Log the maximum amount of information
    • Disable event logging

NAT

Network Address Translation (NAT) is the same thing as IP Masquerading. It is used to allow one computer to masquarade on one interface for all other computers that are on another of its interfaces. It it not a firewall but adds security by allowing multiple computers to access the internet or an external network through it. External computers cannot directly contact computers on the network inside the NAT computer. The only registered interface is the interface on the NAT computer on the outside. If it is on the internet, it must have a registered IP address. NAT must be set up to use an interface that is set for routing.

The "Routing and Remote Access" administrative tool is used to install and configure NAT. Components:

  • Addressing - A server component that assigns IP address, netmask, gateway, and DNS server address to clients.
  • Translation - Maintains NAT table for connections.
  • Name Resolution - Acts as DNS server for internal machines on the network.

NAT Properties dialog box tabs:

  • General - Configure event logging to one of log errors only, log errors and warnings, log the maximum amount of information, and disable logging.
  • Translation - Configure the number of minutes it takes for NAT to remove TCP and UDP port mappings.
  • Address Assignment - Can set "Automatically assign IP addresses by using DHCP" and specify ranges and excluded addresses.
  • Name Resolution - Can configure NAT to act as a DNS proxy. If you have a separate DNS server, this option will not be necessary.

NAT Interface Properties dialog box tabs:

  • General - Select private interface connected to network or select public interface connected to internet. If it is connected to the internet, there is an option to allow TCP and UDP headers to be translated to send and receive data through the interface.
  • Address Pool - A public IP address may be assigned to an internal server (although on a different internal address) such as a FTP or web server. Requests to that public address will be sent internally to that server.
  • Special Ports - Allows requests to specific ports to another internal address.

TCP/IP Packet Filtering

Controls the type of packets (based on port destination) that a routing interface will receive or forward. It is configured using the "Network and Dial-up Connections" folder by right clicking on the local connection and selecting "Properties". You can set specific TCP and UDP ports along with specific IP protocols. Each protocol has a protocol number listed in the protocol or protocols file. Some examples are TCP, UDP, ICMP, IGMP, and more.