Microsoft

Talking Shop: Making the connection with Windows 2000 Professional Dial-Up Networking

The Windows 2000 Professional Dial-Up Networking client now allows you to call a VPN server on the intranet or Internet, and there are no complex protocol and interface configurations to make.


Did you know Windows NT 4.0 Workstation had built-in RAS client and RAS server capabilities? It you didn’t, then you’re a member of a very large club. Setting up Windows NT 4.0 Workstation to be a RAS client or server was not an easy thing to accomplish. As was typical in Windows NT 4.0, there were multiple interfaces you had to slog through to access the configuration dialog boxes and get things set up correctly. When you eventually found your way to the correct interface, the configuration was far from intuitive.

Windows 2000 Professional includes all the features of the Windows NT 4.0 Workstation RAS client and server, and a lot more. The configuration interface is wizard-driven; it’s almost impossible to make a mistake. The Windows 2000 Professional Dial-Up Networking client now allows you to call a VPN server on the intranet or Internet. Unlike in Windows NT 4.0, this feature is available right out of the box, and there are no complex protocol and interface configurations to make.

The RAS server feature is also improved. A Windows 2000 Professional machine can support a single dial-in session from a remote user per interface. However, the operating system also supports analog, ISDN, VPN, parallel, serial, and infrared interfaces. Thus, the machine can actually handle multiple inbound sessions.

In this Daily Drill Down, we’ll look at the dial-up networking features available in Windows 2000 Professional. These features can be broken down into two major categories:
  • Outbound access
  • Inbound access

Once you understand the features and functionality of outbound and inbound RAS access on a Windows 2000 Professional computer, you’ll never want to get near a Windows NT 4.0 workstation again!

Windows 2000 Professional outbound remote access
Windows 2000 Professional supports several types of outbound remote access. These include:
  • Corporate dial-up RAS client calls
  • ISP dial-up calls
  • VPN client calls

A wizard guides you through creating each type of connection. When you create a connection to a particular location, the object the wizard creates is called a connectoid. There are several connectoids seen in Figure A.

Figure A
The connectoid is an icon located in the Network And Dial-up Connections window; it is used to invoke a particular type of connection.


Creating a corporate RAS Dial-Up client
When a remote user establishes a dial-up connection to the corporate network, his or her computer is a participant on the network in exactly the same way as a machine attached via the local Ethernet. The VPN client can access the same resources and print to the same printers as the locally attached machines. If the user dials in using the option in the logon dialog box for remote access, he or she will not even need to enter credentials to access network shares and other network resources.

To create a connectoid to connect to the corporate RAS server, perform the following steps:
  1. Open the Control Panel and double-click on the Network And Dial-up Connections icon.
  2. In the Network And Dial-up Connections window, double-click the Make New Connection icon. This opens the Welcome To The Network Connection Wizard page. Click Next to continue.
  3. The Network Connection Type page appears (Figure B).
  4. The Phone Number To Dial (Figure C) page allows you to enter the phone number for the corporate RAS server. You can enter the entire phone number in the Phone Number text box, or you can enable the Use Dialing Rules check box and select the area code from the Area Code drop-down list box. After entering the phone number, click Next.
  5. The Connection Availability page allows you to make the connectoid available for all users or only for yourself. For security reasons, the connectoid should only be available to the user that creates it. Many users decide to save their dial-up password in the connectoid. Therefore, you do not want it to be available to other users who might access the machine. Click Next.
  6. The Completing The Network Connection Wizard dialog box appears and asks you to name the connectoid. Click Finish (Figure D).

Figure B
Select the Dial-up To Private Network option and click Next.


Figure C
Configuring the phone number to dial


Figure D
Put a check mark in the check box for Add A Shortcut To My Desktop to make access to the connectoid much easier.


From the connectoid’s icon on the desktop, launch the RAS connection. You will see the Connect Corporate RAS Server dialog box, as seen in Figure E.

Figure E
Making the connection


The logged-on user's name will appear automatically in the User Name text box. If the user needs to log on with another name, he or she can manually enter it here. The Save Password check box allows the password to be saved with the connectoid. Beware of the security implications of saving the password with the connectoid. The phone number to dial is automatically included, as is the location.

Creating an ISP dial-up and local network Internet connection
Your company may decide not to allow direct dial-up connections to a corporate RAS server. Direct dial-up RAS servers can be expensive to implement and maintain. A more cost-effective solution is to allow users to dial up an Internet connection and then create a virtual private network (VPN) connection to a corporate VPN server via the dial-up Internet connection.

Creating an ISP dial-up connectoid is similar to creating the corporate RAS client connectoid. Perform the following steps to create the ISP dial-up connectoid:
  1. Open the Control Panel and double-click on the Network And Dial-up Connections icon.
  2. In the Network And Dial-up Connections windows, double-click the Make New Connection icon. This opens the Welcome To The Network Connection Wizard page. Click Next to continue.
  3. The Network Connection Type page will appear. Select Dial-up To The Internet and click Next.
  4. The Welcome To The Internet Connection Wizard (Figure F) appears. You have three choices:
  • The I Want To Sign Up For A New Internet Account... option allows the user to create a new dial-up account with an ISP. Microsoft provides a list of ISPs. Since your company will have provided its users with an account, there is no reason for a user to select this option. Even if the user does not have an ISP account, he can do better by researching local or national ISPs.
  • The I Want To Transfer My Existing Internet Account To This Computer... option gives you the opportunity to sign up for a new account, even though you already have an existing one. Avoid this option unless you want to transfer to a new ISP.
  • The I Want To Set Up My Internet Connection Manually... option is the preferred option if you already have an ISP account. This option provides you the most flexibility when setting up the connection.

Select the third option and click Next to continue.
  1. The Setting Up Your Internet Connection page (Figure G) allows you to connect to the Internet using a phone line and modem or via a local area network (LAN) connection. If you choose the I Connect Through A Phone Line And A Modem option, subsequent pages will ask you for a username and password, the phone number of the ISP, the name of the connection, and whether you want to create a mail account. All these steps, except for the mail account step, are the same as when you created a direct dial-up connection to the corporate RAS server. The I Connect Through A Local Area Network (LAN) option allows a machine on a network with a centrally routed or proxied connection to the Internet to connect to Internet resources. A large proportion of remote employees have small home networks. In this example, we’ll select this option. Click Next to continue.
  2. The Local Area Network Internet Configuration page appears next (Figure H). The Automatic Discovery Of Proxy Server (Recommended) option allows the client to use a wpad entry contained on either a DNS or DHCP server. If such an entry is not made on the internal network, this option should be left blank. The Use Automatic Configuration Script option allows the client to take advantage of Microsoft Proxy Server 2.0 or ISA Server 2000 caching arrays. Since it’s unlikely that a user will have an enterprise array on his home network, this option should also be disabled. The Manual Proxy Server option is the preferred option for a home network. Select this option and click Next.
  3. The second Local Area Network Internet Configuration page allows you to configure the IP address of the proxy server. Most home network users will have a single proxy or NAT server. Enter the IP address of the internal interface of the proxy server and place a check mark in the Use The Same Proxy Server For All Protocols check box. Click Next.
  4. The third Local Area Network Internet Configuration page allows you to configure addresses on the local network that will bypass the proxy server. Click Next to continue.
  5. The Set Up Your Internal Mail Account page offers the user an opportunity to create a new mail account. Select No on this page and click Next.
  6. On the last page of the Wizard, click Finish to complete the Internet connection.

Figure F
Select the third option from the Internet Connection Wizard.


Figure G
Connecting to the Internet through the LAN.


Figure H
Configure the LAN-connected Internet client to use a proxy server.


The machine is now able to connect to the Internet through the proxy or NAT server. If you had created a dial-up connection to the Internet, a connectoid similar to the corporate RAS client connection would be created.

Creating a VPN client connection
Windows 2000 Professional supports outbound VPN client connections through both dial-up and LAN interfaces. Unlike in Windows NT 4.0 Workstation, you do not need to install a PPTP VPN adapter and go through a circuitous configuration procedure. A wizard walks you through the process of creating the VPN client connection.

If the machine is not connecting to the VPN server through a LAN connection, it will need to dial up an ISP before establishing the VPN link. Therefore, you need a dial-up connectoid configured on the machine. When you configure the dial-up VPN connection, Windows 2000 Professional will offer to dial up the ISP automatically before establishing the VPN link.

To create a dial-up VPN link, perform the following steps:
  1. Open the Control Panel and double-click on the Network And Dial-up Connections icon.
  2. In the Network And Dial-up Connections window, double-click the Make New Connection icon. This opens the Welcome To The Network Connection Wizard page. Click Next to continue.
  3. The Network Connection Type page will appear. Select the Connect To A Private Network Through The Internet option and click Next.
  4. On the Public Network page (Figure I), you choose whether to connect to the VPN server via a LAN connection or through a dial-up connection. To create the initial ISP link, click the down arrow under the Automatically Dial This Initial Connection option and select your ISP connection. After making the selection, click Next.
  5. On the Destination Address page (Figure J), type in the Fully Qualified Domain Name (FQDN) or IP address of the VPN server. Click Next to continue.
  6. On the Connection Availability page, choose to make the connection available for all users or only for yourself. For security reasons, your best option is to make the connection available only for the user who creates it. Click Next to continue.
  7. On the final page of the Wizard, type in the name of the connectoid and click Finish.

Figure I
Selecting the type of public network connection.


Figure J
If you type in a FQDN, the client must be able to resolve the address by using a public DNS server.


The connectoid for the VPN link will appear in the Network And Dial-up Connections window. When you double-click the connectoid, a dialog box will appear asking if you would like to establish a link with the ISP before connecting to the VPN server. After the Internet connection is established, a second dialog box will appear asking for credentials to establish the VPN connection to the VPN server.

Windows 2000 Professional inbound remote access connections
Windows 2000 Professional can also accept inbound calls. Unlike Windows 2000 Server machines, a Windows 2000 Professional machine can accept only a single inbound connection per RAS interface. Inbound calls can be accepted via serial, parallel, infrared, and VPN interfaces.

To configure the Windows 2000 Professional computer to accept inbound calls, perform the following steps:
  1. Open the Control Panel and double-click on the Network And Dial-up Connections icon.
  2. In the Network And Dial-up Connections windows, double-click the Make New Connection icon. This opens the Welcome To The Network Connection Wizard page. Click Next to continue.
  3. Select the Accept Incoming Connections option button and click Next.
  4. On the Devices For Incoming Connections page (Figure K), select the device on which you want to accept inbound connections. In this example, we can accept calls on a modem and an LPT (parallel) port. Note that we can select and receive calls on all devices. We’ll select both interfaces, and click Next.
  5. On the Incoming Virtual Private Connection page (Figure L), you tell the wizard whether you want to accept VPN connections on this interface. If you wish to make VPN connections to the Windows 2000 Professional computer, the machine should have a dedicated connection to the Internet. Typical dedicated connections are xDSL, ISDN, and cable modem connections. However, you can get dial-up modem accounts that allow for dedicated connections with true unlimited access. Note that the modem will still allow inbound direct dial-up connections with this configuration. Click Next.
  6. On the Allowed Users page (Figure M), you select which users you want to allow permission to make inbound calls. In this example, we’ll select the Administrator account and click Next.
  7. The Networking Components page (Figure N) displays the network protocols and services used for this connection. Click on the Internet Protocol (TCP/IP) entry and then click the Properties button.
  8. The Incoming TCP/IP Properties page (Figure O) allows you to configure how IP addresses are assigned to inbound callers. Place a check mark in the Allow Callers To Access My Local Area Network check box if you want RAS clients to be able to access the internal network behind the Windows 2000 Professional machine. If this check box is not checked, the user will only be able to access resources on the Windows 2000 Professional machine itself.
    In the TCP/IP address assignment frame, choose whether you want to assign addresses via DHCP or from a static pool of IP addresses. If you choose to use DHCP, you must be sure you have a DHCP server on the internal network on the same network ID as the internal interface of the Windows 2000 Professional computer. If you choose to use a static pool of addresses, you will have to configure a From and a To address. You must include at least two addresses. If you try to put the same address in both boxes, you will get an error.
    The Allow Calling Computer To Specify Its Own IP Address option will allow the caller to configure his or her own IP address in the VPN client connection interface. Be careful with this option. If the client tries to use an IP address that is already in use on the network, the connection will fail. Click OK and click Next.
  9. On the final page of the Wizard (Figure P), you are informed that the connection will be named Incoming Connections.

Figure K
Selecting a device for inbound connections


Figure L
We will allow inbound VPN connections.


Figure M
Allow users inbound access.


Figure N
You can also configure the properties of the other components here.


Figure O
Configuring client IP addressing parameters


Figure P
All inbound connections will be accessed through this connection.


You do not need to restart the computer. After you complete the Wizard, users can begin to make inbound calls to the Windows 2000 Professional computer.

Conclusion
Windows 2000 Professional supports the roles of RAS server and RAS client. As a RAS client, it can make direct dial-up and VPN connections. As a RAS server, it can receive a single inbound call on each RAS-enabled interface. The Windows 2000 Professional computer supports inbound calls to just the Windows 2000 Professional machine itself, or to the entire network to which the Windows 2000 Professional machine is attached. RAS connections are easy to set up because all inbound and outbound connections are created using a wizard.

Editor's Picks

Free Newsletters, In your Inbox