لطفا منتظر باشید ...
Publisher| ConnectionsTasks |
can create.
Enable or Disable a Connection
Network Connections Folder
right-click on connection
Enable/DisableBe sure to notify users before disabling a connection they are using.Monitor a Connection
You can monitor the status of
your
connections a couple of ways:Network Connections Folder
Right-click on an active connection
StatusRight-click on connection icon in system tray (if present) StatusThe General tab displays basic connection statistics. Some
connections like VPN also have a Details tab that shows information
like the IP address of the remote server, the authentication and
encryption methods used, and so on.You can also monitor the general status of all the connections on
your machine by:Network Connections Folder
View DetailsShare a Connection
See Advanced
under
Configure a Dial-up Connection later in this
section.
Repair a Connection
If a connection stops
working
properly, you can try repairing it by:Network Connections Folder
right-click on connection RepairThis may fix simple issues like an expired DHCP lease or missing DNSserver IP address. After repairing a connection, check it like this:Network Connections Folder
right-click on connection Status Support DetailsIf it still doesn't work, open its properties andcheck its configuration settings.
Configure Remote Access Preferences
For outbound dial-up
connections to remote access
servers, you can configure your client location information,
autodial, and callback settings as follows:Network Connections Folder
Advanced Remote Access Preferences specify your information OK twice Enabling autodialing starts an outgoing connection on demand whenit's required to access the Internet or a remote
access server. Callback lets a remote access server call back a
remote client attempting to connect, either to avoid having the
client pay the charges or to verify the identity of the client by its
phone number. You can also enable connection logging here for
troubleshooting purposes.
|
Enable Operator-Assisted Dialing
This feature is toggled on
or off using:Network Connections Folder
Operator-Assisted DialingWith this feature on, you can double-click on a connection, pick upthe telephone, and manually dial the number or ask the operator to do
it. Once the number has been dialed, click Dial, wait for the modem
to take control of the line (the modem has gone silent at this
point), and hang up.
Bridge Connections
You can easily bridge two
or more
LAN or high-speed Internet connections. Suppose your server has two
NICs connected to different network segments. By bridging these
connections, computers on each segment can communicate with each
other. To bridge connections:Network Connections Folder
hold down Ctrl and select connections right-click BridgeConfigure Binding Order for Connections
If you have several connections
of one type (such as remote
access), you can rearrange the order in which they are accessed by
network services and which network services they can use. Do this as
follows:Network Connections Folder
Advanced Advanced Settings move connections or bindings up or down Dial-up Connections
The following tasks are for
outbound
dial-up connections to private networks and the Internet.
Create a Dial-up Connection to the Internet
New Connection
Wizard
Connect to the Internet Connect using a dial-up modem specify ISP name and phone number specify who can use the connection (only you or anybody) specify credentials enable/disable Internet Connection Firewall (ICF)If you allow the connection to be used by anybody, you can select the"Use this account name and password when anyone
connects to the Internet using this connection"
option to use the specified credentials for all users.
Create a Dial-up Connection to a Remote Access Server
New Connection
Wizard
Connect to the network at my workplace Dial-up connection specify company name and phone number specify who can use the connection (only you or anybody)An administrator on the remote network must grant remote accesspermissions for your user account before you can dial up and connect.
Dial a Dial-up Connection
Once a connection has
been created, you can dial it by:Network Connections Folder
double-click on connection DialNote that the administrator on a remote private network must firstgrant dial-in permission to a user before the user can connect to a
remote access server. See Incoming Connections
later in this section for more information.
Disconnect a Dial-up Connection
To disconnect an established
connection, you can do one of two
things:Double-click on connection
DisconnectRight-click on connection icon in system tray (if shown) Disconnect
Configure a Dial-up Connection
When you use
the New Connection Wizard to
create an outbound dial-up connection, you specify only minimal
configuration information for the connection. If you need to further
configure the connection, open its properties sheet by:Right-click on connection
PropertiesThe configuration options are the same whether you are configuring adial-up connection to a private network or to the Internet. The
following are some of the more important settings on the five tabs of
this properties sheet. Note that some remote access terminology is
used in this discussionfor an explanation of PPP, BAP, PAP,
CHAP, and similar terms, see Routing and Remote
Access later in this chapter. Now I'll
describe what each tabbed page of options does.
General
Click the Alternates button on the General tab if you want to assign
multiple phone numbers to a connection. You can then have the
connection try each number in order until it succeeds in establishing
a connection. You can also configure it so that successful numbers
are moved to the top of the list for future connection attempts.Select the checkbox to make the connection icon visible in the system
tray, as this simplifies the process of monitoring and terminating
the connection. The connection icon blinks when data is being
transferred, and you can double-click on it to display the status of
the connection or right-click on it to terminate the connection.If you have more than one modem installed, you have additional
options on this tab that let you do the following actions.
- Specify which modem or modems will be used for this connection.
- Specify the order in which they are used to establish a connection.
(If the first modem fails, then the next one in the list is used.) - Specify whether they will all call the same numbers.
Options
The Options tab is where you specify redial attempts and whether the
connection should automatically terminate after being idle for a
period of time. You can also specify that the connection should
automatically redial if it is droppedthis is useful for file
transfers using FTP since WS2003 can resume a file transfer without
needing to start all over.If you have more than one modem installed and have enabled at least
two of them for this connection on the General tab, you have the
additional option of Multiple Devices on the Options tab. This new
option can be specified as:
- Dial all devices (the default selection)
Use this to configure a PPP Multilink dial-up connection. (The remote
access server you are dialing must also support PPP Multilink.)- Dial only the first available device
Use this if you want to use multiple modems to provide fault
tolerance for your connection.- Dial devices only as needed
Use this to configure a BAP connection for dynamic multilinking. (The
remote access server you are dialing must also support BAP.) After
you make this selection, click Configure to specify the conditions
under which lines are added or dropped to your connection.
|
Security
The Typical option on the Security tab gives you a series of
preconfigured settings for authentication protocols and data
encryption schemes. In any case, the remote access client and server
will negotiate the highest degree of security for authentication and
data integrity that they are both configured to support. The three
settings here are (in order of increasing security):
- Allow unsecured password (the default setting)
Allows any authentication protocol including PAP but
doesn't encrypt data- Require secured password
Doesn't allow PAP but can encrypt data- Use smart card
Allows only smart-card authentication and can encrypt data
If you want more granular control over which authentication protocols
and data encryption schemes the dial-up client supports, select
Advanced (custom settings)
Settings. For more informationon these various schemes and protocols, see Routing and
Remote Access later in this chapter.
|
terminal window and running a script during the connection
establishment process. These options are usually needed only for
legacy SLIP connections.
Networking
On the Networking tab you can specify that the ISP's
modem bank or company's remote access server you are
dialing into is either PPP or SLIP (it's almost
always PPP nowadays). If it is PPP, click Settings to configure
advanced PPP features, such as software compression, if they are
supported by the server you are calling.Usually, a dial-up connection to the Internet dynamically obtains a
client IP address using DHCP, and this is configured by default for
Internet Protocol (TCP/IP). If you need to specify a static IP
address for your machine for this connection, you can do so here.
Table 4-4 shows which networking components are
enabled for Internet versus remote access dial-up connections.
Networking component | Type of dial-up connection | |
|---|---|---|
To a private network | To the Internet | |
Internet Protocol (TCP/IP) | Yes | Yes |
Client for Microsoft Networks | Yes | No |
File and Print Sharing for Microsoft Networks | No | No |
Advanced
Formerly labeled "Sharing" in W2K
Server, the Advanced tab is used to set up Internet Connection
Firewall and configuring Internet Connection Sharing:
- Internet Connection Firewall (ICF)
Integrated into WS2003 connections is an enhanced firewall feature
that you can use to block dangerous traffic from your server. This
firewall has been significantly improved over that in W2K Server. To
configure ICF:Advanced tab select Internet Connection Firewall Settings- Services
This tab essentially lets you configure which inbound ports to open
on your connection to allow Internet users to access services on your
network. For example, if you select Web Server (HTTP), it opens port
80 for inbound traffic. By default, all inbound network traffic is
blocked.- Secure Logging
This tab lets you log inbound packets that are either passed through
or blocked by your firewall (or both). If you use ICF, you should
review your firewall logs regularly.- ICMP
This tab lets you control which kinds of inbound ICMP packets are
allowed through your firewall. ICMP packets are often used to probe
networks, and a flood of them may be used in a denial-of-service
(DoS) attack to prevent legitimate users from accessing services on
your network. By default, all inbound ICMP traffic is blocked.- Internet Connection Sharing (ICS)
ICS lets your computer act as a gateway to the Internet so that other
computers on your network can access the remote private network or
the Internet by dialing up the connection to this server. Using the
second checkbox, you can also specify that the connection be dialed
automatically when another computer on your network tries to use it,
a feature sometimes called on-demand dialing.
|
Direct Computer Connections
Direct computer connections
are used mainly for file transfers
between two computers over a null-modem (file-transfer) cable when no
networking adapters are installed. However, you can share a direct
computer connection, which gives you a way of connecting two networks
together using a null-modem cable.
Create a Direct Computer Connection
To create a direct computer
connection,
you first need to configure either a COM port to use a serial RS-232C
null-modem cable or a parallel port to use an ECP parallel
file-transfer cable:Control Panel
Phone and Modem Options Modems Add select Don't detect my modem select either cable option select Port Then decide which role your machine will assume:- Host machine
The computer that listens for and responds to direct computer
connection attempts from a Guest machine:New Connection Wizard Set up an advanced connection Connect directly to another computer select
Host choose port (LPT or COM) select users
allowed to connect- Guest machine
The computer that attempts to initiate a direct computer connection
with a Host machine:New Connection Wizard Set up an advanced connection Connect directly to another computer select
Guest choose port (LPT or COM) specify who can
use the connection (only you or anybody)
Note that when you create a Host connection, the RRAS service starts
and the connection is displayed in the Network
Connections folder as an Incoming Connection. However,
when you create a Guest connection, it's displayed
as a Direct Connection.
Establish a Direct Computer Connection
Make sure the null-modem
cable
is attached, then go to the Guest computer and do this:Network Connections Folder
double-click on connection ConnectConfigure a Direct Computer Connection
Configuring Guest machines
is similar to configuring dial-up
connections, and the same five tabs are present on the properties
sheet. There are a few differences, though:
- The General tab lets you choose only which device (COM or LPT port)
is used for the connection. - Advanced security settings are used instead of Typical ones used by
dial-up connections, and these should generally not be changed. - All default networking services are enabled for this connection.
The properties sheet for Host machines has only three tabs:
- General
Here, you can configure the Host to listen for Guests on multiple
portsfor example, COM and LPT. You can even use multilink to
combine multiple connections from a single Guest machine, though
you'd have to create multiple Guest connections on
the Guest machine to do this.- Users
Here, you specify which users are allowed to establish direct
computer connections with the Host machine. The information displayed
depends on whether your machine belongs to a workgroup or domain.- Networking
Like Guest machines, all default networking services are enabled for
this connection.
Incoming Connections
We'll focus here on creating
incoming connections on a standalone
server in a workgroup scenario. In a domain environment,
you're more likely to use the Routing and Remote
Access Service (RRAS) to create a full-fledged remote access server
for your remote clients.
Create an Incoming Connection
New Connection Wizard
Set up an advanced connection
Accept incoming connections select devices to listen on enable/disable VPN select users allowed to connect Properties allow callback if desired configure networking components for this connectionNote that the devices you can select depend onwhat's installed on your machine and may include COM
and LPT ports (for direct cable connections), modems, ISDN adapters,
and so on.By enabling a VPN for your connection, you allow remote users to
connect to your computer over the Internetprovided, of course,
that your machine has a public IP address so packets can be routed to
it from the Internet. This option is disabled by default for security
reasons. If you enable it, Windows automatically configures ICF, but
you should check the firewall configuration to make sure
it's configured the way you want it.The main networking component to configure for the connection is
TCP/IP. By opening the properties of this component you can:
- Have clients use their own IP addresses or assign them using DHCP
(the default) or from a pool of addresses - Allow (the default) or deny clients access to other computers on your
network
Allow/Deny Dial-in Permission to a User
When creating an incoming
connection using the procedure
described earlier, you specified the user accounts allowed to
connect. By doing so, the remote access permissions for these
accounts were set to Allow Access on the Dial-in tab of the
properties sheet for each account. If you later want to allow
additional users to use the incoming connection or decide to deny
access to a user you previously granted it to, do the following:Computer Management
System Tools Local Users and Groups Users right-click on user account Properties Dial-in allow or deny accessYou can also change the callback option for the user here.Configure an Incoming Connection
Right-click on connection
PropertiesThese settings discussed previously under Direct ComputerConnection in reference to Host machines.
Internet (Broadband) Connections
In addition to dial-up Internet connections (discussed under
Dial-up Connections earlier in this section),
you can create two types of broadband Internet connections: always-on
(LAN) or on-demand (PPPoE) connections.
Create an Always-on Broadband Internet Connection
First, make sure your DSL router is
configured properly, is turned on, and
your network cables are attached. Then do this:New Connection Wizard
Connect to the Internet Connect using a broadband connection that is always on That was easy!Create an On-Demand Broadband Internet Connection
New Connection Wizard
Connect to the Internet
Connect using a broadband connection that requires a username and password specify ISP name specify who can use the connection (only you or anybody) specify credentials enable/disable ICFConfigure an On-Demand Broadband Internet Connection
The configuration options here are identical to those for dial-up
Internet connections, except all references to modems and phone
numbers are removed.
Local Area Connections
Local area connections (typically, Ethernet connections)
can't be created manually using the New Connection
Wizard. Instead, they're created automatically
during Setup or when Windows detects a new network adapter. By
selecting them in the Network Connections
folder, they can be configured, disabled, enabled, and monitored like
other connections, but they can't be deleted unless
you remove the network card associated with the connection.
Configure Local Area Connections
To configure networking
components and protocols for local
area connections, do this:Control Panel
Network Connections select a local area connection Properties General For information about configuring TCP/IP settings for local areaconnections, see TCP/IP later in this chapter.
To configure firewall settings on your connection, do this:Control Panel
Network Connections select a local area connection Properties Advanced Protect my computer SettingsFor wireless LAN (WLAN) connections, you can also configureauthentication by:Control Panel
Network Connections select a local area connection Properties Authentication Virtual Private Network Connection
These are outbound connections that securely tunnel over the Internet
to a remote VPN server, such as a WS2003 machine with RRAS
configured.
Create a New VPN Connection
First, make sure you have
an
Internet connection configured on your machine, either dial-up,
on-demand broadband, or always-on, as described previously. Also,
make sure the VPN server on the remote network is ready and listening
so you can test your connection after you create it. Now proceed as
follows if you have a dedicated Internet connection:New Connection Wizard
Connect to the network at my workplace Virtual Private Network connection specify company name specify IP address or DNS name of remote VPN server specify who can use the connection (only you or anybody) If you have a dial-up or on-demand Internet connection, do thisinstead:New Connection Wizard
Connect to the network at my workplace Virtual Private Network connection specify company name select a dial-up connection specify IP address or DNS name of remote VPN server specify who can use the connection (only you or anybody) Instead of selecting a dial-up connection to automatically dial whenyou try to establish your VPN connection, you can choose
not to automatically dial a connection. In this
case, you have to manually establish your Internet connection before
you open your VPN connection.
Configure a VPN Connection
The settings for configuring a VPN
connection are the same as those
for a dial-up connection to a private network (discussed previously),
except for the following differences:
- General
Instead of modem settings, you specify the IP address of the remote
VPN server on this tab. If you have multiple dial-up or on-demand
Internet connections available, you can also specify which one to try
first when establishing your VPN connection.- Security
While the default security setting for dial-up connections to private
networks is Allow Unsecured Password, the default setting for VPN
connections is Require Secured Password with Require Data Encryption
also enabled. These settings are necessary because the VPN connection
travels over the Internet, which as everyone knows, is a dangerous
place (just like the Wild West was in its heyday).
If you enable the option Automatically Use My Windows Name and
Password, the credentials of the user currently logged on to your
machine are sent to the remote VPN server for authentication.
- Networking
File and Print Sharing is enabled for VPN connections (it
wasn't for dial-up connections).
Monitor a VPN Connection
Network Connections Folder
Right-click on an active VPN connection StatusThe General tab shows bytes sentand
received since the connection was initiated, as well as other network
traffic information. The Details tab shows useful information about
the type of server, IP address of server and client, type of
authentication protocol used, and so on. Here's an
example of what you might see on the Details tab if you were
connected to another WS2003 machine configured as a VPN server:
Server type: PPP
Transports: TCP/IP
Authentication: MS CHAP V2
Encryption: MPPE 56
Compression: MPPC
PPP multilink framing: On
Server IP address: 172.16.11.128
Client IP address: 172.16.11.130
