Microsoft Remote Access Service

Windows NT Remote Access Service (RAS) is a networking service that connects remote or mobile workers to corporate networks. RAS uses the following remote access protocols for RAS server and client services:

Note

Remote access protocols control the transmission of data over wide area networks (WANs). Protocols such as TCP/IP, IPX, and NetBEUI are considered local area network (LAN) protocols. The focus of this chapter is TCP/IP; for detailed information about RAS and the other LAN protocols, see the Networking Supplement for Windows NT Server version 4.0.

RAS Servers

RAS servers act as a "proxy" for TCP/IP clients. RAS servers use proxy ARP to respond to ARP requests from RAS clients, and also set up the network host routes to each dial-up client. RAS servers may obtain configuration parameters for their clients from a DHCP server, and then use PPP IPCP (Internet Protocol Control Protocol), as defined in RFC 1332, to dynamically configure their clients with these parameters over the RAS link.

When a RAS server is configured to use DHCP to obtain TCP/IP configuration parameters for its clients, a pool of leased addresses is obtained from the DHCP server and managed locally by the RAS server. If more addresses are needed, or leases need to be renewed, the RAS server will contact the DHCP server; however, it does not check with the DHCP server each time a RAS client starts. If the RAS server is moved to another subnet, it may have a pool of leases that are not valid for the new subnet still stored in the registry until they expire.

RAS Clients

RAS clients using TCP/IP can be configured to use the default gateway on the remote network while they are connected to a RAS server. This default gateway overrides any local network default gateway while the RAS connection is established. The override is accomplished by manipulating the IP route table. Any local routes, including the default gateway, get their metric (hop count) incremented by one, and a default route with a metric of 1 hop is dynamically added for the duration of the connection. One-hop routes are also added for the IP multicast address (224.0.0.0), for the local WAN interface, and for the network that the PPP server is attached to.

This can present a problem connecting to resources by using the local network default gateway, unless static routes are added at the client. The following are sample route tables for a Windows NT workstation before and after connecting to a remote network using PPP:

Route table before dialing a PPP Internet provider:

Network Address

Netmask

Gateway Address

Interfac

Metric

0.0.0.0

0.0.0.0

172.16.112.1

172.16.112.11

1

127.0.0.0

255.0.0.0

127.0.0.1

127.0.0.1

1

172.16.112.0

255.255.255.0

172.16.112.11

172.16.112.11

1

172.16.112.11

255.255.255.255

127.0.0.1

127.0.0.

1

172.16.112.255

255.255.255.255

172.16.112.11

172.16.112.11

1

224.0.0.0

224.0.0.0

172.16.112.11

172.16.112.11

1

255.255.255.255

255.255.255.255

172.16.112.11

172.16.112.11

1


Route table after dialing a PPP Internet provider:

Network Address

Netmask

Gateway Address

Interfac

Metric

0.0.0.0

0.0.0.0

172.16.112.1

172.16.112.11

2

0.0.0.0

0.0.0.0

172.16.16.243

172.16.16.243

1

127.0.0.0

255.0.0.0

127.0.0.1

127.0.0.1

1

172.16.112.0

255.255.255.0

172.16.112.11

172.16.112.11

2

172.16.112.11

255.255.255.255

127.0.0.1

127.0.0.1

1

172.16.112.255

255.255.255.255

172.16.112.11

172.16.112.11

1

204.182.66.0

255.255.255.0

172.16.16.243

172.16.16.243

1

172.16.16.243

255.255.255.255

127.0.0.1

127.0.0.1

1

224.0.0.0

224.0.0.0

172.16.16.243

172.16.16.243

1

224.0.0.0

224.0.0.0

172.16.112.11

172.16.112.11

1

255.255.255.255

255.255.255.255

172.16.112.11

172.16.112.11

1


Secure Internet Transport with TCP/IP and PPTP

Windows NT-based RAS is based on PPP, the industry-standard for dial-up access services and includes industry-standards for authentication and encryption. PPTP, which is used to create virtual private networks (VPNs), uses PPP to provide compressed and encrypted RAS communication. PPTP technology enables RAS user access to private networks by using the Internet instead of long distance telephone lines (thus reducing transmission costs). RAS users can use PPTP over the Internet by either:

PPTP provides multi-protocol support for IP, IPX, and NetBEUI protocols. For example, RAS clients using PPTP and the Internet (as a network backbone) can send and receive IPX and NetBEUI packets.

Note

Because the Internet is a TCP/IP-based network, you must install and bind TCP/IP to the network card that will be used for RAS and PPTP communications. To select the network card (adapter) and to enable PPTP filtering, open the Microsoft TCP/IP Properties page, and click Advanced to open the Advanced TCP/IP Properties page. For specific instructions, see online Help.

The following figure illustrates the implementation of PPTP. Note that after processing a packet (from an IP, IPX, or NetBEUI transport), PPTP sends the packet to the top of the TCP/IP protocol stack. The TCP/IP protocol stack then sends the packet across the Internet. (At the receiving end of a packet transmission, the PPTP packet must be decoded by another PPTP service.)

Figure 6.8 Using RAS with PPTP and TCP/IP

For detailed information about PPTP, see the chapter "Point-to-Point Tunneling Protocol" in the Networking Supplement for Windows NT Server version 4.0.

Bandwidth Considerations

By default, RAS uses effective compression methods to increase the amount of data that can be pumped over a serial link. Bandwidth planning is important when designing and installing computers and services using RAS. As a rule of thumb, transfer rates can be estimated using the 10-bit byte to allow for protocol and timing overhead. For example, 9600 BPS (without compression) is approximately 1 Kbyte/second, 60Kbytes/minute, and 3.5Mbytes/hour. If the data being transferred compresses fairly well, 5-8 Mbytes per hour throughput might be expected. While this may be an adequate rate for a single workstation, it probably is not feasible as an inter-site link for most programs. ISDN (128Kbits/second or 45 Mbytes/hour, not including compression) might be more realistic. ISDN service in the United States has recently become more available and economical to install and use.