Demand-Dial Routing
Demand-Dial Routing |
|
The main components of demand-dial routing are the calling router, the answering router, and the connection medium as illustrated in Figure 6.1.
Figure 6.1 Components of Demand-Dial Routing
The calling router initiates the demand-dial connection. It contains the following components:
The Routing and Remote Access service on the calling router must be configured as a LAN and WAN router and configured for IP address allocation (either using DHCP or a static pool) and authentication methods.
A port is a logical or physical communications channel capable of supporting a single PPP connection. Physical ports are based on equipment installed in the calling router. Virtual private network (VPN) ports are logical ports.
A demand-dial interface configured on the calling router represents the PPP connection and contains configuration information such as the port to use, the addressing used to create the connection (such as a phone number), authentication and encryption methods, and authentication credentials.
An IP or IPX route in the routing tables of the calling router is configured to use a demand-dial interface to forward traffic.
The answering router, the router that accepts an initiated demand-dial connection from a calling router, contains the following components:
The Routing and Remote Access service on the answering router must be configured as a LAN and WAN router and configured for IP address allocation (either using DHCP or a static pool) and user authentication.
A port is a logical or physical communications channel capable of supporting a single PPP connection. Physical ports are based on equipment installed in the answering router. Virtual private network (VPN) ports are logical ports.
To authenticate the calling router, the credentials of the calling router must be verified by the properties of a corresponding user account. A user account for the calling router must be either locally present or available through Windows 2000 security. If the answering router is configured for RADIUS authentication, then the RADIUS server must have access to the user account of the calling router.
The user account must have the following settings:
For a one-way initiated connection, configure static IP routes that are added to the answering router's routing table when the demand-dial connection is made.
For two-way initiated connections, a demand-dial interface configured on the answering router represents the PPP connection to the calling router. For a one-way initiated connection using static routes on the user account of the calling router, a demand-dial interface on the answering router does not need to be configured.
For two-way initiated connections, an IP or IPX route in the routing tables of the calling router is configured to use a demand-dial interface to forward traffic.
For one-way initiated connections, you can configure the user account of the calling router with static IP routes.
To specify connection parameters that are specific to demand-dial connections, create a separate remote access policy that uses the Windows-Groups attribute set to the group, which has all of the user accounts for calling routers as members. A separate remote access policy for demand-dial connections is not required.
The PPP link is established over either a physical medium or a tunnel medium. Physical mediums include analog phone lines and ISDN. Tunnel mediums include Point-to-Point Tunneling Protocol (PPTP) and Layer Two Tunneling Protocol (L2TP).
