Chapter 8Internet SecretsIn This Chapter Learning how to connect to the Internet Understanding Virtual Private Networks (VPN) Understanding Point-to-Point Tunneling Protocol (PPTP) Configuring Internet Explorer for Proxy Server and HTTPS (Secure)This chapter could easily be an entire book. In fact, there are many bookson the Internet (you can see many of these books listed atwww.idgbooks.com). More important, let me set the tone for this chapter sothat you will know what to expect. The Internet is necessarily discussed inalmost every chapter of this book. So I am using this chapter to answer a fewquestions about the Internet, ones that I frequently encounter as a practicingWindows 2000 Server consultant.Obviously the history of the Internet has been covered in more texts thanyou or I care to count, so I’ll leave that topic alone. But it is interesting tonote that the Internet is creating its own history each day. Its short life todate suggests that there are untold opportunities for you to capitalize on theInternet. But for you to do that, you first need to successfully attach yourWindows 2000 server to the Internet. You have several ways to do this. In thischapter, after installing Remote Access Service, I’ll proceed with the dial-upapproach and work toward more complex Internet configurations.Configuring Remote Access ServiceHail to Windows 2000 Server, for it has simplified many tasks from its NTpredecessors, including the installation and configuration of Remote AccessService (RAS). But first, a quick history lesson. You will recall that RemoteAccess Server (RAS) has been part of the remote networking solution set inMicrosoft’s networking family since the earliest days of Windows NT Server(at which time it would only interact with the NetBEUI protocol).4620-1 ch08.f.qc 10/28/99 12:22 PM Page 281RAS has made something of a political comeback in the networkingcommunity. For years, RAS enjoyed mixed reviews at best for its unreliablesupport for modem-based dial-in and dial-out activity. However, with theadvent of Virtual Private Networks (VPNs), RAS is back. It actually managesthe VPN function very well in Windows 2000 Server, and I will discuss thislater in this chapter.Well, RAS has come a long way in Windows 2000 Server. The RAS installationis much more intuitive, starting with the Windows 2000 Configure Your Serverscreen (see Figure 8-1). Following are the steps to configure Remote AccessService for inbound Internet-based traffic. This sets the foundation for theVirtual Private Networking (VPN) discussion later.Figure 8-1: Windows 2000 Configure Your ServerSTEPS:Configure Remote Access ServiceStep 1. From the Windows 2000 Configure Your Server screen, select theNetworking link in the left pane and then select Remote Access.Select the “Open” link to launch the Routing and Remote Access MMC.Right-click the server object in the left pane (for example, TCI1)and select Configure and Enable Routing and Remote Access fromthe secondary menu (see Figure 8-2).282 Part II: TCP/IP■ ■4620-1 ch08.f.qc 10/28/99 12:22 PM Page 282Figure 8-2: Configure and Enable Routing and Remote Access selectionStep 2. The Welcome screen of the Routing and Remote Access ServerSetup Wizard appears. Click Next.Step 3. The Common Configurations screen appears (see Figure 8-3).Select Remote Access Server. Click Next.Figure 8-3: Remote Access ServerBe very careful about selecting the Network router option. First of all, thereare many compelling reasons, such as advanced configuration management,to use true routers (such as Cisco) on your Windows 2000 network. Second, itenables two-way routing of network traffic to and from the Internet (if you’reconnected directly to the Internet) and overrides the safeguards imposed byMicrosoft Proxy Server’s local address table (LAT).ContinuedChapter 8: Internet Secrets 283■ ■4620-1 ch08.f.qc 10/28/99 12:22 PM Page 283STEPS:Configure Remote Access Service (continued)Step 4. The Remote Client Protocols screen appears (see Figure 8-4).Select the appropriate button to accept or elect to add morenetworking protocols for remote access. Click Next. Figure 8-4: Remote Client Protocols screenStep 5. The IP Address Assignment screen appears (see Figure 8-5). Aftermaking your selection, click Next.Figure 8-5: IP Address Assignment screenStep 6. The Managing Multiple Remote Access Servers screen appears(see Figure 8-6). The screen allows you to elect to manage all RASservers from a central point. This election clearly depends onwhether you are managing a smaller LAN with only one RAS284 Part II: TCP/IP■ ■4620-1 ch08.f.qc 10/28/99 12:22 PM Page 284server (in which case the answer would be “No”) or managing aRAS server farm (in which case the answer would be “Yes”). Makea selection and click Next.Figure 8-6: Managing Multiple Remote Access Servers screenStep 7. Click Finish on the Completing the Routing and Remote AccessServer Setup Wizard to complete the RAS configuration (see Figure8-7). You will be returned to the Routing and Remote Access MMC.Select the WAN Miniport and click the Configure button. Select theRemote access (inbound) checkbox and enter the number ofMaximum ports you want to allow (see Figure 8-7). The default is five for Maximum ports, which means you’ve configured fivevirtual circuits for your Virtual Private Network (VPN). That means up to five VPN connections can exist at one time.Figure 8-7: Finishing the RAS configurationChapter 8: Internet Secrets 285■ ■4620-1 ch08.f.qc 10/28/99 12:22 PM Page 285Take a moment to look over the RAS configuration you have created byexpanding the objects in the left pane of the Routing and Remote AccessMMC. For example, if you select the Ports object in the left pane (below theserver object), you will see the WAN Miniports that have been created withVPN support in the right pane (see Figure 8-8).Figure 8-8: PortsThe L2TP ports relate to having the Remote Access Server use InternetProtocol security (IPSEC), a topic I cover in Chapter 13.If you right-click on the Ports object in the left pane and select Properties fromthe secondary menu, a Port Properties dialog box will be displayed that providesdetailed information on the ports and allows you to modify the configurations(see Figure 8-9).Figure 8-9: Ports Properties286 Part II: TCP/IP■ ■4620-1 ch08.f.qc 10/28/99 12:22 PM Page 286The number of maximum ports you configure will create the denominator forthe