Making the connection with your remote sites
Setting up Remote Access Service (RAS) on a Windows NT server at the office
to let users dial in from home is simple (for information on how to do so, see
Michael D. Reilly, "Remote Access Service," May 1997). Users can then
access the network at the office or connect to the Internet through the office
LAN from their machines at home. But what if you want to connect several
machines from home or from a remote office? Unfortunately, RAS is not optimal in
these situations. A better solution is to set up a small LAN at the remote site
and use a router and ISDN to connect users to the RAS server at the office.
Figure 1 shows a typical scenario. Often, the office will have
numerous file and print servers, database servers, and a mail server. The office
environment you see in Figure 1 includes Microsoft BackOffice servers running
Microsoft Exchange, Windows Internet Name Service (WINS), Domain Name System
(DNS), and a connection to the Internet through a Cisco 2501 router. The remote
site has several servers and desktops, and it connects to the office through an
Ascend Pipeline 75 (P75) bridge/router. The Ascend P75 dials into a US Robotics
ISDN modem on an NT server running RAS. Desktop users at the remote site can
connect to any server at the office or browse any
site on the Internet as if they were sitting at the office. You need three
distinct IP network segments to create this environment, although you can use
subnetting, imaginary (non-routed) IP addresses, or a proxy server if you want
to get fancy.
An alternative scenario is to have a dedicated Ascend P75 at the main
office rather than a RAS server. However, the setup for that configuration is
entirely within the Ascend routers. The scenario we are describing here shows
how to integrate the Ascend P75 with NT RAS. This scenario also has the
advantage of not requiring any dedicated hardware at the office, and it can
support regular dial-in RAS clients and routed environments.
RAS Configuration
The NT server running RAS needs to have a fixed IP address because you need
to configure some static routes to it. In Figure 1, the server ras1.dcnw.com has
an IP address of 161.108.80.8, and the default gateway is set to point to the
Cisco 2501. You need to set up RAS on the server using the settings you see in
Table 1.
RAS assigns the remote clients connecting to ras1.dcnw.com an IP address in
the 192.168.50.0 network (these clients can also request a predetermined IP
address). In our example in Figure 1, the router at the remote site requests the
address 192.168.50.25. If you set up the configuration incorrectly (e.g., if the
router requests and receives a wrong IP address), the clients at the remote site
will not be able to connect to any hosts at the office or beyond. The remote
clients will not even be able to ping the remote hosts, even though the router
and ISDN are activated. This scenario can result in huge ISDN phone bills with
no connectivity to justify the cost.
Router Configuration
You need to configure the remote router to dial the RAS modem over ISDN, to
satisfy RAS authentication, and to route IP packets properly. This example uses
the Ascend P75 router. To configure this router, you can use a serial connection
or you can Telnet to the router's IP address (once you give it one). In either
case, you get a character-based screen that lets you navigate through various
menus to fill in the configuration parameters.
The first challenge is to correctly provision the ISDN line. After the
telephone company installs and tests the line, you need to open the Ascend P75
menu and configure first the system and then the Ethernet and ISDN operations.
This configuring requires that you enter several hardware and phone line
parameters, including the Service Profile Identifier (SPID) numbers that
identify your line. The telephone company typically helps you to configure this
aspect of the router to ensure that you have service.
This article will concentrate on only the configuration of the router that
is relevant to the connection to the NT network at the office and on the Ascend
configuration screens that you need to work with for that connectivity. For a
complete guide to all the Ascend configuration screens, consult the Ascend
documentation. Furthermore, to set up the system as described in this article,
you need to configure the Ascend P75 router to emulate numbered serial routing
(you assign one IP address to the router's Ethernet port and the other to the
WAN port). For this type of emulation, you must have version 4.6C or later of
the Ascend Pipeline software.
In the Washington, DC area, Bell Atlantic provides Basic Rate Interface
(BRI) ISDN service. After the telephone company has tested the router, you can
begin to configure the router for the office connectivity by going to the
Configure option from the Main menu. In the example you see in Figure 1, we
configured the Ascend P75 router with the values you see in Table 2.
The fields in this menu need some explanation. The first eight items in the
Main/Configure screen depend on the ISDN line and equipment that the telephone
company provides--the telephone company helped you enter this information while
testing the router. The remaining information relates to your connection to the
office, and the telephone company cannot help you here. Unfortunately, the
Ascend terminology does not correlate exactly to Microsoft nomenclature.
Therefore, Table 2 shows the Ascend field names and the values we entered, plus
the terms an NT engineer is familiar with, in parentheses.
The ninth item, My Name, refers to the NT domain and account you use at the
office that the Ascend P75 will use for authentication. The next item, My Addr,
is the IP address of the Ethernet interface of the Ascend P75 (i.e., the IP
address of the Ascend P75 as seen from the network at the home office, as shown
in Table 2). Note that unlike Microsoft, Ascend uses the /XX notation for IP
addresses. For documentation of this notation, see the Ascend literature; by the
way, /24 refers to a subnet mask of 255.255.255.0, which is what we will use for
the remote location. Next, the Dial # is the telephone number that the Ascend
P75 dials when activated to connect to the office. The remaining values affect
the IP configuration and NT authentication that the RAS server uses--set these
as shown in Table 2. Compare the values in Table 2 with those in Figure 1, so
that you understand the Ascend Pipeline terminology in the environment of an NT
WAN.
After you configure the remote router, you need to set up a profile. Select
the Ethernet option from the Ascend Main menu, enter any name for the profile,
and enter basic setup information for the connection to the RAS server. Table 3
shows the values we selected for the example in Figure 1.
In our example, most of the values you see in Table 3 for the Ethernet/Connections/<profilename>
screen were already entered in the Main
configuration screen you see in Table 2, with the exception of the Encaps
Option. Here we specify that the connection will use Point-to-Point Protocol
(PPP), which lets us connect over PPP to the RAS server. If you then select the
IP Options field, you see another screen with several critical values that you
need to enter. Table 4 shows the values for this screen. Note again the Ascend
Pipeline terminology for the different interfaces. Comparing the values in Table
4 with Figure 1 should make the configuration clearer; again, the terms that are
familiar to an NT network engineer are included in parentheses.
Previous
Rick Borie August 03, 1999