Server Manager
Server Manager is a new feature designed to guide information technology (IT) administrators through the process of installing, configuring, and managing server roles and features that are part of Windows Server 2008. Server Manager is started automatically after the administrator completes the tasks listed in Initial Configuration Tasks. After that, it is started automatically when an administrator logs on to the server.
Use the following steps to install Routing and Remote Access using Server Manager:
To install Routing and Remote Access
Install Windows Server 2008.
Click Start, Administrative Tools, Server Manager.
Under Roles Summary, click Add roles.
Click Next. Select the Network Access Services role, and then click Next.
Click Next. Select the Routing and Remote Access Services role service, and then click Next.
Note
This will select all three Routing and Remote Access services.
Click Install. When the Installation Results dialog box appears, click Close.
Use the following steps to configure and enable the Routing and Remote Access service:
To configure and enable the Routing and Remote Access service
Click Start, Administrative Tools, Routing and Remote Access.
By default, the local computer is listed as a server. Right-click the server, and then click Configure and Enable Routing and Remote Access.
Click Next. Click Custom configuration, and then click Next.
Select all the services except NAT, click Next, and then click Finish.
Click OK, click Start service, and then click Finish.
SSTP tunneling protocol
Secure Socket Tunneling Protocol (SSTP) is a new form of virtual private networking (VPN) tunnel with features that allow traffic to pass through firewalls that block PPTP and L2TP/IPsec traffic. SSTP provides a mechanism to encapsulate PPP traffic over the SSL channel of the HTTPS protocol. The use of PPP allows support for strong authentication methods, such as EAP-TLS. The use of HTTPS means traffic will flow through TCP port 443, a port commonly used for Web access. Secure Sockets Layer (SSL) provides transport-level security with enhanced key negotiation, encryption, and integrity checking.
VPN enforcement for Network Access Protection
Network Access Protection (NAP) is a client health policy creation, enforcement, and remediation technology that is included in Windows Vista® client operating system and in the Windows Server 2008 operating system. With NAP, system administrators can establish and automatically enforce health policies, which can include software requirements, security update requirements, required computer configurations, and other settings.
When making VPN connections, client computers that are not in compliance with health policy can be provided with restricted network access until their configuration is updated and brought into compliance with policy. Depending on how you choose to deploy NAP, noncompliant clients can be automatically updated so that users can quickly regain full network access without manually updating or reconfiguring their computers.
VPN enforcement provides strong limited network access for all computers accessing the network through a VPN connection. VPN enforcement with NAP is similar in function to Network Access Quarantine Control, a feature in Windows Server 2003, but it is easier to deploy.
Remote access policy configuration
You must use Network Policy Server to create and configure remote access policies. Use the following steps to set the remote access policy to grant user access:
To configure the remote access policy
Open Routing and Remote Access.
Right-click Remote Access Logging & Policies, and then click Launch NPS.
Click Network Policies.
Double-click Connections to Microsoft Routing and Remote Access server.
On the Overview tab, under Access Permission, click Grant access, and then click OK.
IPv6 support
Windows Server 2008 and Windows Vista support the following enhancements to Internet Protocol version 6 (IPv6):
Protocols
PPPv6. Native IPv6 traffic can now be sent over PPP-based connections. (RFC 2472). For example, PPPv6 support allows you to connect with an IPv6-based Internet service provider (ISP) through dial-up or PPP over Ethernet (PPPoE)-based connections that might be used for broadband Internet access.
PPPv6 over dial-up/Ethernet as well as VPN tunnels
L2TP over IPv6
DHCPv6 Relay Agent
Stateless filtering, based on the following parameters:
Source IPv6 address/prefix
Destination IPv6 address/prefix
Next hop type (IP protocol type)
Source Port number (TCP/UDP)
Destination Port number (TCP/UDP)
RADIUS over IPv6 transport
IPv6 configuration
By default, Routing and Remote Access is configured to accept only Internet Protocol version 4 (IPv4) connections. In Windows Server 2008, you can use the Routing and Remote Access Microsoft Management Console (MMC) to configure IPv6 routing and connections. Use the following steps to configure Routing and Remote Access to accept IPv6 and IPv4 connections.
To enable IPv6 connections
In the Routing and Remote Access MMC, right-click the server, and then click Properties.
Click the IPv6 tab.
Enter an IPv6 prefix (for example: 3ffe::).
Click the General tab.
Click IPv6 Router, and then click IPv6 Remote access server.
Click OK, and then click Yes to restart the Routing and Remote Access service.
Server Manager is a new feature designed to guide information technology (IT) administrators through the process of installing, configuring, and managing server roles and features that are part of Windows Server 2008. Server Manager is started automatically after the administrator completes the tasks listed in Initial Configuration Tasks. After that, it is started automatically when an administrator logs on to the server.
Use the following steps to install Routing and Remote Access using Server Manager:
To install Routing and Remote Access
Install Windows Server 2008.
Click Start, Administrative Tools, Server Manager.
Under Roles Summary, click Add roles.
Click Next. Select the Network Access Services role, and then click Next.
Click Next. Select the Routing and Remote Access Services role service, and then click Next.
Note
This will select all three Routing and Remote Access services.
Click Install. When the Installation Results dialog box appears, click Close.
Use the following steps to configure and enable the Routing and Remote Access service:
To configure and enable the Routing and Remote Access service
Click Start, Administrative Tools, Routing and Remote Access.
By default, the local computer is listed as a server. Right-click the server, and then click Configure and Enable Routing and Remote Access.
Click Next. Click Custom configuration, and then click Next.
Select all the services except NAT, click Next, and then click Finish.
Click OK, click Start service, and then click Finish.
SSTP tunneling protocol
Secure Socket Tunneling Protocol (SSTP) is a new form of virtual private networking (VPN) tunnel with features that allow traffic to pass through firewalls that block PPTP and L2TP/IPsec traffic. SSTP provides a mechanism to encapsulate PPP traffic over the SSL channel of the HTTPS protocol. The use of PPP allows support for strong authentication methods, such as EAP-TLS. The use of HTTPS means traffic will flow through TCP port 443, a port commonly used for Web access. Secure Sockets Layer (SSL) provides transport-level security with enhanced key negotiation, encryption, and integrity checking.
VPN enforcement for Network Access Protection
Network Access Protection (NAP) is a client health policy creation, enforcement, and remediation technology that is included in Windows Vista® client operating system and in the Windows Server 2008 operating system. With NAP, system administrators can establish and automatically enforce health policies, which can include software requirements, security update requirements, required computer configurations, and other settings.
When making VPN connections, client computers that are not in compliance with health policy can be provided with restricted network access until their configuration is updated and brought into compliance with policy. Depending on how you choose to deploy NAP, noncompliant clients can be automatically updated so that users can quickly regain full network access without manually updating or reconfiguring their computers.
VPN enforcement provides strong limited network access for all computers accessing the network through a VPN connection. VPN enforcement with NAP is similar in function to Network Access Quarantine Control, a feature in Windows Server 2003, but it is easier to deploy.
Remote access policy configuration
You must use Network Policy Server to create and configure remote access policies. Use the following steps to set the remote access policy to grant user access:
To configure the remote access policy
Open Routing and Remote Access.
Right-click Remote Access Logging & Policies, and then click Launch NPS.
Click Network Policies.
Double-click Connections to Microsoft Routing and Remote Access server.
On the Overview tab, under Access Permission, click Grant access, and then click OK.
IPv6 support
Windows Server 2008 and Windows Vista support the following enhancements to Internet Protocol version 6 (IPv6):
Protocols
PPPv6. Native IPv6 traffic can now be sent over PPP-based connections. (RFC 2472). For example, PPPv6 support allows you to connect with an IPv6-based Internet service provider (ISP) through dial-up or PPP over Ethernet (PPPoE)-based connections that might be used for broadband Internet access.
PPPv6 over dial-up/Ethernet as well as VPN tunnels
L2TP over IPv6
DHCPv6 Relay Agent
Stateless filtering, based on the following parameters:
Source IPv6 address/prefix
Destination IPv6 address/prefix
Next hop type (IP protocol type)
Source Port number (TCP/UDP)
Destination Port number (TCP/UDP)
RADIUS over IPv6 transport
IPv6 configuration
By default, Routing and Remote Access is configured to accept only Internet Protocol version 4 (IPv4) connections. In Windows Server 2008, you can use the Routing and Remote Access Microsoft Management Console (MMC) to configure IPv6 routing and connections. Use the following steps to configure Routing and Remote Access to accept IPv6 and IPv4 connections.
To enable IPv6 connections
In the Routing and Remote Access MMC, right-click the server, and then click Properties.
Click the IPv6 tab.
Enter an IPv6 prefix (for example: 3ffe::).
Click the General tab.
Click IPv6 Router, and then click IPv6 Remote access server.
Click OK, and then click Yes to restart the Routing and Remote Access service.