Routing and remote access service (RRAS) can be used to cater to following scenarios: -
- Remote access (e.g. employees accessing corporate network from their home, hotel etc). This can be achieved using dialup (analog + ISDN) lines as well as Internet links (i.e. VPN tunnels).
- Site-to-site connectivity (e.g. branch office connecting to a head quarters). This again can be achieved using dialup (analog+ISDN) as well as Internet links (i.e. VPN tunnels). This scenario is called as demand-dial also in RRAS terminology.
- Internet access router (e.g. NAT router facing internet).
- LAN router (e.g. multiple ethernet links).
- Any combination of the above scenarios.
The following optional features can be added to the above scenarios: -
- Static filtering (to protect the RRAS box - as it sits on the edge of the network). This can be enabled on public/private interfaces as well as per PPP interface (i.e. per remote access clients based upon remote access policy).
- Automatic generation of client VPN profile using connection manager administration kit (CMAK). This smoothens out the creation of VPN connection on the remote access users' PC (they just need to click and install an application and ready to go).
- Enable multicast forwarding (e.g. if you have a multicast video feed from corporate network that needs to be relayed to remote access clients/sites) using IGMP Proxy
- Enable unicast routing through RIP (e.g. if you have multiple routers on the LAN side).
- Various authentication schemes (MSCHAPv2, EAP-TLS, EAP-smart-card) including two factor authentication (smart-tokens)
- Strong encryption algo and PKI based certificate infrastructure.
The only **feature** that we don't support is the hefty price for such a solution, but that we have generously left to other remote access competitors 🙂
Lead Program Manager
RRAS, Windows Enterprise Networking
"This posting is provided "AS IS" with no warranties, and confers no rights."