Enabling and Configuring a RRAS Server in Windows Server 2003

Remote Access is installed as part of Windows Server 2003, however it is disabled by default. To enable Remote Access, click Start.

Use the buttons below to navigate through the lesson


Select Administrative Tools. Open Routing and Remote Access. The Routing and Remote Access console will appear. A red arrow next to server indicates that Routing and Remote Access is currently disabled. To enable remote access right-click on the Server. Select Configure and Enable Routing and Remote Access. The Routing and Remote Access Server Setup Wizard will appear. Click on Next to continue.

The wizard will prompt for the type of server required. Select Remote access (dial-up or VPN) to enable computers to connect to the server through the internet. Click Next to continue. The wizard will prompt you for the type of Remote Access that you wish to enable. Check the box for VPN to enable VPN connections on this server. Click on Next to continue. The wizard will ask how this server connects to the internet. Specify the connection and click Next to continue.

The IP Address Assignment page will appear. Select From a specified range of addresses to choose your own IP Address scope. Click on Next to continue. Click on New to create a new Address Range Assignment. Specify the Start IP address and End IP address of the address range into the relevant dialog boxes. Click on OK to continue. Click on Next to continue.

When Multiple remote access servers are used RADIUS may be needed. Select Next to continue without RADIUS.  Click Finish to close the Routing and Remote Access Wizard. A warning box is displayed indicating that a DHCP relay agent is needed. Click on OK to accept the warning. The Remote Access Service is then started. A green arrow next to the server indicates that the service has been started.

Configuring an RRAS Server

Right-click on the server to view the different configuration properties available. Select Properties. From the General tab, Remote Access and Routing can be enabled or disabled by selecting/deselecting the relevant boxes. LAN and Demand-dial routing can also be enabled. From the Security page the Authentication provider can be configured. When the user logs onto the server the authentication provider will be used to validate the user.

Either RADIUS or standard Windows Authentication can be used. RADIUS is normally needed when there are NT 4.0 RAS servers on the network. Click on the Authentication Methods box to enable or disable the various authentication protocols available. The various Authentication protocols can be enabled or disabled from here. Clients won’t be able to connect to the server if the protocol it is using isn’t selected here. The Accounting provider states which provider will be responsible for maintaining a log, this will normally be the same as the authentication provider. Similar to before, RADIUS or Windows Accounting can be used.

From the IP page, IP Routing can be enabled and disabled as well as IP-based remote access and demand-dial connections. The server can be configured to use a DHCP server or use a pre-defined range of addresses. When the clients connect to the network they will need an IP address to talk to the other machines. IP address assignment can be configured from here. Broadcast based name resolution can be enabled or disabled from here. The adapter which is connected to the DHCP server also needs to be specified in the Adapter tab.

The PPP tab can be used to configure the PPP protocol. If multilink is required then ensure you select Multilink connections. Bandwidth Allocation Protocol, LCP extensions and software compression can also be enabled/disabled from here. To use multilink, multilink must be enabled on the client as well as the server.

LCP extensions add more functionality to the LCP negotiation process and should be disabled if down-level clients don’t support it. From the Logging page the level of errors logged to the event log can be configured.  Be careful when logging the maximum amount of information as it can be quite disk and processor intensive.

Select Ports to view information about the PPTP/L2TP ports that are currently in use. A list of ports and their status is displayed. There are two types of ports, PPTP and L2TP. To configure port properties right-click on Ports. Select Properties. A list of devices and the number of available ports is displayed, e.g. There are 128 ports available for PPTP VPN connections. Highlight the device name to configure it. Select Configure.

Remote Access can be enabled and disabled for this port as well as demand-dial routing. You can also configure the maximum number of ports the device will support.