The Defense Advance Research Projects Agency (DARPA) originally developed Transmission Control

Protocol/Internet Protocol (TCP/IP) to interconnect various defense department computer networks. The
Internet, an international Wide Area Network, uses TCP/IP to connect government and educational
institutions across the world. TCP/IP is also in widespread use on commercial and private networks. The
TCP/IP suite includes the following protocols

Data Link Layer

ARP/RARP Address Resolution Protocol/Reverse Address
DCAP Data Link Switching Client Access Protocol

Network Layer
DHCP Dynamic Host Configuration Protocol
DVMRP Distance Vector Multicast Routing Protocol
ICMP/ICMPv6 Internet Control Message Protocol
IGMP Internet Group Management Protocol
IP Internet Protocol version 4
IPv6 Internet Protocol version 6
MARS Multicast Address Resolution Server
PIM Protocol Independent Multicast-Sparse Mode (PIM-SM)
RIP2 Routing Information Protocol
RIPng for IPv6 Routing Information Protocol for IPv6
RSVP Resource ReSerVation setup Protocol
VRRP Virtual Router Redundancy Protocol

Transport Layer
ISTP
Mobile IP Mobile IP Protocol
RUDP Reliable UDP
TALI Transport Adapter Layer Interface
TCP Transmission Control Protocol
UDP User Datagram Protocol
Van Jacobson compressed TCP
XOT X.25 over TCP

Session Layer
BGMP Border Gateway Multicast Protocol
Diameter
DIS Distributed Interactive Simulation
DNS Domain Name Service
ISAKMP/IKE Internet Security Association and Key Management Protocol and
Internet Key Exchange Protocol
iSCSI Small Computer Systems Interface
LDAP Lightweight Directory Access Protocol
MZAP Multicast-Scope Zone Announcement Protocol
NetBIOS/IP NetBIOS/IP for TCP/IP Environment

Application Layer
COPS Common Open Policy Service
FANP Flow Attribute Notification Protocol
Finger User Information Protocol
FTP File Transfer Protocol
HTTP Hypertext Transfer Protocol
IMAP4 Internet Message Access Protocol rev 4
IMPPpre/IMPPmes Instant Messaging and Presence Protocols
IPDC IP Device Control
IRC ·Internet Relay Chat Protocol
ISAKMP Internet Message Access Protocol version 4rev1
ISP
NTP Network Time Protocol
POP3 Post Office Protocol version 3
Radius Remote Authentication Dial In User Service
RLOGIN Remote Login
RTSP Real-time Streaming Protocol
SCTP Stream Control Transmision Protocol
S-HTTP Secure Hypertext Transfer Protocol
SLP Service Location Protocol
SMTP Simple Mail Transfer Protocol
SNMP Simple Network Management Protocol
SOCKS Socket Secure (Server)
TACACS+ Terminal Access Controller Access Control System
TELNET TCP/IP Terminal Emulation Protocol
TFTP Trivial File Transfer Protocol
WCCP Web Cache Coordination Protocol
X-Window X Window

Routing
BGP-4 Border Gateway Protocol
EGP Exterior Gateway Protocol
EIGRP Enhanced Interior Gateway Routing Protocol
HSRP Cisco Hot Standby Router Protocol
IGRP Interior Gateway Routing
NARP NBMA Address Resolution Protocol
NHRP Next Hop Resolution Protocol
OSPF Open Shortest Path First
TRIP Telephony Routing over IP

Tunneling
ATMP Ascend Tunnel Management Protocol
L2F The Layer 2 Forwarding Protocol
L2TP Layer 2 Tunneling Protocol
PPTP Point to Point Tunneling Protocol

Security
AH Authentication Header
ESP Encapsulating Security Payload
TLS Transport Layer Security Protocol

The TCP/IP suite is illustrated here in relation to the OSI model:

Click the protocols on the map to see more details.
How to setup VPN server on 2003 server

You may have two options to setup VPN server on Windows 2003. 1) Create an incoming
networking connection if you have small network or you want to setup one PC to PC
VPN; 2) If you have large numbers of incoming connections on a server that operates as
part of a distributed network or as a domain controller, you should use RRA to create a
VPN server.

Setup a VPN on Windows 2003 Server

Here we tell you how to configure a Windows 2003 server to give your mobile workforce access into your corporate
network over the Internet

Thursday, June 08, 2006

Think of a scenario where you need to

access some important files from your corporate server and you are sitting far away. One
way is to set up a remote access server with dial-up links. The other alternative is to set up
a remote access server over VPN. This will allow you to access your network resources
over the Internet. The links can also be secured so that data is encrypted while being
transferred. We'll explain how this can be done using Windows 2003 server. For this, you
need a multi-homed server with at least two network cards. The remaining process is as
follows.

Server setup
Configure both network cards with static IP addresses, one with an internal IP of your
LAN, while the other with a public IP. You also need a firewall in between to ensure that
your LAN is secure from external access. Then from your Windows 2003 server, go to
Start>Programs> Administrative tools>Routing and Remote access. This opens a Routing
and Remote Access MMC (Microsoft Management Console). On the left panel, you will
find an icon showing the server's status.
Right-click on the server icon and from
the popup menu, select the 'Configure and Enable Routing and Remote Access' option
from the pop-up menu. This will launch a Routing and Remote Access wizard to
configure its services. Click on Next, and the wizard will ask you to select the type of
routing configuration you would like to
set for this machine. Select 'Virtual
Private Network (VPN) Server' and
click Next. Now, the wizard will show
you the Remote client Protocol page,
select 'Yes, all required protocols are on
this list' option and Next. By default
setting is TCP/IP.

Here, the wizard will ask you to

configure the network card for VPN
setup. Select the network card, which is
connected on the public network
(203.122.29.x) and click on Next. It
will open the IP address assignment From Routing and Remote Access wizard, you need to select
the third option to set up VPN
page; click on the 'automatic' radio
button, if your network has a DHCP server available. If not, click on the 'From a specified
range of address' option, and give the range of IPs for clients and click on Next. This
screen will allow you to configure the authentication mode for the VPN setup.
Adding security policies
However, you can manage multiple remote access servers centrally with the help of
RADIUS or Remote authentication Dial-In User Service.

You can have multiple remote access servers on your network, but you would like to
authenticate users from one central server, rather than creating users account for each
remote access server. For configuring RADIUS use IAS (Internet Authentication Server),
built-in Windows 2000 Server. If you authenticate from the same server, click “No, I
don't want to setup this server to use RADIUS now' and click next. Finally click on
Finish button to complete the Routing and Remote Assess Server configuration. After this
you need to set policy for the users so that the remote user can dial-in. To give access
policies to users to connect on the VPN server, you must specify some access permission
to the users.

The RRAS wizard lets you choose the configuration you want, so that remote users can
connect to the VPN server from their VPN clients. Open Routing and Remote Access
from Start>Programs>Administrative tools. Click on 'Remote Access Policies' given on
the left panel, and click on plus
sign (+) to expand its sub-tree.

On the right panel, you find

'Allow access if dial-in
permission enabled' option,
right-click it to select its
properties. From the property
sheet, select 'Grant Remote
Access permission' radio
button, then click 'Ok' and close
the Routing and Remote Access Here from the User Management Console, select the user and set its
Dial-In Accessto 'Allow Access”
MMC. Next you need to grant
permission to the remote users to connect to the VPN server. For this open 'Active
Directory User and Computer' from Start>Programs> Administrative Tools, and select the
user. Double-click on it to check user properties. From the user property sheet, click on
Dial-In tab and select 'Allow access' radio button from Access permission Dial-In or
(VPN) option. Click 'Ok' and close the Active Directory User and Computer MMC.

Setup VPN client

Creating VPN clients is simple. We used Win XP Pro as a remote client. Go to
Start>Programs> Accessories> Communication, and click on 'New connection Wizard'.

This runs a wizard for creating a VPN connection. Select 'Connect to the network to my
workplace' and click on 'Next'. On the Network Connection page, click on 'Virtual Private
Network Connection' and click on Next. Next, the wizard will ask you for a connection
name. Provide a convenient name to it and click on Next. Now give the IP address or
DNS name for the VPN server and click on Next. Click on Finish button to close the
wizard. With this, your VPN client is ready. Launch the VPN client with the user name
and password to connect to your office VPN server. However, the speed of access
depends on the amount of bandwidth available.

Sanjay Majumder