60 2. Sara N.s PPP session is tunneled through the PPTP stream, and the NT RAS server authenticates her username and password and starts her PPP session. Essentially, this all takes place just as if she were dialing into the RAS server via a directly connected modem. 3. The PPTP session can then tunnel the protocols that dial-up users are allowed to use. In Sara N.s case, TCPIP is one of those protocols, and the NT RAS server assigns her machine the internal corporate IP address of 2.1.1.129. Looking at Figure 4-1 , you can follow these events and see where the clients original Point- to-Point Protocol PPP session is encapsulated by the PPTP tunnel. This figure is a simplified version of what the actual topology looks like—routers at the ISP and corporate LAN, for instance, have been removed. Figure 4-1. Dialing into an ISP that supports PPTP Once the PPTP is completed and the sales manager is authenticated, she has access to the corporate network as if she were on the LAN. She can then check her email and access files on her desktop machine using file sharing.

4.2.2 Dialing into an ISP That Doesnt Support PPTP

In order for an ISP to support PPTP, they must be using one of the remote access switches we mentioned at the beginning of this chapter. Not every ISP uses those brands of remote access 61 switches, and some dont use these devices at all. Instead they might use modems connected to a multiport serial card in a Unix system, or some other terminal server device. Others might have the appropriate hardware, but choose not to implement PPTP because they dont want to be forced to do technical support for tunneled connections. Whatever the reason, theres a chance that your ISP may not offer PPTP; however, that doesnt mean that you cant use it. This scenario requires two things: first, you again need to have a Windows NT 4.0 RAS server with PPTP installed on your network, and it must be accessible from the Internet; second, your Windows NT Workstation, Windows 95, or Windows 98 client machine must have the PPTP protocol and Dial-Up Networking installed. Well use Sara N. for this example as well. This time, however, shes dialing into an ISP that doesnt support PPTP. In addition, shes running Windows NT 4.0 Workstation on her laptop computer. The sequence of events for a tunneling session with a non-PPTP-enabled provider is as follows: 1. Sara dials into her ISP using a dial-up networking profile for her account and establishes a standard PPP connection. 2. After the PPP connection has been made, Sara uses Dial-Up Networking again to dial into the PPTP RAS server at the corporate office. In this dial-up profile, however, she puts the IP address of the RAS server, 2.1.1.60, in the phone number field, and selects the dial device to be a VPN port set up through Dial-Up Networking well explain in Chapter 5 how to set this up. 3. A PPTP connection is made through Saras PPP connection over the Internet and to the RAS server. The RAS server then logs her into the corporate network using the username and password she supplied. The RAS server assigns her the internal IP address of 2.1.1.129, and she is then granted access to the corporate network. Figure 4-2 shows how the second PPTP call is encapsulated through the initial PPP connection to the ISP.