Using RAS for Host Access

Access a host via RAS server and use SNA Server to access an IBM host from Windows 95 and NT Workstation systems.

John Enck

July 31, 1997

17 Min Read
ITPro Today logo in a gray background | ITPro Today

Using RemoteAccess Service (RAS), you can easily set up a Windows NT Server 4.0 system toact as a gateway between remote systems and your LAN-based hosts (e.g., UNIXsystems, IBM mainframes, IBM AS/400s, Digital Equipment VAXs). In thisenvironment, remote systems can dial in to the RAS server and then directlyaccess a host using TCP/IP-based services such as Telnet or FTP. Similarly, ifyou have a conventional SNA environment attached to your LAN, you can also useRAS to accommodate access to IBM mainframes and AS/400s via SNA Server.

You can use a wide variety of remote systems to access a host via a RASserver, but I'll focus on these three remote system configurations: a Macintoshsystem using TCP/IP to access a UNIX host, a Windows 3.x system using TCP/IP toaccess a UNIX host, and a Windows 3.x system using SNA Server to access an IBMhost. (The absence of DOS, NT Workstation, and UNIX configurations from thislist does not mean that you cannot use them as remote systems--I've excludedthem for the sake of my sanity.) I'll also touch briefly on using SNA Server toaccess an IBM host from Windows 95 and NT Workstation systems.

TCP/IP for Host Access
Before jumping into the remote system configurations for direct TCP/IPaccess to a host, let's pause and look at three big-picture considerations thatrelate to the way TCP/IP operates. First, do you have (or need) a TCP/IP router(called a gateway) in your LAN? Second, do you have a name server in your LAN,and if so, is it configured to support your host? Third, how should you assignthe IP address to the remote system? Let's examine each of these considerations.

A TCP/IP gateway provides a path that lets your TCP/IP traffic travel fromone logical network (IP subnet) to another. If all your local and remote systemsuse IP addresses that reside in the same subnet, you don't need a gateway. Ifyour remote systems use IP addresses that reside in a separate subnet, you musthave a gateway in place to move traffic between the subnets. The most commonapplication for a TCP/IP gateway is to provide a link to the Internet (which, ofcourse, is a huge collection of TCP/IP subnets).

The second consideration--name serving--affects your ability toreference hosts by name. For example, if you want to launch a Telnet session toa UNIX host named AIXLAB, you would probably like to say

TELNET AIXLAB
A name server provides a central service to convert IP names into IPaddresses. If you have a name server, make sure you configure the name of yourUNIX host in it. If you don't have a name server, don't feel obligated toimplement one: You have two alternatives.

First, you can define host-to-address mapping files in each remote systemin a hosts file. Most TCP/IP implementations support the ability to resolvenames from such a file. Second, you can avoid using names entirely and use onlythe IP address to initiate connections. For example, if the IP address forAIXLAB is 216.56.55.63, you can use the command

TELNET 216.56.55.63
The final consideration is how to set the IP address on the remote system.You have two options: You (or the user) can manually configure the IP address onthe remote system, or you can have the IP address download from the RAS serverdynamically.

Given a choice, opt for letting the server determine the address. Thisapproach provides centralized control and eliminates the possibility of a typoin an IP address. Unfortunately, you will find that many Point-to-Point Protocol(PPP) implementations do not support dynamic address assignment, or even worse,their implementations of dynamic address assignment are incompatible withMicrosoft's implementation (hey, it happens). In these cases, you must manuallyassign IP addresses in your remote systems.

Time to PPP
With a backdrop now in place, let's talk about two specific configurationsfor direct TCP/IP access to a host system in your LAN: access from a Macintoshand access from a Windows 3.x system. Strangely enough, the Macintosh connectionis the easier connection to set up--the Macintosh operating system betterintegrates TCP/IP than does the Windows 3.x environment.

To enable Mac-to-AS/400 access over TCP/IP, you need the MacTCP controlpanel installed on your Mac, and you need add-on support for PPP. In my testing(and in real life), I use the ConfigPPP program; however, you can find manyother free PPP implementations on the Web. ConfigPPP installs as both a systemextension and a control panel. You must configure both the MacTCP and theConfigPPP modules (via their control panel interfaces).

First, access the MacTCP control panel and select the PPP interface in theopening dialog box. Press More to access the detailed configuration options, asshown in Screen 1. Perform the following actions in this dialog box:

  1. In the Obtain Address field, select Server to have the addressdownloaded from the RAS server, or select Manually to set up a static address.Screen 1 shows the configuration to obtain an address from the server.

  2. In the Routing Information area, set the Gateway Address to the addressof your IP router, or to 0.0.0.0 if a router is not present. (The example inScreen 1 does not define a gateway.) If you choose to server-assign the IPaddress, the RAS server can also download the IP address of the default gateway.

  3. If you chose Server in step 1, skip to step 4. If you chose Manually,configure the IP address in the IP Address configuration area. You must firstchoose the class of address (A, B, or C) and then set the address value. Theformat of this entry field is rather strange, so be prepared to spend some timeto figure it out.

  4. If you are using a name server, specify the name of the domain itservices and its IP address. For example, Screen 1 shows that the system at204.56.55.1 handles names for the duke.com domain.

Press OK when you complete the configuration. You must restart your Mac toput these settings into effect.

Next, move to the ConfigPPP process. In the ConfigPPP control panel dialogbox, shown in Screen 2, make the following settings on the opening panel:

  1. Set the Port Name to the location of your modem attachment. Usually,this setting is Modem Port.

  2. Set the desired Idle Timeout. A value of None means that the PPPconnection will not time out and disconnect when no traffic is present. (I findno time out desirable.)

  3. Set the Echo Interval to Off.

  4. In the check-box section, select only Hangup on Close.

The previous ConfigPPP steps set only basic system-level information. Youmust now define the particulars of your RAS connection. Click New and specify aname for this connection--a logical name that does not have to match thecomputer name of the RAS server. After specifying a name, you return to theinitial ConfigPPP display. Then, click Config to set the configuration detailsas follows:

  1. Set the Port Speed to the speed at which you want your Mac to talk toyour modem. This setting needs to be at least as fast as your modem speed.

    1. Set Flow Control as appropriate for your modem connection. I usuallyignore this field and specify None.

    2. Enable Tone Dialing or Pulse Dialing as appropriate for your phonesystem.

    3. Specify the phone number for your RAS server in the Phone Num field.

    4. Specify any modem initialization strings you want performed beforedialing commences. I usually set this to ATZ, which clears all temporarysettings in the modem.

    5. Set the Modem Connect Timeout to a value long enough to let the Mac andthe RAS server handle option negotiation and logon. I usually go with 90seconds.

    6. Finally, press Authentication, and then specify a username and passwordin the appropriate fields. This username and password must match a username andpassword defined in the RAS server--you cannot use this method to log on to anNT domain.

    Now that you have properly configured MacTCP and ConfigPPP, you can clickOpen in the ConfigPPP control panel dialog box to initiate a connection. TheConfigPPP module then instructs your modem to dial out and negotiate aconnection with the NT RAS server. When the connection is established, thestatus of the link (shown in the upper left corner of the ConfigPPP panel)changes from PPP Down to PPP Up. And that's it.

    Once the call is established, you can connect to your LAN-based host viaTelnet, FTP, or even a Web browser (assuming your host is running Web servingsoftware). The Mac doesn't come with any of these handy programs, so you willhave to purchase commercial programs or obtain shareware programs. If you electto purchase programs, you might as well purchase a full-blown Telnet emulator togive you a complete range of capabilities.

    PPP from Window
    For Windows 3.x to host access over TCP/IP, you need add-onsoftware--Windows and Windows for Workgroups (WFW) do not support PPPconnections natively. You can use commercial products such as NetManage'sChameleon, or shareware packages such as Trumpet WinSock. Most TCP/IP vendorsthat market Windows 3.x products offer a product for PPP connectivity.

    In theory, the steps for configuring a Windows PPP connection are similarto the steps for establishing a Mac PPP connection. You define how you want theIP address set; configure a gateway, if present; configure a DNS server, ifpresent; and define the characteristics of the RAS connection (e.g., phonenumber, speed, and user and password information).

    For my testing, I used NetManage's Chameleon 4.6. I chose that packagebecause I always used Chameleon for PPP Internet connections during those darkdays when I used 16-bit operating systems daily.

    At first glance, the fit between Chameleon and RAS seemedperfect--Chameleon supports dynamic IP address assignment via DHCP or BOOTP, andit has a variety of connect-time logon options. However, none of these optionsdid me any good. I was unable to establish a connection using DHCP or BOOTP (Ihad to manually assign an IP address), and I could not find any logon scriptthat worked with NT RAS. That doesn't mean I was unable to connect, but I had tobe creative and come up with some interesting workarounds, as you will seeshortly.

    When you use Chameleon, you set up configuration options in the product'sCustom program. You use the same program to initiate dialing.

    To set up the initial configuration, you must add an interface defined as aPPP connection. This process is simple: Just use the Add option on the Interfacedrop-down menu. After you create an interface, you can configure it via theConfiguration option on the Setup drop-down menu. In the Configuration dialogbox, shown in Screen 3, you configure the RAS connection on thefollowing tabbed pages:

    • IP Configuration, where you set the IP address of the remote system

    • Name Resolution, where you configure your name server (if present)

    • Gateway, where you define your gateway

    • Port, Dial, and Modem, where you configure items such as modem attachment,modem speed, and the phone number of your RAS server

    • Login, where you set your login authentication information

    For the sake of this discussion, I'm going to focus on the IP Configurationand Login tabs--the other tabs are self-explanatory. As I mentioned earlier, Iwas unable to establish a RAS connection from Chameleon using dynamic addressassignment. That problem led me to manually configure the IP address, as shownin Screen 3. This IP address resides in the same subnet as my host system, so Ididn't need a gateway (although I did have one present). After I set a manualaddress, I was able to establish a connection into the RAS server--but I wasn'table to log on. That situation led me to the Login tab.

    On the Login tab, shown in Screen 4, I specified a User Name and UserPassword that correspond to a username and password defined on the RAS server(again, you can't use domain names in most PPP implementations). NT RAS does notprovide prompts for logon scripts, so I disabled the script I had defined andfigured that Chameleon would automatically log me on just like the Mac does. Asthings turn out, this assumption was sort of right and sort of wrong.

    Having configured my access name and password and having designated that Idid not want scripting support, I fired up the connection again. To my surprise,Chameleon displayed a Terminal window when it initiated the connection. It seemsChameleon wanted me to log on manually because I had not defined a script for itto use to log me on automatically. This arrangement is fine, except that RASdoes not provide any logon prompts.

    Here's where things got interesting. I let Chameleon establish a connectionto the RAS server. I waited until the modem activity died down (just a fewseconds), and then I pressed Done to signal that I had completed the logonprocess. Well much to my surprise, Chameleon finished the logon process, and Iwas connected to the RAS server. Somewhere along the way, Chameleonautomatically logged me on, even though it presented a Terminal window. (For therecord, I searched NetManage's Web site for an INI setting or some fix for thisbehavior, but I came up empty.)

    After I closed the Terminal window, I was in. I then established a link tomy local UNIX host using Chameleon's Telnet program and transferred files usingthe Chameleon FTP program. Again, you can use other products than Chameleon toget a PPP connection--I'm just a creature of habit. If you don't haveWindows-based PPP software, I encourage you to explore all your options. Makesure you inquire about support for NT RAS connections.

    RAS and SNA Server
    If you look in the Network program group in a WFW system, you'll find aninconspicuous entry called Remote Access. This program lets you dial up a RASserver and connect into a Microsoft network (e.g., a LAN Manager network; a WFWnetwork; a Win95 network; or in our case, an NT network).

    Once connected, you can access shared files and printers as though you wereattached to the LAN. Because an SNA Server system is, in many ways, just anotherNT server in a Microsoft network, the Remote Access program provides aconvenient and relatively easy way to connect to an SNA Server system so thatyou can, in turn, connect to an IBM system.

    This article assumes you have mastered the SNA Server installation andconfiguration process. (If you haven't, consult Michael Otey, "SNA Server3.0 for Interoperability with the AS/400," March 1997.) Also, I stronglyrecommend that you install and run the SNA client software on a system in yourLAN before you try to install and run it on a remote system. After you conquerthe client installation process on a LAN-based system, you can graduate to aremote system.

    WFW does not install the Remote Access program by default; therefore, thefirst time you access the program, WFW will ask you whether you want to installthe program. Naturally, you say yes and then provide the disk or CD-ROM when yousee the installation prompt. During the installation process, you define yourmodem and serial port (COM:) settings. All things considered, the installationis less than demanding. After you complete the installation steps, you mustrestart your system to wrap up this phase of the configuration process.

    By default, Remote Access uses the NetBEUI protocol to communicate with theremote network. You can change the protocol Remote Access uses or add supportfor IPX or TCP/IP via the Network Settings program. I must warn you that WFWdoesn't excel at these other protocols, and if you want to use TCP/IP, you musthave installed the WFW's optional TCP/IP subsystem. For the sake of thisarticle, let's stick with the NetBEUI protocol. You need to enable support forNetBEUI in the RAS server and the SNA Server system.

    Before you can use Remote Access for SNA connections, you must install theclient software that comes with SNA Server. The SNA Server CD-ROM includesclient software for DOS, Windows, Win95, NT, and OS/2. To install the WFWsoftware, simply run the SETUP program contained in the appropriate clientdirectory (CLIENTSWIN3X, in this case).

    You have only two important choices to make during the installationprocess. First, what protocol do you want to use? Select Microsoft Networking(Named Pipes) to specify that you want NetBEUI support. Second, you must specifyhow you want the client to find the server. You can specify Local, in whichcase, the client will search for the SNA Server system in the domain, or you canspecify Remote and cough up the name of the SNA Server system. I usually opt forthe Remote method and explicitly provide the name of the SNA Server system(i.e., the computer name of the hosting NT system).

    After answering the configuration questions, the SETUP program will createa program group called Microsoft SNA Server Client with three applications init: SNA Setup, which is the SETUP program you just used to install the software;Client Config, a program that lets you change the protocol selection and SNAServer detection method; and a stripped down 3270 or 5250 emulator. You mustrestart your WFW system to complete the installation process. (Check Microsoft'sWeb site to make sure you have all the latest Service Packs for SNA Server. TheService Packs cover the server-side and client-side software, and you need toinstall both. During my testing, I was unable to successfully make a connectionusing SNA Server 3.0 until I downloaded Service Pack 1 and installed both theserver- and client-side updates.)

    OK, so now you're ready to dial, right? Right! Start the Remote Accessprogram, and it will prompt you to create a phone book entry. This part iseasy--just enter a name for the entry (any name will do), the phone number ofyour RAS server, and an optional description. Press OK to return to the mainRemote Access screen, shown in Screen 5. Make sure the phone book entry ishighlighted in the window, and press Dial.

    When you press dial, Remote Access doesn't dial (that would be way tooobvious). Instead, it presents an Authentication dialog box that requests yourusername, password, and optional domain for the network you are dialing into.Support for domain-based authentication is one of the key benefits of RAS overPPP. With PPP, you're locked into user definitions stored on the RAS server;here, you can use any domain user authorized for remote access.

    After you specify a user, password, and optional domain, press OK; theRemote Access program will initiate communications with your modem and instructit to dial out. When the RAS server answers, the Remote Access program willpresent your user, password, and domain credentials to the server; if the serveraccepts them, you will be logged on to the network.

    Once you're in, you can access the SNA Server system. But before you dothat, test the connection. An easy way to test the connection is to bring upFile Manager and select Connect to Network Drive. If nothing shows up in thelist of available systems, you have trouble--most likely, mismatched protocols(e.g., your client is using NetBEUI, but everything in your LAN is usingTCP/IP).

    If you see a list of servers, make sure the SNA Server system is on thatlist. If it's not, you either have a protocol mismatch or a user authorizationproblem. Look at the SNA Server system's configuration to diagnose a protocolmismatch problem, and try to access the system using the same user, password,and domain information from a LAN-based system to diagnose a user authorizationproblem. For the sake of argument, let's assume a list appears and your SNAServer system is on it.

    Under WFW, the SNA Server client software doesn't initiate a connectionuntil a client program requests it. Therefore, to test the link, you can run onthe terminal emulation applet. You need to configure the host connection via theSession Configuration entry on the Session drop-down menu. When you select thisentry, the SNA client software attempts to establish the link to the SNA Serversoftware so that it can obtain configuration information.

    You configure mainframe and AS/400 links differently; however, both casesare fairly straightforward--especially if you read the SNA Server documentationfirst. Once you complete the configuration information, press OK to receive(after a brief delay) an IBM sign-on menu. Getting this menu means you havesuccessfully completed the RAS and SNA client installation process. You can nowinstall additional third-party client-side emulation/access software (e.g.,Attachmate, Wall Data, or WRQ terminal/printer emulation software)--as long asit supports SNA Server, of course.

    Windows 95 and NT Clients
    The installation process for Remote Access software under Win95 and NTWorkstation 4.0 is much simpler than the Macintosh, Windows, or WFW procedures.Simply start the Dial-Up Networking utility in My Computer, and theconfiguration wizard guides you through the entire process. The installation ofthe SNA Server client software is equally simple. Microsoft learned lots oflessons from WFW, as clearly evidenced by the superior networking and dial-upcapabilities you find in Win95 and NT.

    Keep On RASing
    RAS provides a fairly painless method for facilitating remote access toLAN-based hosts. You can use the ubiquitous PPP protocol to run an end-to-endTCP/IP connection from almost any kind of system, or you can implement SNAServer to accommodate SNA links between remote clients and your IBM systems.Even better, you can offer both kinds of connections through the same RASserver.

    But that's not all RAS can do. You can (and probably already do) use RAS toaccess NT file and print servers. You can also use RAS to provide access to acentralized Internet connection, to Novell NetWare servers, and more. RAS is oneof those technologies that grows on you--implement it for one application today,and who knows what you'll be using it for tomorrow.

Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like