Caller ID and callback
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
Caller ID and callback
As an additional measure of security, Routing and Remote Access offers caller ID and callback features, which ensure that only users from specific locations can access the remote access server. These features also save telephone charges for the user.
Caller ID
When you set dial-in security by using the caller ID feature, you specify the phone number from which the user must call in. If the user does not call in from that specific phone number, the connection attempt is rejected by the remote access server.
Caller ID must be supported by the caller, the phone system between the caller and the remote access server, and the remote access server. Caller ID on the remote access server consists of call answering equipment that supports the passing of caller ID information and the appropriate drivers that support the passing of caller ID information to the Routing and Remote Access service.
If you configure a caller ID phone number for a user and you do not have support for the passing of caller ID information all the way from the caller to the Routing and Remote Access service, the connection attempt is denied.
The caller ID feature is designed to provide a higher degree of security for telecommuters. The disadvantage of configuring caller ID is that the user can only dial in from a specific phone line.
For virtual private network (VPN) connections, the caller ID is the IP address of the VPN client. If the VPN client has a fixed IP address, this can be a useful security feature.
Callback
When you use the callback feature, the user initiates a call and connects with the remote access server. After authentication and authorization, the remote access server then drops the call and calls back a moment later to a negotiated or preassigned callback number.
You configure each user's callback options when you grant remote access permission. For more information, see Configure dial-in user properties.
There are three callback options to choose from:
No callback (the default)
Set by caller
Always call back to
Note
- Until the user has been authenticated, authorized, and called back (if callback is set), no data from the dial-up networking client or the remote access server is transferred.
No callback
If the user account is not configured for callback, the remote access server establishes a connection as soon as the connection attempt has been accepted. The No callback option does not provide any additional security.
Set by caller
Although the Set by caller option is not really a security feature, it is useful for clients who call from various locations and phone numbers. It also minimizes telephone charges for these users. When the user's call reaches the remote access server, the following events occur:
After authentication and authorization of the connection attempt, the Callback dialog box appears on the user's computer.
The user types the current callback number in the dialog box.
The callback number is sent to the server.
The call is terminated.
The server calls the client back at the callback number.
Once reconnected, the client and server continue the connection negotiation.
Always call back to
For additional security, select the Always call back to option and type the number of the phone to which the user's dial-up equipment is connected. When the user's call reaches the remote access server, the following events occur:
After authentication and authorization of the connection attempt, the server sends a message announcing that the user will be called back.
The server disconnects and calls the user back at the preset number.
Once reconnected, the client and server continue the connection negotiation.
You should set this option for stationary remote computers, such as those used by telecommuters in home offices.
The disadvantage of configuring callback to always call a specific number is that the user can only dial in from a specific location.
Notes
You can also configure the Set by caller callback option for groups by setting the Service-Type condition of a remote access policy to Callback-Framed-User. For more information, see Elements of a remote access policy.
Because of the way that callback connections are processed, you cannot configure both a caller ID and callback that is set to either Set by caller or Always call back to.
Callback over a primary rate interface (PRI) ISDN channel may not work properly if a service is listening on the other ISDN channel. When the remote access server calls back, an ISDN channel is picked to receive the call. If the ISDN channel is not the same one used to make the initial call, the remote access client or demand-dial router does not recognize the incoming call as the remote access server callback and drops the call.