Share via


Caller ID and Callback

Updated: April 30, 2010

Applies To: Windows Server 2008, Windows Server 2008 R2

As an additional measure of security, Routing and Remote Access offers caller ID and callback features, which ensure that only users from specific locations can access the remote access server. These features also save telephone charges for the user.

Caller ID

When you set dial-in security by using the caller ID feature, you specify the phone number from which the user must call in. If the user does not call in from that specific phone number, the connection attempt is rejected by the remote access server The disadvantage of configuring caller ID is that the user can only dial in from a specified phone line.

Caller ID must be supported by the caller, the phone system between the caller and the remote access server, and the remote access server. Caller ID on the remote access server consists of call answering equipment that supports the passing of caller ID information and the appropriate drivers that support the passing of caller ID information to the Routing and Remote Access service.

If you configure a caller ID phone number for a user, but you cannot pass caller ID information all the way from the caller to the Routing and Remote Access service, the connection attempt is denied.

For virtual private network (VPN) connections, the caller ID is the IP address of the VPN client. If the VPN client has a fixed IP address, this can be a useful security feature.

Callback

When you use the callback feature, the user initiates a call and connects with the remote access server. After authentication and authorization, the remote access server then drops the call and calls back a moment later to a negotiated or preassigned callback number.

You configure each user's callback options when you grant network access permission. For more information, see Understanding Remote Access Properties of a User Account.

There are three callback options to choose from:

  • No Callback (the default)

  • Set by Caller

  • Always Callback to

Note

Until the user has been authenticated, authorized, and called back (if callback is set), no data from the dial-up networking client or the remote access server is transferred.

No callback

If the user account is not configured for callback, the remote access server establishes a connection as soon as the connection attempt has been accepted. The No Callback option does not provide any additional security.

Set by caller

Although the Set by Caller option is not really a security feature, it is useful for clients who call from various locations and phone numbers. It also minimizes telephone charges for these users. When the user's call reaches the remote access server, the following events occur:

  1. After authentication and authorization of the connection attempt, the Callback dialog box appears on the user's computer.

  2. The user types the current callback number in the dialog box.

  3. The callback number is sent to the server.

  4. The call is terminated.

  5. The server calls the client back at the callback number.

  6. After reconnection, the client and server continue the connection negotiation.

Always callback to

For additional security, select the Always Callback to option, and then type the number of the phone to which the user's dial-up equipment is connected. When the user's call reaches the remote access server, the following events occur:

  1. After authentication and authorization of the connection attempt, the server sends a message announcing that the user will be called back.

  2. The server disconnects and calls the user back at the preset number.

  3. After reconnection, the client and server continue the connection negotiation.

Set this option for stationary remote computers, such as those used by telecommuters in home offices.

The disadvantage of configuring callback to always call a specific number is that the user can only dial in from a specific location.

Note

You can also configure the Set by Caller callback option for groups by setting the Service-Type condition of a remote access network policy to Callback Framed. For more information, see Configure a Remote Access Network Policy.
Because of the way that callback connections are processed, you cannot configure both a caller ID and callback that is set to either Set by Caller or Always Callback to.
Callback over a primary rate interface (PRI) Integrated Services Digital Network (ISDN) channel might not work properly if a service is listening on the other ISDN channel. When the remote access server calls back, an ISDN channel is picked to receive the call. If the ISDN channel is not the same one used to make the initial call, the remote access client or demand-dial router does not recognize the incoming call as the remote access server callback and drops the call.