HOW TO: Configure a Windows 2000 Server as a Network Address Translation Server

The information in this article applies to:

*           Microsoft Windows 2000 Server

*           Microsoft Windows 2000 Advanced Server

Step 1Prerequisites

If you use dial-up devices such as a modem or an Integrated Services Digital Network (ISDN) adapter to connect to the Internet, you must install your dial-up device, and then add the appropriate support in Windows 2000. You can add a modem by using the Modems tool in Control Panel (click Start, point to Settings, click Control Panel, double-click Phone and Modem Options, and then click the Modems tab). For ISDN adapters, follow the manufacturer's instructions to install the adapter and the driver in Windows 2000.

If you use permanent-link equipment to connect to the Internet, install the equipment (such as DDS, T-Carrier, Frame Relay, Asymmetric Digital Subscriber Line [ADSL], or cable modem), and then add the appropriate support in Windows 2000. Please refer to the equipment's manufacturer for instructions.

Verify that Transport Control Protocol/Internet Protocol (TCP/IP) and support for your internal and external network adapters is installed during the networking options configuration. (To verify or change settings, right-click My Network Places, click Properties, right-click Local Area Connection, click Properties, click Internet Protocol (TCP/IP), and then click Properties.) Use the following data to configure the TCP/IP address of the network adapter that connects to the internal network:

TCP/IP Address: 192.168.0.1
Subnet Mask: 255.255.255.0
No Default Gateway
Domain Name System (DNS) Server: Provided by your Internet service provider (ISP)
Windows Internet Naming Service (WINS) Server: Provided by your ISP

Use the following data to configure the TCP/IP address of the network adapter that connects to the external network:

TCP/IP Address: Provided by your ISP
Subnet Mask: Provided by your ISP
Default Gateway: Provided by your ISP
DNS Server: Provided by your ISP
WINS Server: Provided by your ISP

When you install Windows 2000 Server, the Routing and Remote Access Administration tool is automatically placed on the Administrative Tools menu. However, unless RRAS was configured by using a script or an unattended installation, it is not functional until activated.

Before you proceed, install any network adapters, modems, terminal adapters, or other hardware and drivers that are needed to enable the hardware functions of routing devices.

Step 2Activating RRAS

1.                   Click Start, point to Programs, point to Administrative Tools, and then click Routing and Remote Access.

2.                   Right-click your server. If the Enable command is unavailable, it is disabled and you need to continue to the next step. If the Enable command is available, skip to the "Configuring Interfaces" section in this article.

3.                   In the Routing and Remote Access Configuration utility, right-click the server, and then click Configure and Enable Routing and Remote Access.

4.                   The RRAS Wizard starts. Click Next (several options will be available on this screen).

5.                   Click Manually Configured Server, click Next, and then click Finish.

6.                   The RRAS service will be installed and then you will be prompted to start the service. Start the service.

Step 3Configuring Interfaces

NOTE: This section is necessary only if you are using an interface other than a network adapter (for example, a dial-up networking connection) that does not appear as a local connection in the Network and Dial-up Connections tool.

1.                   To view the currently available routing interfaces, expand the Server icon, and then click Routing Interfaces. By default, any installed and active network adapters should be listed here as well as the loopback adapter.

2.                   Right-click Routing Interfaces, and then click New Demand Dial Interface.

3.                   Click Next.

4.                   Type a display name to identify this interface, and then click Next.

5.                   Choose the type of interface with which you will be connecting, and then click Next.

6.                   Click the modem or device with which you will be dialing out, and then click Next.

7.                   Type the phone number or address that you will need to contact to enable connectivity, and then click Next.

8.                   Click Route IP packets on this interface, and then click Next.

9.                   Click Route IP packets on this interface, and then click Next.

10.               Provide the credentials to connect to the remote system, and then click Next. Note that you should leave the Domain box blank unless you are connecting to another Microsoft Windows NT-based or Windows 2000-based domain, or your ISP specifically notes that it should be entered.

11.               Click Finish.

Step 4Adding the NAT Protocol

1.                   Expand IP Routing, right-click General, and then click New Routing Protocol.

2.                   Click Network Address Translation (NAT), and then click OK. Network Address Translation now appears below IP Routing.

Step 5Adding Public NAT Interfaces

Now that the NAT protocol is installed, you must configure which public interfaces will support NAT.

1.                   Click Network Address Translation to see which interfaces are enabled for NAT.

2.                   To add additional interfaces, right-click Network Address Translation, and then click New Interface.

3.                   On the General tab, click Public Interface Connected to the Internet.

4.                   Click to select the Translate TCP/UDP headers check box.

5.                   Click the external interface, and then click OK.

NOTE: For a dial-up connection to the Internet, select the demand-dial interface that is configured to connect to your ISP. For a permanent connection to the Internet, select the permanent interface that is connected to your ISP.

Step 6Adding Private NAT Interfaces

You must configure which private interfaces will support NAT.

1.                   Click Network Address Translation to see which interfaces are enabled for NAT.

2.                   To add additional interfaces, right-click Network Address Translation, and then click New Interface.

3.                   Click the internal interface, and then click OK. This opens the Network Address Translation Properties - Internal Interface Properties dialog box.

4.                   Click Private Interface, and then click OK.

5.                   Right-click Network Address Translation (NAT), and then click Properties.

6.                   On the General tab, click Log and Maximum amount of information.

7.                   If your LAN is using DHCP, click Automatically assign IP addresses by using DHCP on the Address Assignment tab. If you are not using DHCP, NAT assigns TCP/IP addresses in the 192.168.0.0 range with a 255.255.0.0 subnet mask by default.

8.                   On the Name Resolution tab, click Clients Using Domain Name System (DNS).

Step 7Start NAT

Right-click the appropriate RRAS server, click All Tasks, and then click Start.