Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

How to configure Network Address Translation in Windows Server 2003


View products that this article applies to.

Prerequisites

To configure the Routing and Remote Access and the Network Address Translation components, your computer must have at least two network interfaces: one connected to the Internet and the other one connected to the internal network. You must also configure the network translation computer to use Transport Control Protocol/Internet Protocol (TCP/IP).

If you use dial-up devices such as a modem or an Integrated Services Digital Network (ISDN) adapter to connect to the Internet, install your dial-up device before you configure Routing and Remote Access.

Use the following data to configure the TCP/IP address of the network adapter that connects to the internal network:
TCP/IP address: 192.168.0.1
Subnet mask: 255.255.255.0
No default gateway
Domain Name System (DNS) server: provided by your Internet service provider (ISP)
Windows Internet Name Service (WINS) server: provided by your ISP
Use the following data to configure the TCP/IP address of the network adapter that connects to the external network:
TCP/IP address: provided by your ISP
subnet mask: provided by your ISP
default gateway: provided by your ISP
DNS server: provided by your ISP
WINS server: provided by your ISP 
Before you continue, verify that all your network cards or all your dial-up adapters are functioning correctly.

Configure Routing and Remote Access

To activate Routing and Remote Access, follow these steps:
  1. Click Start, point to All Programs, point to Administrative Tools, and then click Routing and Remote Access.
  2. Right-click your server, and then click Configure and Enable Routing and Remote Access.
  3. In the Routing and Remote Access Setup Wizard, click Next, click Network address translation (NAT), and then click Next.
  4. Click Use this public interface to connect to the Internet, and then click the network adapter that is connected to the Internet. At this stage you have the option to reduce the risk of unauthorized access to your network. To do so, click to select the Enable security on the selected interface by setting up Basic Firewall check box.
  5. Examine the selected options in the Summary box, and then click Finish.

Configure dynamic IP address assignment for private network clients

You can configure your Network Address Translation computer to act as a Dynamic Host Configuration Protocol (DHCP) server for computers on your internal network. To do so, follow these steps:
  1. Click Start, point to All Programs, point to Administrative Tools, and then click Routing and Remote Access.
  2. Expand your server node, and then expand IP Routing.
  3. Right-click NAT/Basic Firewall, and then click Properties.
  4. In the NAT/Basic Firewall Properties dialog box, click the Address Assignment tab.
  5. Click to select the Automatically assign IP addresses by using the DHCP allocator check box. Notice that default private network 192.168.0.0 with the subnet mask of 255.255.0.0 is automatically added in the IP address and the Mask boxes. You can keep the default values, or you can modify these values to suit your network.
  6. If your internal network requires static IP assignment for some computers -- such as for domain controllers or for DNS servers -- exclude those IP addresses from the DHCP pool. To do this, follow these steps:
    1. Click Exclude.
    2. In the Exclude Reserved Addresses dialog box, click Add, type the IP address, and then click OK.
    3. Repeat step b for all addresses that you want to exclude.
    4. Click OK.

Configure name resolution

To configure name resolution, follow these steps:
  1. Click Start, point to All Programs, point to Administrative Tools, and then click Routing and Remote Access.
  2. Right-click NAT/Basic Firewall, and then click Properties.
  3. In the NAT/Basic Firewall Properties dialog box, click the Name Resolution tab.
  4. Click to select the Clients using Domain Name System (DNS) check box. If you use a demand-dial interface to connect to an external DNS server, click to select the Connect to the public network when a name needs to be resolved check box, and then click the appropriate dial-up interface in the list.

↑ Back to the top


Keywords: KB816581, kbhowto, kbinfo, kbhowtomaster

↑ Back to the top

Article Info
Article ID : 816581
Revision : 5
Created on : 10/30/2006
Published on : 10/30/2006
Exists online : False
Views : 216