This chapter gives an overview of Internet support that uses Dial-Up Networking and the Remote Access Service. It then details how Windows NT Server 4.0 can be deployed as an Internet gateway server.

For information about the Point-to-Point Tunneling Protocol (PPTP), see the Windows NT Server Networking Supplement and the Microsoft Windows NT Server Resource Kit: Windows NT Server Networking Guide.

Connecting to the Internet with Windows NT

Traditionally, connecting to the Internet has been a difficult process that is daunting for a beginner. Early tools, such as FTP (File Transfer Protocol) and Telnet, featured character-based commands suited for those who knew how to connect and maneuver through the intertwined network with 32-bit IP addresses. Today's tools, such as Internet Explorer, provide front-end viewers that enable users to scan and search for information without much knowledge of how information is stored and without having to log on to the source computer.

Windows NT provides and works with tools that make it easier to connect to the Internet.

• Dial-Up Networking is the software that enables clients to connect to remote computers, such as an Internet service provider.

• Remote Access Service (RAS) is the software that enables a computer running Windows NT to accept calls from remote computers. The remote computer can use Windows Dial-Up Networking or any other Point-to-Point Protocol (PPP) dial-up client.

Both Dial-Up Networking and RAS are included in Windows NT Workstation and Windows NT Server.

This section presents four scenarios for connecting to the Internet by using Windows NT Dial-Up Networking and Remote Access Service.

For more information about Remote Access Service and Dial-Up Networking, see the Windows NT Server Networking Supplement and Windows NT Server Resource Kit Networking Guide.

Dial-Up Client Connections

By using Windows NT and Dial-Up Networking, a user can make an Internet Protocol (IP) connection to a dial-up Internet host by using the Point-to-Point Protocol (PPP). Speeds from 2400 bits per second (bps) up to 128,000 bps are supported. After the Dial-Up Networking connection is established, the user can choose from a variety of tools—from the traditional and nongraphical to those that fully exploit the Windows interface.

For information about	See
Connecting to the Internet by using Dial-Up Networking	Microsoft Windows NT Workstation Resource Kit: Windows NT Workstation Resource Guide, Chapter 35, "Using Windows NT Workstation on the Internet"
Installing and using Dial-Up Networking	Windows NT Workstation Start Here

Simple Internet Router Using PPP

On small intranets (an intranet with less than 20 computers), a computer running Windows NT Server can use Dial-Up Networking, simple TCP/IP (Transmission Control Protocol/Internet Protocol) routing, and a PPP connection to an Internet service provider to create an Internet gateway for the computers on the small intranet. This configuration enables you to connect intranet clients to the Internet, as shown in Figure 6.1.

In this scenario, the computer running Windows NT Server has a Dial-Up Networking connection to an Internet service provider (ISP). Static TCP/IP routing is enabled, and a static routing table is created for the computers on the private network. Routing information must also be provided to the Internet service provider because simple TCP/IP routing does not use the routing information protocol (RIP) to communicate with the ISP's router. The routing information enables the routers to route traffic to and from the Internet to computers on the private network.

This configuration can also support a very light-duty server running Internet Information Server.

For this scenario, you need to install and configure the following hardware or services:

• A computer running static TCP/IP routing with a static routing table

• TCP/IP networking protocol on all computers that will use the Internet

• Dial-Up Networking on the server that will dial in to the Internet service provider

• A modem

• Network interface cards on all computers

• Internet browsers, such as Internet Explorer, on all computers that will access the Internet

• Internetwide domain name resolution, as described in the section, "Establishing an Internet Connection," in Chapter 2, "Connecting Windows NT Server to the Internet."

For more information about simple TCP/IP routing and Dial-Up Networking, see the Windows NT Server Networking Supplement and the Windows NT Server Resource Kit Networking Guide.

Internet Service Provider

In this scenario, an Internet service provider uses Windows NT Server to set up an information service network. The network provides an Internet connection and other network services, including a mail server, fax server, database hosting, software distribution, and other custom applications.

The computer running Windows NT Server is on the Internet service provider's network, which also has a leased line to the Internet. The Remote Access Service accepts calls from customers who want Internet access or network services. RAS routes traffic to and from remote customers to servers on the private network and to and from the Internet.

For this scenario, you need to install and configure the following hardware or services:

• A computer running the Remote Access Service

• TCP/IP networking protocol on all computers that will use the Internet

• A multiport adapter, which allows multiple remote clients to dial in to the computer running RAS

• Network interface cards on all servers

• Internet browsers, such as Internet Explorer, on all remote clients that will access the Internet

• Dial-Up Networking on remote clients that will dial in to the RAS server

• Internetwide domain name resolution, as described in the section, "Establishing an Internet Connection," in Chapter 2, "Connecting Windows NT Server to the Internet."

For more information about multiprotocol routing and the Remote Access Service, see the Windows NT Server Networking Supplement and Windows NT Server Resource Kit Networking Guide.

Internet Gateway

An organization with a network can establish a RAS server with direct connections (through a router) to the Internet. To provide for security, the server can be isolated from the rest of the corporate network. (For more information about security, see Chapter 3, "Server Security on the Internet.")

Users can dial one number that gives them access to the Internet, and dial another number that gives them access to the corporate intranet. See the following section for more information about this scenario.

Installing an Internet Gateway Server

Before you learn how to install Remote Access Service as an Internet gateway server, it is useful to understand a few TCP/IP networking terms, and how they relate to RAS. (For more information about TCP/IP and Remote Access Service, see the Windows NT Server Networking Supplement, the Windows NT Server Resource Kit Networking Guide, or online Help.)

IP Address

An IP address is used to identify a node (such as a workstation, a server, or a printer) on any network (such as your intranet or the Internet) and to specify routing information from one network or subnet to another network or subnet. Each node on a network or subnet must be assigned a unique IP address.

For Dial-Up Networking clients, the RAS server can automatically assign IP addresses to remote workstations when they connect. The IP address is obtained from a static pool that has been reserved for use by the RAS server, or through dynamic allocation from a Dynamic Host Configuration Protocol (DHCP) server. (For more information about DHCP, see the next section.)

Where needed, the RAS server can be configured to allow remote clients to specify their own IP addresses. This is useful for remote workstations that each need to be guaranteed a specific IP address when they are connected to the network.

Subnet masks are used in conjunction with the IP address to create subnets within an IP address space. Subnet masks are usually provided by the TCP/IP network administrator, such as an Internet service provider. If you need more information about subnet masks, see the Windows NT Server Networking Supplement.

Dynamic Host Configuration Protocol

Dynamic Host Configuration Protocol (DHCP) is an industry-standard protocol for automatic assignment of IP configuration to workstations. DHCP uses a client/server model for address allocation. The network administrator establishes one or more DHCP servers that maintain the network's TCP/IP configuration, including client configuration. Intranet workstations request leases on TCP/IP configuration from the DHCP server, thus eliminating the need for administrators to manually configure each workstation. For more information about configuring DHCP servers, see the Windows NT Server Networking Supplement and Windows NT Server Resource Kit Networking Guide.

A RAS server can act as a DHCP client, thereby obtaining TCP/IP configuration information on behalf of remote workstations. The RAS server leases a pool of IP configuration information from the DHCP server or servers. When remote workstations dial in to the network, the RAS server allocates IP configuration information to each workstation out of this pool.

Domain Name System

The Domain Name System (DNS) resolves friendly computer names to IP addresses. DNS is sometimes referred to as the BIND service in BSD UNIX.

To specify the DNS server that a workstation uses, you double-click Network in Control Panel to reach the configuration options for TCP/IP properties. A workstation's TCP/IP configuration typically includes one or two DNS servers that are on the local network. If a DNS server is unable to identify the IP address of a name requested by the workstation, it sends back information about other DNS servers that might be able to resolve the address. The workstation then queries the new set of DNS servers.

The Domain Name System makes it easy for users to access information from servers on the Internet. For example, it is easier to remember the name www.microsoft.com than to remember the IP address for that server.

To use the Domain Name System, workstations must be configured to recognize at least one DNS server's IP address. DNS server addresses can be assigned to a computer in one of two ways:

• Static TCP/IP configuration on the workstation

• Dynamic assignment by a DHCP server

In the Remote Access Service, DNS server addresses are assigned to remote workstations in one of three ways:

• Static assignment on the workstation

• Static assignment on the RAS server, which in turn assigns that address to remote workstations

• Dynamic assignment to the RAS server by using DHCP; the RAS server in turn assigns that DNS server's address to remote workstations

The RAS server always assigns the DNS address to workstations dialing in that run Windows NT Workstation or Windows 95. The address is either statically assigned by the RAS server or dynamically assigned for the RAS server by DHCP. For remote access solutions from vendors other than Microsoft, remote users might need to statically assign their DNS server.

For more information about setting up a RAS server to use DNS, see the Windows NT Server Networking Supplement.

Default Gateway

The default gateway is the intermediate network node on the network or subnet that has addresses for the network IDs of other subnets in the network. When a workstation sends data, the default gateway can forward the packets to other gateways until the data is eventually delivered to its final destination. Gateways are usually computers that are called routers because they are dedicated to directing network traffic.

TCP/IP workstations can each be configured for one default gateway only. This poses an interesting situation for remote workstations that are also connected to an intranet. For example, a computer at a branch office dials in to the corporate network while it is still connected to the branch office network. This type of a workstation is referred to as a multihomed workstation.

When a multihomed computer running Windows NT Workstation or Windows NT Server attempts to access a particular IP address, the destination server is located by using the following process:

• If the destination IP address indicates that it is on the same IP subnet as the workstation's network interface card, then data is sent through the network interface card.

• If the destination IP address indicates that it is not on the same subnet as the workstation's network interface card, then data is sent to the default gateway assigned by the RAS server. The default gateway then locates the destination route on behalf of the remote workstation.

  If a default gateway IP address was previously configured for the network interface card, it is ignored by default. If required, the remote workstation can be configured so that the default gateway on the network interface card is used instead of the default gateway on the remote link.

Configuration Overview

Complete the following tasks to make a computer running Windows NT Server an Internet gateway.

To configure an Internet gateway

1. Select an Internet service provider.

   For a complete list of Internet service providers, refer to the book, Connecting to the Internet by Susan Estrada (published by O'Reilly and Associates). Or refer to your phone book or, if possible, the Internet.

2. Assign a dedicated pool of IP addresses for remote clients.

   – or–

   Use DHCP servers on your network.

   For details, see the Windows NT Server Networking Supplement and Windows NT Server Resource Kit Networking Guide.

3. Configure a DNS server locally on your intranet.

   – or–

   Contact your Internet service provider for the IP address of a DNS computer on the ISP's network.

4. Install any optional communication hardware you will need to provide Internet service.

   For example, your server can be configured with a multiport adapter, Integrated Services Digital Network (ISDN) interface cards, and X.25 interface cards.

5. Install Windows NT Server 4.0 on your computer.

   For details, see the Windows NT Server Start Here manual.

Internet Gateway Configuration

The scenario described in this section was an actual pilot test of Windows NT as an Internet gateway server at Microsoft Corporation. For security reasons, the Internet gateway server was installed on an isolated network, which was in turn connected to the Internet by third-party routers. The RAS server and the third-party routers were not connected to the corporate network.

In this scenario, the computer running Windows NT Server has a leased line to an Internet service provider through third-party routers. The Remote Access Service is installed. This enables traffic from the Internet to be routed to and from computers on the private network. The Remote Access Service enables Windows Dial-Up Networking clients or other dial-up clients to connect to the RAS server by using ISDN or a POTS line (plain old telephone service, also known as PSTN or public switched telephone network), giving them Internet access.

The Internet gateway server for the pilot test had the following configuration:

• A MIPS Rx4000 RISC-based computer (with 32 MB of RAM) running the Remote Access Service

• TCP/IP networking protocol on all computers that will use the Internet

• Network interface cards on all computers

• Third-party (Cisco) routers

• A Digi International PC/2e serial adapter, which enables multiple remote clients to dial in on telephone lines to the computer running the Remote Access Service

• A Digi International PCIMAC4 ISDN adapter, which enables multiple remote clients to dial in on ISDN lines to the computer running the Remote Access Service

• Dial-Up Networking on remote clients that will dial in to the RAS server

• Modems or ISDN cards on remote clients that will dial in to the RAS server

• ISDN lines and standard analog telephone lines

• A DNS server

• Internet browsers, such as Internet Explorer, on all computers that will access the Internet

For more information about the Remote Access Service, see the Windows NT Server Networking Supplement and Windows NT Server Resource Kit Networking Guide.