Internet Connection Sharing and network address translation

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Internet Connection Sharing and network address translation

To connect a small office or home office (SOHO) network to the Internet, you can use one of two methods:

1. Routed connection

   For a routed connection, the server running Routing and Remote Access acts as an IP router that forwards packets between SOHO hosts and Internet hosts. While conceptually simple, a routed connection requires knowledge of IP address and routing configuration for SOHO hosts and the server running Routing and Remote Access. However, routed connections allow all IP traffic between SOHO hosts and Internet hosts. For more information, see SOHO Network to the Internet.

2. Translated connection

   For a translated connection, the server running Routing and Remote Access acts as an network address translator: an IP router that translates addresses for packets being forwarded between SOHO hosts and Internet hosts. This is called network address translation, or NAT. Translated connections that use a server running Routing and Remote Access require less knowledge of IP addressing and routing and provide a simplified configuration for SOHO hosts. However, translated connections might not allow all IP traffic between SOHO hosts and Internet hosts.

You can configure a translated connection to the Internet by using one of the following methods.

• You can use the Internet Connection Sharing feature of Network Connections. Internet Connection Sharing and Network Bridge are not included in Windows Server 2003, Web Edition; Windows Server 2003, Datacenter Edition; and the Itanium-based versions of the original release of the Windows Server 2003 operating systems.

• You can use the Network Address Translation (NAT) routing protocol provided with the Routing and Remote Access snap-in on servers running Windows Server 2003 and Routing and Remote Access.

Both Internet Connection Sharing and NAT provide translation, addressing, and name resolution services to SOHO hosts.

Internet Connection Sharing is designed to provide a single step of configuration (a single check box) in order to provide a translated connection to the Internet for all of the computers on the SOHO network. However, once enabled, Internet Connection Sharing does not allow further configuration beyond the configuration of services and ports on the SOHO network. For example, Internet Connection Sharing is designed for a single IP address obtained from an Internet service provider (ISP) and does not allow you to change the range of IP addresses allocated to SOHO hosts. For more information, see Connecting to the Internet in a home or small office network.

The NAT routing protocol component is designed to provide maximum flexibility in the configuration of the server running Routing and Remote Access to provide a translated connection to Internet. The NAT routing protocol component requires more configuration steps; however, each step of the configuration is customizable. Most of the configuration can be accomplished using the Routing and Remote Access server Setup Wizard. The NAT routing protocol component allows for ranges of IP addresses from an ISP and the configuration of the range of IP addresses allocated to SOHO hosts. For more information, see Understanding Network Address Translation.

The following table summarizes the features and capabilities of Internet Connection Sharing and the NAT routing protocol component.

Notes

• Internet Connection Sharing is a feature designed to connect SOHO networks to the Internet. The NAT routing protocol component is designed to connect small to medium business networks to the Internet. Neither Internet Connection Sharing nor the NAT routing protocol component is designed to:

  • Directly connect SOHO networks.

  • Connect networks within an intranet.

  • Directly connect branch office networks to a corporate network.

  • Connect branch office networks to a corporate network over the Internet.