Deploying network address translation

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Deploying network address translation

To deploy network address translation for a small office or home office network, you need to configure:

• The network address translation computer.

• Other computers on the small office or home network.

Configuring the network address translation computer

To configure the network address translation (NAT) computer, you can complete the following steps:

1. Install and enable the Routing and Remote Access service.

   In the Routing and Remote Access Server Setup Wizard, choose Network address translation (NAT). After the wizard is finished, all of the configuration for NAT is complete. You do not need to complete steps 2 through 8.

   If you have already enabled the Routing and Remote Access service, then complete steps 2 through 8 as needed.

   For information about installing and enabling the Routing and Remote Access service, see Enable the Routing and Remote Access service.

2. Configure the IP address of the private network interface.

   For the IP address of the LAN adapter that connects to the home network, you need to configure the following:

   • IP address: 192.168.0.1

   • Subnet mask: 255.255.255.0

   • No default gateway

   Note

   • The IP address in the preceding configuration for the home network interface is based on the default address range of 192.168.0.0 with a subnet mask of 255.255.255.0, which is configured for the addressing component of network address translation. If you change this default address range, you should change the IP address of the private interface for the network address translation computer to be the first IP address in the configured range. Using the first IP address in the range is a recommended practice, not a requirement of the network address translation components.

3. Enable routing on your dial-up port.

   If your connection to the Internet is a permanent connection that appears as a LAN interface (such as DDS, T-Carrier, Frame Relay, permanent ISDN, xDSL, or cable modem) or if you are connecting your server running Routing and Remote Access to another router before the connection to the Internet, and the LAN interface is configured with an IP address, subnet mask, and default gateway either statically or through DHCP, skip to step 6.

   For information about enabling routing on your dial-up port, see Enable routing on ports.

4. Create a demand-dial interface to connect to your Internet service provider.

   You need to create a demand-dial interface that is enabled for IP routing and uses your dial-up equipment and the credentials that you use to dial your Internet service provider (ISP). For more information about creating demand-dial interfaces, see Add a demand-dial interface.

5. Create a default static route that uses the Internet interface.

   For a default static route, you need to select the demand-dial interface (for dial-up connections) or LAN interface (for permanent or intermediate router connections) that is used to connect to the Internet. The destination is 0.0.0.0 and the network mask is 0.0.0.0. For a demand-dial interface, the gateway IP address is not configurable.

   For more information about configuring a default static route, see Add a default static IP route.

6. Add the network address translation (NAT) routing protocol.

   For information about adding the network address translation (NAT) IP routing protocol, see Add network address translation.

7. Add your Internet and home network interfaces to the NAT routing protocol.

   For information about adding interfaces to the NAT IP routing protocol, see Add and configure an interface for network address translation.

8. Enable NAT addressing and name resolution.

   For information about enabling network address translation addressing, see Enable network address translation addressing.

   For information about enabling network address translation name resolution, see Enable network address translation name resolution.

   Note

   • The NAT addressing feature only assigns addresses from a single range that corresponds to a single subnet. If multiple home network LAN interfaces are added to the NAT routing protocol, a single subnet configuration (where all LAN interfaces are connected to the same network) is assumed. If the LAN interfaces correspond to different networks, connectivity between clients on different networks who receive addresses from the NAT computer may not be possible.

Configuring other computers on the small office or home network

You need to configure the TCP/IP protocol on the other computers on the small office or home network to obtain an IP address automatically, and then restart them. When the computers on the home network receive their IP address configuration from the network address translation computer, they are configured with:

• IP address (from the address range of 192.168.0.0 with a subnet mask of 255.255.255.0).

• Subnet mask (255.255.255.0).

• Default gateway (the IP address of a directly reachable IP router on the small office or home network).

• DNS server (the IP address of the interface for the NAT computer on the small office or home network).

Advanced NAT settings

To configure advanced NAT settings, you can do the following:

• If you have been given a range of IP addresses from your ISP, configure the range of IP addresses on your Internet interface.

• If there are services running on the private network that need to be accessed by users from the Internet, add a special port that maps the public IP address and port number to a private IP address and port number.

For more information, see Configure NAT/Basic Firewall.

For information about troubleshooting network address translation, see Troubleshooting network address translation.