Troubleshooting network address translation

  • Article

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Troubleshooting network address translation

What problem are you having?

  • The network address translation (NAT) computer is not properly translating packets.

  • Private network hosts are not receiving IP address configuration.

  • Name resolution for private network hosts is not working.

The network address translation (NAT) computer is not properly translating packets.

Cause:  NAT interfaces are not properly configured.

Solution:  You must add both public (Internet) and private (small office or home office) interfaces to the NAT routing protocol.

You need to verify that the interface on the server running Routing and Remote Access that connects to the Internet is configured for translation. The Public interface connected to the Internet option on the General tab of the properties of the Internet interface should be selected.

You need to verify that the interfaces on the server running Routing and Remote Access that connects to the small office or home office are properly configured. The Private interface connected to private network option on the General tab of the properties of the home network interface should be selected.

See also:  Add and configure an interface for network address translation

Cause:  TCP/UDP port translation is not enabled.

Solution:  If you have more private hosts than public IP addresses, you need to verify that the Translate TCP/UDP headers (recommended) check box on the General tab of the properties of the public interface is selected.

Cause:  Your range of public addresses is not configured correctly.

Solution:  If you have multiple public IP addresses, you need to verify that they are properly entered on the Address Pool tab of the properties of the Internet interface. If your address pool includes an IP address that was not allocated to you by your ISP, then inbound Internet traffic that is mapped to that IP address may be routed by the ISP to another location.

See also:  Configure interface IP address ranges

Cause:  The traffic being forwarded by the network address translation computer is not translatable.

Solution:  If you have some programs that do not seem to work through the NAT computer, you can try running them from the NAT computer. If they work from the NAT computer and not from a computer on the private network, then the payload of the program may not be translatable.

Cause:  Your range of private addresses is configured incorrectly.

Solution:  You need to verify that the range of addresses configured on the Addressing tab of the properties of the NAT routing protocol corresponds to a private network (10.0.0.0 with a subnet mask of 255.0.0.0, 172.16.0.0 with a subnet mask of 255.240.0.0, 192.168.0.0 with a subnet mask of 255.255.0.0) or a subnet of a private network. The default range of addresses is 192.168.0.0 with a subnet mask of 255.255.255.0.

See also:  Enable network address translation addressing

Cause:  IP packet filtering is preventing the receiving or sending of IP traffic.

Solution:   You need to verify that IP packet filtering on the private network and Internet interfaces is not preventing the receiving (input filters) or sending (output filters) of Internet-based traffic.

See also:  Manage Packet Filters

Private network hosts are not receiving IP address configuration.

Cause:  Network address translation addressing is not enabled on the private interface.

Solution:  You need to verify that network address translation addressing is enabled on the interface that corresponds to your small office or home office network segment.

See also:  Enable network address translation addressing

Name resolution for private network hosts is not working.

Cause:  Network address translation name resolution is not enabled on the private interface.

Solution:  You need to verify that network address translation name resolution is enabled on the interface that corresponds to your small office or home office network segment.

See also:  Enable network address translation name resolution

Cause:  The network address translation computer is not properly configured for name resolution.

Solution:  If computers on the small office or home office network are not able to resolve names to IP addresses, then you can check the name resolution configuration of the network address translation computer by using the ipconfig command. There are two ways that you can configure name resolution when dialing an ISP:

  • Statically assigned name servers

    You must manually configure the TCP/IP protocol with the IP address (or addresses) of the name servers provided by the ISP. If you have statically assigned name servers, you can use the ipconfig command at any time to get the IP addresses of your configured name servers.

  • Dynamically assigned name servers

    Manual configuration is not required. The IP addresses of the name servers provided by the ISP are dynamically assigned whenever you dial the ISP. If you have dynamically assigned name servers, you must run the ipconfig command after a connection to the ISP has been made.