Connect Network
This document was uploaded by user and they confirmed that they have the permission to share it. If you are author or own the copyright of this book, please report to us by using this DMCA report form. Report DMCA
Overview
Download & View Connect Network as PDF for free.
More details
- Words: 3,355
- Pages: 19
Connecting Your Network to the Internet with Windows Server 2003 Microsoft Corporation Published: March 2003
Abstract In today’s business world, being connected to the marketplace and to your customers means getting connected to the Internet. Windows® Server 2003 makes it easier to securely connect your network to the Internet, enabling your employees to access the information they need. This white paper describes the steps needed to provide shared Internet access to Microsoft® Windows® XP-based clients that are directly attached to a medium-sized private network using Windows Server 2003 and network address translation.
Microsoft® Windows® Server 2003 White Paper
The information contained in this document represents the current view of Microsoft Corporation on the issues discussed as of the date of publication. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information presented after the date of publication. This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, AS TO THE INFORMATION IN THIS DOCUMENT. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation. Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property. The example companies, organizations, products, people and events depicted herein are fictitious. No association with any real company, organization, product, person or event is intended or should be inferred. © 2003 Microsoft Corporation. All rights reserved. Microsoft, Active Directory, Windows, Windows NT, and Windows logo are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners.
Microsoft® Windows® Server 2003 White Paper
Contents Contents................................................................................................................. .......................3 Introduction..................................................................................................................... ..............1 Scenario Requirements................................................................................................... ............1 Scenario Tasks........................................................................................................... .................2 Internet Connection Setup Tasks......................................................................... .......................3 Establishing an Internet Account with an ISP ....................................................... ......................3 Configuring Windows Server 2003 for Internet Access................................................................ 3 Assigning IP Addresses ..................................................................................... .....................3 Configuring Routing and Remote Access for Network Address Translation.............................4 Creating a Dedicated Internet Connection.................................................................. .............5 Creating a Demand-dial Internet Connection.................................................................. .........7 Updating the Local DNS Server for Internet Naming Resolution ............................... ...............13 Conclusion.............................................................................................................................. ...13 Summary.................................................................................................................................... ..14 Related Links............................................................................................................................ ...15
Microsoft® Windows® Server 2003 White Paper
Introduction Connecting a medium-sized office network to the Internet has traditionally been a difficult process requiring separate computers and extensive knowledge of network devices. For many, making a connection to the Internet seemed costly and difficult to manage. With Windows Server 2003, making a connection to the Internet is easier, more secure, and can be accomplished with relatively inexpensive hardware and basic Internet service provider (ISP) services. This white paper is intended for users of medium-sized Windows Server 2003 domain-based networks who want to set up Internet access and share it with local area network clients. A basic understanding of domain-based networks, Domain Name System (DNS), and the Dynamic Host Configuration Protocol (DHCP) is assumed. This paper is not intended as a comprehensive review of all routing features of Windows Server 2003; rather, it focuses on the basic Internet gateway capabilities.
Scenario Requirements This document walks you through the setup of a Windows Server 2003-based server as an Internet connection server that shares access with a local area network. It is assumed that in order to connect to the Internet you have an active account with an ISP and a physical connection to the Internet. This could be a dial-up connection (such as an analog modem or ISDN connection) or a dedicated connection using a cable modem or Digital Subscriber Line (DSL). To configure the server for Internet access sharing, you will need to configure the Routing and Remote Access service to act as a network address translator (NAT). A NAT relies on a single public IP address for the Internet and translates all internal client traffic to and from this IP address. By setting up NAT, companies benefit in the following ways: •
Lower cost NAT allows you to share a single public IP address with many internal clients, avoiding the cost of setting up multiple public Internet address accounts.
•
Increased security By hiding the IP addresses of private network clients and servers from the Internet, NAT provides an increased level of intranet security.
Connecting Your Network to the Internet with Windows Server 2003
1
Microsoft® Windows® Server 2003 White Paper
Scenario Tasks In this white paper, we will describe the following tasks: Setup and Management Tasks
•
Network setup and configuration using the network address translation capability of Routing and Remote Access
•
Configuration and setup of Routing and Remote Access service for a dedicated or demand-dial connection to the Internet
•
Configuration of the private network DNS server to forward Internet name resolution requests to an ISP DNS server
Connecting Your Network to the Internet with Windows Server 2003
2
Microsoft® Windows® Server 2003 White Paper
Internet Connection Setup Tasks The Routing and Remote Access service, which is integrated in Windows Server 2003, provides a variety of capabilities such as connecting remote users, connecting office networks, and connecting networks to the Internet. This white paper describes how to configure Windows Server 2003 to provide a basic outbound connection to the Internet that can be shared with other computers on your internal network. To set up your network for Internet access, you need to: 1. Establish
an Internet account with an ISP.
2. Configure 3. Update
Windows Server 2003 for Internet access.
your local DNS server for Internet naming resolution.
Establishing an Internet Account with an ISP You must establish an account with an ISP to access the Internet. An ISP provides the following information needed to configure your server and network environment: •
Account name and password. This is used for authentication purposes.
•
Assigned IP address. This is your public IP address associated with your account. This can be statically or dynamically assigned.
•
ISP DNS server address. This is used to forward DNS requests for Internet names to the ISP’s DNS server.
•
Phone number. For demand-dial connections, this is the number for your ISP.
Note If you plan to host a Web server or a virtual private network (VPN) remote access server, you need to request a static IP address or have an ISP that supports DNS dynamic update. Outbound Internet traffic will work with a dynamically assigned IP address, but external computers will not be able to connect to your network over the Internet. Before you set up Internet sharing, check with your ISP about any licensing limitations on shared access through a single ISP connection.
Configuring Windows Server 2003 for Internet Access Select a computer on your network that will act as the Internet connection server. This computer requires Windows Server 2003 with Routing and Remote Access configured and at least one network adapter connected to your private network. For a dedicated connection to the Internet, an additional network adapter must be installed. For a demand-dial connection to the Internet, install a modem or ISDN adapter. Assigning IP Addresses If your server is already connected to the private network, the attached network adapter should already have an IP address that was dynamically assigned by the local DHCP server. Because this server will be used as the Internet connection server, you will need to assign a static IP address to the private
Connecting Your Network to the Internet with Windows Server 2003
3
Microsoft® Windows® Server 2003 White Paper
network adapter. This static IP address should be excluded from the DHCP scope for the subnet to which the Internet connection server is attached. To communicate the server’s new role as an Internet gateway to all clients on the subnet attached to the Routing and Remote Access server, you will also need to add this static IP address to the Router (Default Gateway) DHCP option. For more information about how to add this option, see Windows Server 2003 Help and Support. If your private network consists of multiple subnets, adjust your routing infrastructure so that default route traffic is forwarded to the static IP address of the Internet connection server's private network interface. When you have two network adapters installed on the server computer, you must be able to identify which network adapter is connected to the private network and the Internet. Therefore, it is a good idea to rename the connections corresponding to the adapters with descriptive names, such as "Private Network" and "Internet." This can be done from the Network Connections folder. For this white paper, we assume that the private network adapter is named "Private Network" and is assigned a reserved static IP Address of 10.10.1.90. We also assume that the ISP assigned a static public IP address of 131.107.0.20 to your company. The public IP address should be assigned to the Internet connection. To assign IP addresses to the LAN connections: 1. Log
on the Routing and Remote Access server with an account that has administrator privileges.
2. Click
Start, point to Settings, point to Network Connections, right-click the connection connected to your private network, and then click Properties.
3. On
the General tab, under This connection uses these items, double-click Internet Protocol (TCP/IP).
4. On
the General tab, click Use the following IP address and type the appropriate IP address and subnet mask. Click OK to accept the changes to the TCP/IP protocol. Click OK to save changes to the connection.
5. If
you have a dedicated Internet connection, repeat these steps for the Internet connection, but assign the static IP address provided by your ISP.
Configuring Routing and Remote Access for Network Address Translation Routing and Remote Access can be configured to provide the following networking services: •
Remote access (dial-up or VPN) allows remote access clients to connect to this server through either a dial-up connection or a secure virtual private network (VPN) connection.
•
Network address translation (NAT) allows internal clients to connect to the network using one public IP address.
•
Virtual Private Network (VPN) access and NAT allows remote clients to connect to this server through the Internet and local clients to connect to the Internet using a single public IP address.
•
Secure connection between two private networks allows a connection between your network and a remote network, such as a branch office.
•
Custom configuration allows the selection of any of the features available in Routing and Remote Access.
Connecting Your Network to the Internet with Windows Server 2003
4
Microsoft® Windows® Server 2003 White Paper
For this deployment scenario, we are going to configure Routing and Remote Access to provide NAT services using the following procedure: 1. Click
Start, point to Programs, point to Administrative Tools, and then click Routing and Remote Access.
2. In
the contents pane, right click the server name and click Configure and Enable Routing and Remote Access. The Routing and Remote Access Server Setup Wizard appears. Click Next to view choices for several default server roles.
3. Select
Network address translation (NAT) as shown in the following figure.
4. Click
Next. If you are using a dedicated Internet connection, see "Creating a dedicated Internet connection." If you are using a demand-dial Internet connection, see "Creating a demand-dial Internet connection."
Creating a Dedicated Internet Connection In our example, we have two network adapters, one named Private Network and one named Internet. The Private Network connection is connected to the internal network and has the static IP address of 10.10.1.90. The Internet connection is configured with the IP address 131.107.0.20. 1. Continuing
the procedure from "Configuring Routing and Remote Access for network address translation", on the NAT Internet Connection page, click Use this public interface to connect to the Internet, and click the Internet connection. Leave the Enable security on the selected interface by setting up Basic Firewall check box selected. This is shown in the following figure.
Connecting Your Network to the Internet with Windows Server 2003
5
Microsoft® Windows® Server 2003 White Paper
2. Click
Next. On the Name and Address Translation Services page, click I will set up name and address services later. Because you already have DNS and DHCP services operating on your private network, you do not need the Routing and Remote Access server to provide these services. This is shown in the following figure.
3. Click
Next. On the Completing the Routing and Remote Access Server Setup Wizard page, click Finish.
4. To
add a default route, in the console tree, double-click IP Routing, right-click Static Routes, and then click New Static Route.
5. In
Interface, select the interface that corresponds to your dedicated Internet connection. In Destination, type 0.0.0.0. In Network mask, type 0.0.0.0. An example is shown in the following figure.
Connecting Your Network to the Internet with Windows Server 2003
6
Microsoft® Windows® Server 2003 White Paper
6. Click
OK.
Steps 4-6 configure a default route, making all the locations on the Internet reachable from the Routing and Remote Access server. You have finished configuring your Routing and Remote Access server as a network address translator with a dedicated Internet connection. Skip ahead to the "Updating the local DNS server for Internet naming resolution" section. Creating a Demand-dial Internet Connection Instead of having a dedicated connection to the Internet, you may choose to connect only when your private network users require access. Routing and Remote Access can automate the connection process whenever someone tries to access the Internet. In this example, we are using a modem to access the Internet instead of a network adapter. 1. Continuing
the procedure from "Configuring Routing and Remote Access for network address translation," on the NAT Internet Connection page, click Create a new demand-dial interface to the Internet. Leave the Enable security on the selected interface by setting up Basic Firewall check box selected. The basic firewall is a stateful firewall that monitors all outbound traffic and dynamically creates inbound packet filters for the response traffic. This is shown in the following figure.
Connecting Your Network to the Internet with Windows Server 2003
7
Microsoft® Windows® Server 2003 White Paper
2. Click
Next. On the Network Selection page, click the connection that is connected to the private network. This is shown in the following figure.
3. Click
Next. On the Name and Address Translation Services page, click I will set up name and address services later. Because you already have DNS and DHCP services operating on your private network, you do not need the Routing and Remote Access server to provide these services. This is shown in the following figure.
Connecting Your Network to the Internet with Windows Server 2003
8
Microsoft® Windows® Server 2003 White Paper
4. On
the Ready to Apply Selections page, click Next. The Routing and Remote Access service is configured and initialized and the Demand-Dial Interface Wizard is started.
5. On
the Welcome to the Demand-Dial Interface Wizard page, click Next.
6. On
the Interface Name page, type the name of the demand-dial interface. An example is shown in the following figure.
7. Click
Next. On the Connection Type page, click Connect using a modem, ISDN adapter, or other physical device. This is shown in the following figure.
Connecting Your Network to the Internet with Windows Server 2003
9
Microsoft® Windows® Server 2003 White Paper
8. Click
Next. On the Select a Device page, click the modem used to dial your ISP. An example is shown in the following figure.
9. Click
Next. On the Phone Number page, type the phone number to dial your ISP in Phone number or address. An example is shown in the following figure.
Connecting Your Network to the Internet with Windows Server 2003
10
Microsoft® Windows® Server 2003 White Paper
10.Click
Next. On the Protocols and Security page, click Next.
11.On
the Dial Out Credentials page, type the credentials used to make a connection to your ISP. An example is shown in the following figure.
12.Click
Next. On the Completing the Demand-Dial Interface Wizard page, click Finish.
13.In
the console tree, click Network Interfaces.
14.In
the details pane, double-click the newly created demand-dial interface.
15.Click
the Networking tab, and then double-click Internet Protocol (TCP/IP).
16.Click
Use the following IP address, and then type the public IP address assigned by the ISP in IP address. An example is shown in the following figure.
Connecting Your Network to the Internet with Windows Server 2003
11
Microsoft® Windows® Server 2003 White Paper
17.Click
OK to save changes to the TCP/IP configuration. Click OK to save changes to the demand-dial interface.
18.To
add a default route, in the console tree, double-click IP Routing, right-click Static Routes, and then click New Static Route.
19.In
Interface, select the interface that corresponds to your demand-dial connection to the Internet. In Destination, type 0.0.0.0. In Network mask, type 0.0.0.0. An example is shown in the following figure.
20.Click
OK.
Steps 18-20 configure a default route, making all the locations on the Internet reachable from the Routing and Remote Access server. You have now completed configuring a demand-dial connection to the Internet. Similar to the dedicated Internet configuration, this server now has a static private network IP address and a static public IP address provided by the ISP.
Connecting Your Network to the Internet with Windows Server 2003
12
Microsoft® Windows® Server 2003 White Paper
Updating the Local DNS Server for Internet Naming Resolution Before network clients can access the Internet, your private network DNS server needs to know how to resolve Internet domain names. For example, if someone types http://www.msn.com in an Internet browser, the private network DNS server should forward the request to resolve the www.msn.com name to the ISP DNS server. To configure DNS name resolution forwarding to the ISP DNS server: 1. Log
on to the DNS server computer with an account that has administrator privileges.
2. Click 3. In
Start, point to Programs, point to Administrative Tools, and click DNS.
the console tree, right-click the DNS server name and click Properties.
4. Click
the Forwarders tab. In Selected domain's forwarder IP address list, type the IP address of your ISP DNS server and click Add. Select the Do not use recursion for this domain check box. An example is shown in the following figure.
5. Click
OK to save changes to the DNS server properties.
You have now completed the process of configuring the local DNS server to forward Internet name resolution requests to the external ISP DNS server.
Conclusion Local area network clients now have access to the Internet through the Routing and Remote Access server. To test this, clients should start a Web browser and begin accessing Web sites on the Internet.
Connecting Your Network to the Internet with Windows Server 2003
13
Microsoft® Windows® Server 2003 White Paper
Summary This white paper describes how to provide medium-sized networks with secure access to the Internet using the network address translator (NAT) services of Windows Server 2003. By configuring Windows Server 2003 as a NAT and updating the private network DNS server to forward Internet names to an ISP DNS server, companies can quickly add Internet access to their networks. In addition, with NAT technology hiding the internal client IP addresses, customers gain an increased level of Internet security.
Connecting Your Network to the Internet with Windows Server 2003
14
Microsoft® Windows® Server 2003 White Paper
Related Links See the following resources for further information: •
Windows Server 2003 Networking and Communications Services Web site at http://www.microsoft.com/windowsserver2003/technologies/networking/
•
Windows VPN Web site at http://www.microsoft.com/vpn/
For the latest information about Windows Server 2003, see the Windows Server 2003 Web site at http://www.microsoft.com/windowsserver2003/.
Connecting Your Network to the Internet with Windows Server 2003
15
Abstract In today’s business world, being connected to the marketplace and to your customers means getting connected to the Internet. Windows® Server 2003 makes it easier to securely connect your network to the Internet, enabling your employees to access the information they need. This white paper describes the steps needed to provide shared Internet access to Microsoft® Windows® XP-based clients that are directly attached to a medium-sized private network using Windows Server 2003 and network address translation.
Microsoft® Windows® Server 2003 White Paper
The information contained in this document represents the current view of Microsoft Corporation on the issues discussed as of the date of publication. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information presented after the date of publication. This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, AS TO THE INFORMATION IN THIS DOCUMENT. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation. Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property. The example companies, organizations, products, people and events depicted herein are fictitious. No association with any real company, organization, product, person or event is intended or should be inferred. © 2003 Microsoft Corporation. All rights reserved. Microsoft, Active Directory, Windows, Windows NT, and Windows logo are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners.
Microsoft® Windows® Server 2003 White Paper
Contents Contents................................................................................................................. .......................3 Introduction..................................................................................................................... ..............1 Scenario Requirements................................................................................................... ............1 Scenario Tasks........................................................................................................... .................2 Internet Connection Setup Tasks......................................................................... .......................3 Establishing an Internet Account with an ISP ....................................................... ......................3 Configuring Windows Server 2003 for Internet Access................................................................ 3 Assigning IP Addresses ..................................................................................... .....................3 Configuring Routing and Remote Access for Network Address Translation.............................4 Creating a Dedicated Internet Connection.................................................................. .............5 Creating a Demand-dial Internet Connection.................................................................. .........7 Updating the Local DNS Server for Internet Naming Resolution ............................... ...............13 Conclusion.............................................................................................................................. ...13 Summary.................................................................................................................................... ..14 Related Links............................................................................................................................ ...15
Microsoft® Windows® Server 2003 White Paper
Introduction Connecting a medium-sized office network to the Internet has traditionally been a difficult process requiring separate computers and extensive knowledge of network devices. For many, making a connection to the Internet seemed costly and difficult to manage. With Windows Server 2003, making a connection to the Internet is easier, more secure, and can be accomplished with relatively inexpensive hardware and basic Internet service provider (ISP) services. This white paper is intended for users of medium-sized Windows Server 2003 domain-based networks who want to set up Internet access and share it with local area network clients. A basic understanding of domain-based networks, Domain Name System (DNS), and the Dynamic Host Configuration Protocol (DHCP) is assumed. This paper is not intended as a comprehensive review of all routing features of Windows Server 2003; rather, it focuses on the basic Internet gateway capabilities.
Scenario Requirements This document walks you through the setup of a Windows Server 2003-based server as an Internet connection server that shares access with a local area network. It is assumed that in order to connect to the Internet you have an active account with an ISP and a physical connection to the Internet. This could be a dial-up connection (such as an analog modem or ISDN connection) or a dedicated connection using a cable modem or Digital Subscriber Line (DSL). To configure the server for Internet access sharing, you will need to configure the Routing and Remote Access service to act as a network address translator (NAT). A NAT relies on a single public IP address for the Internet and translates all internal client traffic to and from this IP address. By setting up NAT, companies benefit in the following ways: •
Lower cost NAT allows you to share a single public IP address with many internal clients, avoiding the cost of setting up multiple public Internet address accounts.
•
Increased security By hiding the IP addresses of private network clients and servers from the Internet, NAT provides an increased level of intranet security.
Connecting Your Network to the Internet with Windows Server 2003
1
Microsoft® Windows® Server 2003 White Paper
Scenario Tasks In this white paper, we will describe the following tasks: Setup and Management Tasks
•
Network setup and configuration using the network address translation capability of Routing and Remote Access
•
Configuration and setup of Routing and Remote Access service for a dedicated or demand-dial connection to the Internet
•
Configuration of the private network DNS server to forward Internet name resolution requests to an ISP DNS server
Connecting Your Network to the Internet with Windows Server 2003
2
Microsoft® Windows® Server 2003 White Paper
Internet Connection Setup Tasks The Routing and Remote Access service, which is integrated in Windows Server 2003, provides a variety of capabilities such as connecting remote users, connecting office networks, and connecting networks to the Internet. This white paper describes how to configure Windows Server 2003 to provide a basic outbound connection to the Internet that can be shared with other computers on your internal network. To set up your network for Internet access, you need to: 1. Establish
an Internet account with an ISP.
2. Configure 3. Update
Windows Server 2003 for Internet access.
your local DNS server for Internet naming resolution.
Establishing an Internet Account with an ISP You must establish an account with an ISP to access the Internet. An ISP provides the following information needed to configure your server and network environment: •
Account name and password. This is used for authentication purposes.
•
Assigned IP address. This is your public IP address associated with your account. This can be statically or dynamically assigned.
•
ISP DNS server address. This is used to forward DNS requests for Internet names to the ISP’s DNS server.
•
Phone number. For demand-dial connections, this is the number for your ISP.
Note If you plan to host a Web server or a virtual private network (VPN) remote access server, you need to request a static IP address or have an ISP that supports DNS dynamic update. Outbound Internet traffic will work with a dynamically assigned IP address, but external computers will not be able to connect to your network over the Internet. Before you set up Internet sharing, check with your ISP about any licensing limitations on shared access through a single ISP connection.
Configuring Windows Server 2003 for Internet Access Select a computer on your network that will act as the Internet connection server. This computer requires Windows Server 2003 with Routing and Remote Access configured and at least one network adapter connected to your private network. For a dedicated connection to the Internet, an additional network adapter must be installed. For a demand-dial connection to the Internet, install a modem or ISDN adapter. Assigning IP Addresses If your server is already connected to the private network, the attached network adapter should already have an IP address that was dynamically assigned by the local DHCP server. Because this server will be used as the Internet connection server, you will need to assign a static IP address to the private
Connecting Your Network to the Internet with Windows Server 2003
3
Microsoft® Windows® Server 2003 White Paper
network adapter. This static IP address should be excluded from the DHCP scope for the subnet to which the Internet connection server is attached. To communicate the server’s new role as an Internet gateway to all clients on the subnet attached to the Routing and Remote Access server, you will also need to add this static IP address to the Router (Default Gateway) DHCP option. For more information about how to add this option, see Windows Server 2003 Help and Support. If your private network consists of multiple subnets, adjust your routing infrastructure so that default route traffic is forwarded to the static IP address of the Internet connection server's private network interface. When you have two network adapters installed on the server computer, you must be able to identify which network adapter is connected to the private network and the Internet. Therefore, it is a good idea to rename the connections corresponding to the adapters with descriptive names, such as "Private Network" and "Internet." This can be done from the Network Connections folder. For this white paper, we assume that the private network adapter is named "Private Network" and is assigned a reserved static IP Address of 10.10.1.90. We also assume that the ISP assigned a static public IP address of 131.107.0.20 to your company. The public IP address should be assigned to the Internet connection. To assign IP addresses to the LAN connections: 1. Log
on the Routing and Remote Access server with an account that has administrator privileges.
2. Click
Start, point to Settings, point to Network Connections, right-click the connection connected to your private network, and then click Properties.
3. On
the General tab, under This connection uses these items, double-click Internet Protocol (TCP/IP).
4. On
the General tab, click Use the following IP address and type the appropriate IP address and subnet mask. Click OK to accept the changes to the TCP/IP protocol. Click OK to save changes to the connection.
5. If
you have a dedicated Internet connection, repeat these steps for the Internet connection, but assign the static IP address provided by your ISP.
Configuring Routing and Remote Access for Network Address Translation Routing and Remote Access can be configured to provide the following networking services: •
Remote access (dial-up or VPN) allows remote access clients to connect to this server through either a dial-up connection or a secure virtual private network (VPN) connection.
•
Network address translation (NAT) allows internal clients to connect to the network using one public IP address.
•
Virtual Private Network (VPN) access and NAT allows remote clients to connect to this server through the Internet and local clients to connect to the Internet using a single public IP address.
•
Secure connection between two private networks allows a connection between your network and a remote network, such as a branch office.
•
Custom configuration allows the selection of any of the features available in Routing and Remote Access.
Connecting Your Network to the Internet with Windows Server 2003
4
Microsoft® Windows® Server 2003 White Paper
For this deployment scenario, we are going to configure Routing and Remote Access to provide NAT services using the following procedure: 1. Click
Start, point to Programs, point to Administrative Tools, and then click Routing and Remote Access.
2. In
the contents pane, right click the server name and click Configure and Enable Routing and Remote Access. The Routing and Remote Access Server Setup Wizard appears. Click Next to view choices for several default server roles.
3. Select
Network address translation (NAT) as shown in the following figure.
4. Click
Next. If you are using a dedicated Internet connection, see "Creating a dedicated Internet connection." If you are using a demand-dial Internet connection, see "Creating a demand-dial Internet connection."
Creating a Dedicated Internet Connection In our example, we have two network adapters, one named Private Network and one named Internet. The Private Network connection is connected to the internal network and has the static IP address of 10.10.1.90. The Internet connection is configured with the IP address 131.107.0.20. 1. Continuing
the procedure from "Configuring Routing and Remote Access for network address translation", on the NAT Internet Connection page, click Use this public interface to connect to the Internet, and click the Internet connection. Leave the Enable security on the selected interface by setting up Basic Firewall check box selected. This is shown in the following figure.
Connecting Your Network to the Internet with Windows Server 2003
5
Microsoft® Windows® Server 2003 White Paper
2. Click
Next. On the Name and Address Translation Services page, click I will set up name and address services later. Because you already have DNS and DHCP services operating on your private network, you do not need the Routing and Remote Access server to provide these services. This is shown in the following figure.
3. Click
Next. On the Completing the Routing and Remote Access Server Setup Wizard page, click Finish.
4. To
add a default route, in the console tree, double-click IP Routing, right-click Static Routes, and then click New Static Route.
5. In
Interface, select the interface that corresponds to your dedicated Internet connection. In Destination, type 0.0.0.0. In Network mask, type 0.0.0.0. An example is shown in the following figure.
Connecting Your Network to the Internet with Windows Server 2003
6
Microsoft® Windows® Server 2003 White Paper
6. Click
OK.
Steps 4-6 configure a default route, making all the locations on the Internet reachable from the Routing and Remote Access server. You have finished configuring your Routing and Remote Access server as a network address translator with a dedicated Internet connection. Skip ahead to the "Updating the local DNS server for Internet naming resolution" section. Creating a Demand-dial Internet Connection Instead of having a dedicated connection to the Internet, you may choose to connect only when your private network users require access. Routing and Remote Access can automate the connection process whenever someone tries to access the Internet. In this example, we are using a modem to access the Internet instead of a network adapter. 1. Continuing
the procedure from "Configuring Routing and Remote Access for network address translation," on the NAT Internet Connection page, click Create a new demand-dial interface to the Internet. Leave the Enable security on the selected interface by setting up Basic Firewall check box selected. The basic firewall is a stateful firewall that monitors all outbound traffic and dynamically creates inbound packet filters for the response traffic. This is shown in the following figure.
Connecting Your Network to the Internet with Windows Server 2003
7
Microsoft® Windows® Server 2003 White Paper
2. Click
Next. On the Network Selection page, click the connection that is connected to the private network. This is shown in the following figure.
3. Click
Next. On the Name and Address Translation Services page, click I will set up name and address services later. Because you already have DNS and DHCP services operating on your private network, you do not need the Routing and Remote Access server to provide these services. This is shown in the following figure.
Connecting Your Network to the Internet with Windows Server 2003
8
Microsoft® Windows® Server 2003 White Paper
4. On
the Ready to Apply Selections page, click Next. The Routing and Remote Access service is configured and initialized and the Demand-Dial Interface Wizard is started.
5. On
the Welcome to the Demand-Dial Interface Wizard page, click Next.
6. On
the Interface Name page, type the name of the demand-dial interface. An example is shown in the following figure.
7. Click
Next. On the Connection Type page, click Connect using a modem, ISDN adapter, or other physical device. This is shown in the following figure.
Connecting Your Network to the Internet with Windows Server 2003
9
Microsoft® Windows® Server 2003 White Paper
8. Click
Next. On the Select a Device page, click the modem used to dial your ISP. An example is shown in the following figure.
9. Click
Next. On the Phone Number page, type the phone number to dial your ISP in Phone number or address. An example is shown in the following figure.
Connecting Your Network to the Internet with Windows Server 2003
10
Microsoft® Windows® Server 2003 White Paper
10.Click
Next. On the Protocols and Security page, click Next.
11.On
the Dial Out Credentials page, type the credentials used to make a connection to your ISP. An example is shown in the following figure.
12.Click
Next. On the Completing the Demand-Dial Interface Wizard page, click Finish.
13.In
the console tree, click Network Interfaces.
14.In
the details pane, double-click the newly created demand-dial interface.
15.Click
the Networking tab, and then double-click Internet Protocol (TCP/IP).
16.Click
Use the following IP address, and then type the public IP address assigned by the ISP in IP address. An example is shown in the following figure.
Connecting Your Network to the Internet with Windows Server 2003
11
Microsoft® Windows® Server 2003 White Paper
17.Click
OK to save changes to the TCP/IP configuration. Click OK to save changes to the demand-dial interface.
18.To
add a default route, in the console tree, double-click IP Routing, right-click Static Routes, and then click New Static Route.
19.In
Interface, select the interface that corresponds to your demand-dial connection to the Internet. In Destination, type 0.0.0.0. In Network mask, type 0.0.0.0. An example is shown in the following figure.
20.Click
OK.
Steps 18-20 configure a default route, making all the locations on the Internet reachable from the Routing and Remote Access server. You have now completed configuring a demand-dial connection to the Internet. Similar to the dedicated Internet configuration, this server now has a static private network IP address and a static public IP address provided by the ISP.
Connecting Your Network to the Internet with Windows Server 2003
12
Microsoft® Windows® Server 2003 White Paper
Updating the Local DNS Server for Internet Naming Resolution Before network clients can access the Internet, your private network DNS server needs to know how to resolve Internet domain names. For example, if someone types http://www.msn.com in an Internet browser, the private network DNS server should forward the request to resolve the www.msn.com name to the ISP DNS server. To configure DNS name resolution forwarding to the ISP DNS server: 1. Log
on to the DNS server computer with an account that has administrator privileges.
2. Click 3. In
Start, point to Programs, point to Administrative Tools, and click DNS.
the console tree, right-click the DNS server name and click Properties.
4. Click
the Forwarders tab. In Selected domain's forwarder IP address list, type the IP address of your ISP DNS server and click Add. Select the Do not use recursion for this domain check box. An example is shown in the following figure.
5. Click
OK to save changes to the DNS server properties.
You have now completed the process of configuring the local DNS server to forward Internet name resolution requests to the external ISP DNS server.
Conclusion Local area network clients now have access to the Internet through the Routing and Remote Access server. To test this, clients should start a Web browser and begin accessing Web sites on the Internet.
Connecting Your Network to the Internet with Windows Server 2003
13
Microsoft® Windows® Server 2003 White Paper
Summary This white paper describes how to provide medium-sized networks with secure access to the Internet using the network address translator (NAT) services of Windows Server 2003. By configuring Windows Server 2003 as a NAT and updating the private network DNS server to forward Internet names to an ISP DNS server, companies can quickly add Internet access to their networks. In addition, with NAT technology hiding the internal client IP addresses, customers gain an increased level of Internet security.
Connecting Your Network to the Internet with Windows Server 2003
14
Microsoft® Windows® Server 2003 White Paper
Related Links See the following resources for further information: •
Windows Server 2003 Networking and Communications Services Web site at http://www.microsoft.com/windowsserver2003/technologies/networking/
•
Windows VPN Web site at http://www.microsoft.com/vpn/
For the latest information about Windows Server 2003, see the Windows Server 2003 Web site at http://www.microsoft.com/windowsserver2003/.
Connecting Your Network to the Internet with Windows Server 2003
15
Related Documents
Connect Network
November 2019 14
Connect Your Network
June 2020 5
Connect
June 2020 17
Connect
October 2019 26
Connect Tutorial
May 2020 10