Can't make more than 1,976 NAT connections through Routing and Remote Access

S’applique à : Windows Server 2008 DatacenterWindows Server 2008 R2 DatacenterWindows Server 2012 Datacenter

Symptoms


When a customer uses Routing and Remote Access as a NAT router, they may be unable to make more than 1,976 simultaneous connections through the NAT router.

Cause


The default reserved ports range for the Routing and Remote Access IPNAT service sets a limit of 1,976 ports.

Resolution


To resolve this issue, you must modify the following registry key:

HKLM\System\CurrentContolSet\Services\IPNAT\Parameters

Note If the Parameters value does not exist, you must create it.

To configure a larger port range (for example, 50,000–54,999), create a new REG_SZ (String Value) entry that's named ReservedPorts. Make sure that you use the XXXX-YYYY format.

More Information


If the server is being used only for NAT routing, the likelihood of a port conflict is minimal. However, if other processes are also used on the server, careful consideration must be taken to avoid possible port conflicts. 

For example, assume that ports 50000–54999 are reserved for the IPNAT service and that another application has also reserved ports in this range. If one of the applications consumes these ports, and they are not available for the other application, a port conflict occurs, and this causes issues with the application.

To avoid other potential conflicts, make sure that the IPNAT-reserved ports don't conflict with the ReservedPorts registry entry that's used by TCP/IP. This value can be found in the following registry location: 

HKLM\System\CurrentContolSet\Services\Tcpip\Parameters
For more information about this key, see How to reserve a range of ephemeral ports on a computer that is running Windows Server 2003 or Windows 2000 Server