How to configure Network Address Translation in Windows Server 2003

For a Microsoft Windows 2000 version of this article, see
299801 .

IN THIS TASK

This step-by-step article describes how to install and to configure Network Address Translation (NAT) on your Microsoft Windows Server 2003-based computer.

You can use Network Address Translation functionality in Windows Server 2003 to connect multiple computers on your private network to the Internet, even if your Internet Service Provider (ISP) supplies you with only one IP address. The network translation computer uses a single Internet-exposed interface to fulfill requests from all private network clients by keeping track of IP addresses and of port numbers for all packets that are routed from the private network to the Internet and vice-versa.

back to the top

Prerequisites

To configure the Routing and Remote Access and the Network Address Translation components, your computer must have at least two network interfaces: one connected to the Internet and the other one connected to the internal network. You must also configure the network translation computer to use Transport Control Protocol/Internet Protocol (TCP/IP).

If you use dial-up devices such as a modem or an Integrated Services Digital Network (ISDN) adapter to connect to the Internet, install your dial-up device before you configure Routing and Remote Access.

Use the following data to configure the TCP/IP address of the network adapter that connects to the internal network:

TCP/IP address: 192.168.0.1
Subnet mask: 255.255.255.0
No default gateway
Domain Name System (DNS) server: provided by your Internet service provider (ISP)
Windows Internet Name Service (WINS) server: provided by your ISP
Use the following data to configure the TCP/IP address of the network adapter that connects to the external network:

TCP/IP address: provided by your ISP
subnet mask: provided by your ISP
default gateway: provided by your ISP
DNS server: provided by your ISP
WINS server: provided by your ISP
Before you continue, verify that all your network cards or all your dial-up adapters are functioning correctly.

back to the top

Configure Routing and Remote Access

To activate Routing and Remote Access, follow these steps:
  1. Click Start, point to All Programs, point to Administrative Tools, and then click Routing and Remote Access.
  2. Right-click your server, and then click Configure and Enable Routing and Remote Access.
  3. In the Routing and Remote Access Setup Wizard, click
    Next, click Network address translation (NAT), and then click Next.
  4. Click Use this public interface to connect to the Internet, and then click the network adapter that is connected to the Internet. At this stage you have the option to reduce the risk of unauthorized access to your network. To do so, click to select the Enable security on the selected interface by setting up Basic Firewall check box.
  5. Examine the selected options in the
    Summary box, and then click
    Finish.
back to the top

Configure dynamic IP address assignment for private network clients

You can configure your Network Address Translation computer to act as a Dynamic Host Configuration Protocol (DHCP) server for computers on your internal network. To do so, follow these steps:
  1. Click Start, point to All Programs, point to Administrative Tools, and then click Routing and Remote Access.
  2. Expand your server node, and then expand IP Routing.
  3. Right-click NAT/Basic Firewall, and then click Properties.
  4. In the NAT/Basic Firewall Propertiesdialog box, click the Address Assignment tab.
  5. Click to select the Automatically assign IP addresses by using the DHCP allocator check box. Notice that default private network 192.168.0.0 with the subnet mask of 255.255.0.0 is automatically added in the IP address and the
    Mask boxes. You can keep the default values, or you can modify these values to suit your network.
  6. If your internal network requires static IP assignment for some computers -- such as for domain controllers or for DNS servers -- exclude those IP addresses from the DHCP pool. To do this, follow these steps:
    1. Click Exclude.
    2. In the Exclude Reserved Addresses dialog box, click Add, type the IP address, and then click
      OK.
    3. Repeat step b for all addresses that you want to exclude.
    4. Click OK.
back to the top

Configure name resolution

To configure name resolution, follow these steps:
  1. Click Start, point to All Programs, point to Administrative Tools, and then click Routing and Remote Access.
  2. Right-click NAT/Basic Firewall, and then click Properties.
  3. In the NAT/Basic Firewall Propertiesdialog box, click the Name Resolution tab.
  4. Click to select the Clients using Domain Name System (DNS) check box. If you use a demand-dial interface to connect to an external DNS server, click to select the Connect to the public network when a name needs to be resolved check box, and then click the appropriate dial-up interface in the list.
back to the top
Properties

Article ID: 816581 - Last Review: Feb 15, 2017 - Revision: 3

Feedback