How to Use NAT for Incoming RAS Connections on the Same RRAS Server
Article ID : 310888
Last Review : September 22, 2003
Revision : 3.0
This article was previously published under Q310888
On this page
SUMMARY
MORE INFORMATION
SUMMARY
This article describes how to enable Internet connectivity for
incoming Remote Access Service (RAS) clients that are using Network
Address Translation (NAT) on the same server.
MORE INFORMATION
If you have one Routing and Remote Access Service (RRAS) server that
acts as both a RAS server for dial-in or VPN clients and as a NAT
server for LAN clients, the LAN clients can access the Internet, but
RAS clients have no Internet connectivity.
The reason for this is because the RRAS server treats the incoming RAS
connections as an external connection and attempts to route these
packets to the Internet. This does not work if the incoming RAS
connections are using a private IP address range. These addresses are
not routable on the Internet.
You can use either of the following two methods to work around this
behavior: â Use separate servers. Use one RRAS server for incoming VPN
or dial-up RAS connections and a different RRAS server for NAT
connectivity to the Internet.
â RRAS uses the interface named "Internal" as an endpoint for the
incoming RAS connections and can be used as a private interface under
NAT in RRAS. However, using the RRAS MMC, you cannot add the
"Internal" interface to NAT. To correct this problem, run the
following command from the command prompt:
netsh routing ip nat add interface internal private
This command adds the interface (named "Internal" in this example) to
NAT as a private interface. After you run this command, you should be
able to refresh the Routing and Remote Access administration tool and
see that the interface named "Internal" has been added to NAT as a
private interface. This change allows the incoming RAS connections to
be treated as private interfaces. Then, the RRAS server would use NAT
for those connections.
On Sat, 19 Feb 2005 12:15:46 +0700, [EMAIL PROTECTED]
<[EMAIL PROTECTED]> wrote:
>
> Dear members,
>
> Saya saat ini sedang mensetup RAS di win 2000 server.
> Tujuannya agar user yg dial in ke server dapat browsing internet dengan
> menggunakan ip gateway internet misal 10.20.5.AAA
> Muncul problem yaitu user dapat dial dan login ke server tapi tidak dapat
> browsing internet.
> OS yg dipakai user adalah win2000 pro
> Ketika saya check di komp user dengan menggunakan perintah ipconfig didapat
> ip gatewaynya bukan 10.20.5.AAA .
> BAgaimana settingan RAS agar user yg dial in ke server mendapatkan ip
> gateway 10.20.5.AAA ?
>
> Mohon Solusinya
>
> Terima kasih
>
> --
> www.ITCENTER.or.id - Komunitas Teknologi Informasi Indonesia
> Info, Gabung, Keluar, Mode Kirim : [EMAIL PROTECTED]
> ::: Hapus bagian yang tidak perlu (footer, dst) saat reply! :::
> ## Forum: ITCENTER.or.id/forum ## Jobs: ITCENTER.or.id/jobs ##
>
>
> Yahoo! Groups Links
>
>
>
>
>
--
www.ITCENTER.or.id - Komunitas Teknologi Informasi Indonesia
Info, Gabung, Keluar, Mode Kirim : [EMAIL PROTECTED]
::: Hapus bagian yang tidak perlu (footer, dst) saat reply! :::
## Forum: ITCENTER.or.id/forum ## Jobs: ITCENTER.or.id/jobs ##
Yahoo! Groups Links
<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/ITCENTER/
<*> To unsubscribe from this group, send an email to:
[EMAIL PROTECTED]
<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.com/info/terms/
