How to configure Network Address Translation in Windows Serve... http://support.microsoft.

com/kb/816581

Article ID: 816581 - Last Review: October 30, 2006 - Revision: 3.2
How to configure Network Address Translation in Windows Server
2003
For a Microsoft Windows 2000 version of this article, see 299801 (http://support.microsoft.com/kb/299801/ ) .

Prerequisites
To configure the Routing and Remote Access and the Network Address Translation components, your
computer must have at least two network interfaces: one connected to the Internet and the other one
connected to the internal network. You must also configure the network translation computer to use Transport
Control Protocol/Internet Protocol (TCP/IP).

If you use dial-up devices such as a modem or an Integrated Services Digital Network (ISDN) adapter to
connect to the Internet, install your dial-up device before you configure Routing and Remote Access.

Use the following data to configure the TCP/IP address of the network adapter that connects to the internal
network:

TCP/IP address: 192.168.0.1 Subnet mask: 255.255.255.0 No default gateway Domain Name System
(DNS) server: provided by your Internet service provider (ISP) Windows Internet Name Service
(WINS) server: provided by your ISP

Use the following data to configure the TCP/IP address of the network adapter that connects to the external
network:

TCP/IP address: provided by your ISP subnet mask: provided by your ISP default gateway:
provided by your ISP DNS server: provided by your ISP WINS server: provided by your ISP

Before you continue, verify that all your network cards or all your dial-up adapters are functioning correctly.

Configure Routing and Remote Access

To activate Routing and Remote Access, follow these steps:

1. Click Start, point to All Programs, point to Administrative Tools, and then click Routing and
Remote Access.
2. Right-click your server, and then click Configure and Enable Routing and Remote Access.
3. In the Routing and Remote Access Setup Wizard, click Next, click Network address translation
(NAT), and then click Next.
4. Click Use this public interface to connect to the Internet, and then click the network adapter that
is connected to the Internet. At this stage you have the option to reduce the risk of unauthorized
access to your network. To do so, click to select the Enable security on the selected interface by
setting up Basic Firewall check box.
5. Examine the selected options in the Summary box, and then click Finish.

Configure dynamic IP address assignment for private network clients

You can configure your Network Address Translation computer to act as a Dynamic Host Configuration Protocol
(DHCP) server for computers on your internal network. To do so, follow these steps:

1. Click Start, point to All Programs, point to Administrative Tools, and then click Routing and
Remote Access.
2. Expand your server node, and then expand IP Routing.
3. Right-click NAT/Basic Firewall, and then click Properties.
4. In the NAT/Basic Firewall Properties dialog box, click the Address Assignment tab.

1 of 2 3/21/2009 9:05 PM
How to configure Network Address Translation in Windows Serve... http://support.microsoft.com/kb/816581

5. Click to select the Automatically assign IP addresses by using the DHCP allocator check box.
Notice that default private network 192.168.0.0 with the subnet mask of 255.255.0.0 is automatically
added in the IP address and the Mask boxes. You can keep the default values, or you can modify
these values to suit your network.
6. If your internal network requires static IP assignment for some computers -- such as for domain
controllers or for DNS servers -- exclude those IP addresses from the DHCP pool. To do this, follow
these steps:
a. Click Exclude.
b. In the Exclude Reserved Addresses dialog box, click Add, type the IP address, and then click
OK.
c. Repeat step b for all addresses that you want to exclude.
d. Click OK.

Configure name resolution

To configure name resolution, follow these steps:

1. Click Start, point to All Programs, point to Administrative Tools, and then click Routing and
Remote Access.
2. Right-click NAT/Basic Firewall, and then click Properties.
3. In the NAT/Basic Firewall Properties dialog box, click the Name Resolution tab.
4. Click to select the Clients using Domain Name System (DNS) check box. If you use a demand-dial
interface to connect to an external DNS server, click to select the Connect to the public network
when a name needs to be resolved check box, and then click the appropriate dial-up interface in the
list.

APPLIES TO

Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)

Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
Microsoft Windows Server 2003, Standard Edition (32-bit x86)

Keywords: kbhowtomaster kbinfo kbhowto KB816581

Get Help Now

Contact a support professional by E-mail, Online, or Phone

Help and Support

©2009 Microsoft

2 of 2 3/21/2009 9:05 PM