How to use the Windows Server 2003 Routing and Remote Access Service or ISA Server 2006 or ISA Server 2004 with a DSL router for Internet access (837453)
The information in this article applies to:
- Microsoft Internet Security and Acceleration Server 2004, Standard Edition
- Microsoft Internet Security and Acceleration Server 2006 Standard Edition
- Microsoft Internet Security and Acceleration Server 2006 Enterprise Edition
- Microsoft Internet Security and Acceleration Server 2004, Enterprise Edition
For a Microsoft Internet Security and
Acceleration (ISA) Server 2000 version of this article, see
321516. SUMMARY This article describes how to connect a computer that is
running either the Microsoft Windows Server 2003 Routing and Remote Access
service or Internet Security and Acceleration (ISA) Server 2006 or ISA Server 2004 to a cable/DSL
router and to access the Internet for browsing and e-mail for all clients on
your local area network (LAN). If you use a DSL
router, you do not have to use a Point to Point Protocol over Ethernet (PPPoE)
driver on all Windows clients and on the Windows 2003-based server. In this
environment, you have to make sure that you are using the correct routing
configuration on both the DSL router and the server that is running either
Routing and Remote Access or ISA Server. The DSL router has to know about all
networks that are behind the Windows 2003-based server to be able to return all
answers to the client's LAN. MORE INFORMATION The following configuration is an example of a network and
an IP configuration: Internet |--| IP-address_from_ISP - DSL_Router -
192.168.1.1 |--| 192.168.1.2 - Windows_Server_2003 - 192.168.168.249 |--|
Hub_or_switch |--| Clients This configuration uses the following
settings: - DSL router
IP address: 192.168.1.1
Subnet Mask: 255.255.0.0
- Windows 2003-based server
DSL network adapter IP address: 192.168.1.2
Subnet
Mask: 255.255.255.0
Gateway: 192.168.1.1
LAN network adapter IP
address: 192.168.168.249
Subnet Mask: 255.255.255.0
The default
gateway of the DSL network adapter (external network) points to the IP address
of the DSL router. - Client workstation
LAN network adapter IP address: 192.168.168.10
Subnet Mask: 255.255.255.0,
Gateway: 192.168.168.249
To create the scenario that is described in the "Summary"
section of this article, set the default gateway of all clients to the IP
address of the LAN network adapter of the Windows 2003-based server. Set the
DNS server entry on all network adapters to the IP address of the ISP's DNS
server or to the IP address of the DSL router if it is configured as a DNS
server. If you experience connectivity issues on clients, check the
routing table on the DSL router. You can access most devices by using an HTTP
Web page (such as http://192.168.0.1). If the route is not present, add a
static route to the client's network. To do so, use the following
settings: Active Routes
Network_Destination: 192.168.168.0
Netmask: 255.255.255.0
Gateway: 192.168.1.2
Interface: 192.168.1.1
Metric: 1
ISA Server has a built-in routing functionality. For
more information about this functionality, see the Microsoft ISA Server Help.
For additional information
about the correct setting for internal and external network adapters and the
Local Address Table (LAT), click the following article number to view the article in the Microsoft Knowledge Base:
300876
How to connect your company to the Internet by using ISA Server 2000 with Windows 2000
Useful hints- Make sure that you are using the latest firmware updates
for your DSL router.
- Most DSL devices have to be restarted after you make a
configuration change. After you restart the device, the switching table is
rebuilt if the router has a built-in switch technology.
- Review the documentation of your DSL router. If you do not
have the manuals, see the manufacturer's Web site.
For
information about how to contact the manufacturer of your router, click the
appropriate article number in the following list to view the article in the
Microsoft Knowledge Base:
65416 Hardware and Software Third-Party Vendor Contact List, A-K
60781 Hardware and Software Third-Party Vendor Contact List, L-P
60782 Hardware and Software Third-Party Vendor Contact List, Q-Z
For more information about how to configure DNS settings on an
ISA Server interface, visit the following Microsoft Web site:
Known issues- If you use a virtual private network (VPN), the router must
be able to handle two VPN connections at the same time. However, some routers
cannot handle two VPN tunnels at the same time.
- A router and firewall must be able to pass TCP port 1723
(Point-to-Point Tunneling Protocol [PPTP]) and Generic Route Encapsulation
(GRE) protocol 47 for PPTP traffic to connect correctly. When a cable or DSL
router cannot map GRE protocol 47 to the Routing and Remote Access server, you
cannot connect to the server from the Internet.
To resolve this
issue, set the Routing and Remote Access server to "DMZ host" mode in the DSL
router configuration and configure it to pass TCP port 1723 (for PPTP/VPN).
Alternatively, you can let the router pass all requests using network address
translation (NAT) with IP address translation, but without TCP port
translation, and then assign a public address to the external network adapter
of the Routing and Remote Access server.
For additional information about this issue, click the following article number to view the article in the Microsoft Knowledge Base:
323441
How to install and configure a Virtual Private Network Server in Windows Server 2003
- If you use a DSL router that is configured for NAT, you
must configure it to pass TCP port 25 traffic to receive e-mail messages from the
Internet. TCP port 80 is used for Web browsing.
- If you experience connectivity problems to the Internet on
a computer that is running Microsoft Windows XP, make sure that Quality of
Service (QoS) Packet Scheduler is running on the Windows XP client.
How to configure a Linksys BEFSR41 four-port cable/DSL router to route PPTP traffic to a Windows Server 2003-based VPN server- Open Advanced Features for the router, and then open
Port Forwarding.
For more information about how to perform this step, see
the user manual for the router. - Set port 47 and port 1723 to the specified computer's
IP address. Make sure that you have the latest firmware version.
- Configure the perimeter network (also known as DMZ,
demilitarized zone, and screened subnet) host IP address (that is, the internal IP
address of the PPTP server).
Microsoft
provides third-party contact information to help you find technical support.
This contact information may change without notice. Microsoft does not
guarantee the accuracy of this third-party contact information.
The
third-party products that are discussed in this article are manufactured by
companies that are independent of Microsoft. Microsoft makes no warranty,
implied or otherwise, regarding the performance or reliability of these
products.
REFERENCES
For additional information, click the following article numbers to view the articles in the Microsoft Knowledge Base:
314076
How to configure a connection to a virtual private network (VPN) in Windows XP
306802 How to configure Small Business Server for full time Internet access with two network adapters
283165 How to change the PPPoE MTU size in Windows XP
252416 Internet printing may not work on a Network Address Translation server
| Modification Type: | Major | Last Reviewed: | 9/29/2006 |
|---|
| Keywords: | kbISA2006Swept kbFirewall kbenv kbinfo KB837453 kbAudITPRO |
|---|
|