Microsoft KB Archive/321516

= How to use the Windows 2000 Routing and Remote Access Service or ISA Server with a DSL router for Internet access =

Article ID: 321516

Article Last Modified on 10/30/2006

-

APPLIES TO


 * Microsoft Internet Security and Acceleration Server 2000 Standard Edition

-



This article was previously published under Q321516



SUMMARY
This article describes how to connect a computer that is running either the Microsoft Windows 2000 Server Routing and Remote Access service or Internet Security and Acceleration (ISA) Server to a cable/DSL router and to access the Internet at the same time to browse and to obtain mail access from all clients on your local area network (LAN) in a small business environment. If you use a DSL router, you do not have to use a PPPoE driver on all Windows clients and on the Windows 2000-based server. In this environment, you have to make sure that you are using the correct routing configuration on both the DSL router and the server that is running either Routing and Remote Access or ISA Server. The DSL router has to know about all networks that are behind the Windows 2000-based server to be able to return all answers to the client's LAN.



MORE INFORMATION
The following configuration is an example of a network and an IP configuration:

Internet |--| IP-address_from_ISP - DSL_Router - 192.168.1.1 |--| 192.168.1.2 - Windows2000_Server - 192.168.168.249 |--| Hub_or_switch |--| Clients

This configuration uses the following settings:
 * DSL Router

IP address: 192.168.1.1

Subnet Mask: 255.255.0.0
 * Windows 2000-Based Server

DSL network adapter IP address: 192.168.1.2

Subnet Mask: 255.255.255.0

Gateway: 192.168.1.1

LAN network adapter IP address: 192.168.168.249

Subnet Mask: 255.255.255.0

The default gateway of the DSL network adapter (external network) points to the IP address of the DSL router.
 * Client Workstation

LAN network adapter IP address: 192.168.168.10

Subnet Mask: 255.255.255.0,

Gateway: 192.168.168.249

To create the scenario that is described in the &quot;Summary&quot; section of this article, set the default gateway of all clients to the IP address of the LAN network adapter of the Windows 2000-based server. Set the DNS server entry on all network adapters to the IP address of the ISP's DNS server or to the IP address of the DSL router if it is configured as a DNS server.

If you experience connectivity issues on clients, check the routing table on the DSL router. You can access most devices by using an HTTP Web page (for example (http://192.168.1.1). If the route is not present, add a static route to the client's network. To do so, use the following settings:

Active Routes

Network_Destination: 192.168.168.0

Netmask: 255.255.255.0

Gateway: 192.168.1.2

Interface: 192.168.1.1

Metric: 1

ISA Server has a built-in routing functionality. For more information about this functionality, see the Microsoft ISA Server 2000 Standard Edition Online Help. For additional information about the correct setting for internal and external network adapters and the Local Address Table (LAT), click the following article number to view the article in the Microsoft Knowledge Base:

300876 How to connect your company to the Internet by using ISA Server 2000 with Windows 2000

Useful Hints
 Make sure that you are using the latest firmware updates for your DSL router. Most DSL devices have to be restarted after you make a configuration change. After you restart the device, the switching table is rebuilt if the router has a built-in switch technology. Review the documentation of your DSL router. If you do not have the manuals, see the manufacturer's Web site. For information about how to contact the manufacturer of your router, click the appropriate article number in the following list to view the article in the Microsoft Knowledge Base:

65416 Hardware and Software Third-Party Vendor Contact List, A-K

60781 Hardware and Software Third-Party Vendor Contact List, L-P

60782 Hardware and Software Third-Party Vendor Contact List, Q-Z





Known Issues
 If are using a virtual private network (VPN), the router must be able to handle two VPN connections at the same time. However, some routers cannot handle two VPN tunnels at the same time. A router and firewall must be able to pass TCP port 1723 (Point-to-Point Tunneling Protocol [PPTP]) and Generic Route Encapsulation (GRE) protocol 47 for PPTP traffic to connect correctly. When a cable/DSL router cannot map GRE protocol 47 to the Routing and Remote Access server, you cannot connect to the server from the Internet.

To resolve this issue, set the Routing and Remote Access server to &quot;DMZ host&quot; mode in the DSL router configuration and configure it to pass TCP port 1723 (for PPTP/VPN). Alternatively, you can let the router pass all requests using network address translation (NAT) with IP address translation, but without TCP port translation, and then assign a public address to the external network adapter of the Routing and Remote Access server. For additional information about this issue, click the following article number to view the article in the Microsoft Knowledge Base:

308208 How to install and configure a Virtual Private Network server in Windows 2000

</li> If you are using a DSL router that is configured for NAT, you must configure it to pass TCP port 25 traffic to receive e-mail messages from Internet. TCP port 80 is used for Web browsing.</li> If you experience connectivity problems to the Internet on a computer that is running Microsoft Windows XP, make sure that Quality of Service (QoS) Packet Scheduler is running on the Windows XP client.</li></ul>

<div class="moreinformation_section">

How to Configure a Linksys BEFSR41 4-Port Cable/DSL Router to Route PPTP Traffic to a Windows 2000-Based VPN Server

 * 1) Open the Advanced Features of the router, and then open Port Forwarding.

For more information about how to perform this step, see the user manual for the router.
 * 1) Set the port 47 and port 1723 to the specified computer's IP address. Make sure you have the latest firmware version.
 * 2) Configure the perimeter network (also known as DMZ, demilitarized zone, and screened subnet) host IP address (the internal IP address of the PPTP server).

For more information about this procedure, visit the following Linksys Web site:

http://www.linksys.com/servlet/Satellite?childpagename=US%FLayout&amp;packedargs=c%3DL_Product_C2%26cid%3D1115416832116&pagename=Linksys%2FCommon%2FVisitorWrapper

<div class="references_section">