The information in this article applies to:
- Microsoft Windows NT Workstation versions 3.51 and 4.0
- Microsoft Windows NT Server version 3.51 and 4.0
SUMMARY
Microsoft Windows NT 3.51 and later includes routing capabilities that can be used to connect local area networks (LANs) and dial-up connections using Remote Access Service (RAS) and the TCP/IP protocol.
Note that Windows NT 3.51 and 4.0 (without Routing and Remote Access) were not specifically designed to route IP over RAS links. As stated above, Microsoft Routing and Remote Access is the recommended (and the only supported) solution for routing IP (and IPX) over a RAS link.
This document provides the necessary information to configure Windows NT 3.51 and 4.0 (without Routing and Remote Access) in the following scenarios:
- Configuring a Windows NT RAS client to route IP over a RAS link (Windows NT 3.51 and 4.0)
- Configuring Windows NT-to-Windows NT RAS routing (Windows NT 4.0 only)
This document also includes troubleshooting information for both routing scenarios. It is divided into the following sections:
- Routing overview.
- Configuring a Windows NT RAS client to connect your LAN to the Internet.
- Troubleshooting a Windows NT-to-Internet IP RAS routing configuration.
- Configuring Windows NT-to-Windows NT IP RAS routing.
- Troubleshooting a Windows NT-to-Windows NT IP RAS Routing configuration.
NOTE: The preferred, and the only, Microsoft-supported RAS/Routing configuration is Microsoft Routing and Remote Access for Windows NT 4.0, which is available at the following location:
http://www.microsoft.com/ntserver/commserv/exec/feature/routing.asp
This article does not discuss the configuration of Microsoft Routing and Remote Access. See the Routing and Remote Access Administrator's Guide for details.
It is highly recommended that Microsoft Routing and Remote Access for Windows NT 4.0 be adopted in all RAS Routing scenarios. If you do not have Routing and Remote Access for Windows NT 4.0, the information in this article may be helpful in configuring your Windows NT computer to route IP over a RAS connection.
Routing Overview
This section provides a general overview on routing concepts.
What is a router? A router helps LANs and WANs achieve interoperability and connectivity, and it can link LANs that have different network topologies, such as Ethernet and Token Ring.
How do routers work? Each packet sent over a LAN has a packet header that contains source and destination address fields to indicate where the packet originated from, and where it is going to. Routers work by examining packet headers, figuring out where the packets need to go, and sending them to the correct destination. They connect LANs and WANs together while optimizing network performance. For instance, for a packet to go from Computer X to Computer Z in this illustration, the best route uses only one hop. If Router 1 is the default router for X, the packet will be rerouted through Router 2 and Computer X will be notified of the route to use to get to Computer Z.
|--------------|
| Computer 'X' |
|--------------|
|
|
|-----------------|
| |
|----------| |----------|
| Router 2 | | Router 1 |
|----------| |----------|
| |
| |--|
| |
|----| |----------|
| | Router 3 |
| |----------|
| |
| |
|--------------|
| Computer 'Z' |
|--------------|
Multiple Network Adapters: One common scenario is where a multihomed Windows NT Server is placed 'between' the Internet and a LAN. In this case, the Windows NT computer is responsible for forwarding packets between the LAN and the router that is connected to the Internet (usually via a ISDN, PPP, Frame Relay, or T1 connection) and vice-versa. This is a simple multihomed configuration that is relatively easy to configure.
For additional information, see the following article in the Microsoft Knowledge Base:
ARTICLE-ID: Q140859
TITLE : TCP/IP Routing Basics for Windows NT
For information on configuring Windows NT routing between two or more network adapters, see Chapter 4 of the Windows NT 4.0 Networking Supplement, or Chapter 2 of the Windows NT 3.51 TCP/IP documentation. Windows NT 4.0 includes the MPR components on the compact disc. Also, if you have a multihomed (more than one network adapter) computer running Windows NT 3.51 that is connected through routers to other LANs, and you need to exchange routing information with routing information protocol (RIP) routers, you will need to install the Multi-Protocol Router (MPR) update. The MPR components for Windows NT 3.51 can be found at the following location:
ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/NT351/
ussp5/mpr
Routing and RAS: When Windows NT is configured as a router, it forwards all IP packets to the appropriate interfaces. In the case where the Windows NT computer is connected to the Internet and a LAN, and IP forwarding is configured correctly on the Windows NT computer, you are effectively making your LAN part of the Internet. Knowing this, and knowing the inherent security risks of being connected to the Internet, it is very important to provide adequate security measures on computers on your LAN.
If you are planning to connect your LAN to the Internet, it is highly recommended that you research network and Internet security before proceeding. For information on Microsoft networks and security, see the following web site:
http://www.microsoft.com/security/
In addition to providing routing services between multiple LAN adapters, a computer running Windows NT that is connected to a LAN and a RAS connection (usually to the Internet) can provide router functionality by forwarding packets between a LAN and the Internet. This document describes this configuration and provides troubleshooting information.
Using Windows NT and Remote Access to Connect Your LAN to the Internet
This section on using Windows NT and RAS to connect your LAN to the Internet has the following subsections:
- Overview
- Requirements
- Example
- Step-by-step configuration
Overview:
Windows NT RAS version 3.5x and later was not specifically designed to route IP from a large local area network (LAN) over a dial-up link. However, by correctly configuring both the Windows NT RAS computer acting as a router, and the other computers on your LAN with the correct TCP/IP settings, you can use the computer running Windows NT RAS as a simple router to the Internet. Also, for this to work correctly, your ISP must add a route for your network to their router (this is explained later).
When you are setting up the Windows NT RAS client, it is very important to explain to the ISP that you are using this dial-in connection as a router to connect your LAN to the Internet. One common problem is that the ISP is simply not aware that there is a LAN attached to the dial-in connection, and that the ISP needs to add a route on its PPP server/router to send packets back to your Windows NT RAS client.
Also, if you are given a Class C range of IP addresses by your ISP, and you want to use those Class C addresses on your LAN, you must either:
- Get one additional IP address that is not part of that Class C network to use on the Windows NT RAS Adapter.
-or-
- Subnet your Class C address. For information on subnetting your Class C network, consult a TCP/IP manual or contact your ISP.
Requirements:
The following requirements are necessary for using a Windows NT RAS client as a dial-up router between your LAN and the Internet. These are described in detail later in this document.
- A computer running Windows NT 3.51 (or later) with a high-speed RAS adapter (ISDN adapter, modem, and so on), and a network adapter connected to your LAN.
- A Point-to-Point Protocol (PPP) connection to the Internet.
- A valid block of IP addresses (or subnet) for the clients on your LAN. This block of addresses must be different from the subnet that the ISP uses for its modems/routers. When you receive the list of valid addresses you can use on your LAN, you should also receive information on which subnet mask to use for the clients on your LAN.
- An IP address for the RAS adapter (on the computer running Windows NT) that is not part of the block of addresses that you are using on your LAN.
- The ISP must add a route on its router that forwards IP packets (destined for your subnet) to your Windows NT RAS client computer.
- The proper registry entries on the computer running Windows NT acting as a router. Correct IP address, subnet mask, default gateway, and DNS defined on the LAN clients.
For your computer(s) to be identified on the Internet using names, rather than IP addresses, you also need a domain name. Your ISP should be able to assist you in obtaining and registering a domain name.
Example:
Below is a diagram of an example using RAS as an Internet router, which is explained below:
|----------|
| Internet |
|----------|
|
|----------| IP address of dial-in adapter:
| ISP | 205.84.169.5
|----------| (ISP uses subnet 198.220.250.1-15
| for dial-in clients)
|
|
ISP-provided subnet |---------------| IP address of dial-up adapter:
used on LAN: | NT RAS | 198.220.250.1
198.220.250.16-31 | server/router |
|---------------| IP address of LAN card
| 198.220.250.17
| 255.255.255.240 subnet mask
| NO default gateway specified.
|
|---------------------------------|
| | |
|---------| |---------| |---------|
| client1 | | client2 | | client3 |
|---------| |---------| |---------|
IP address: 198.220.250.18 198.220.250.19 198.220.250.20
Subnet mask: 255.255.255.240 255.255.255.240 255.255.255.240
Default gateway: 198.220.250.17 198.220.250.17 198.220.250.17
NOTE: The above addresses are provided as an example only. Use ONLY IP
addresses that are provided to your by your ISP.
In the above diagram, because we are using a 255.255.255.240 subnet mask, the IP address 198.220.250.16 is actually the network address for the LAN itself, and cannot be used as the IP address on any client on the LAN. Also, the 198.220.250.31 address is the broadcast address for the LAN, and cannot be used as the IP address on any client on the LAN.
Step-by-Step Configuration:
To configure your Windows NT RAS client and LAN for routing to the Internet over a dedicated PPP account, perform the following steps.
Suggestion--Print out this article and check each item as you complete each step:
Install the TCP/IP protocol and RAS on the Windows NT computer that will act as your router. When configuring the LAN adapter, it is very important that its IP address is on a different subnet than the IP address that the RAS Adapter is using. This is because Windows NT makes routing decisions based on the destination IP address of packets. If both adapters have IP addresses on the same subnet, Windows NT has no way to determine which adapter to forward the packet to.
If your ISP only provided a block of IP addresses, such as 198.24.22.1- 255, then you need to either 1) get one additional IP address from your ISP (which is not in the range of the IP addresses that was assigned to you) to use for your RAS Client or 2) Subnet your range of addresses. For information on subnetting your addresses, consult a TCP/IP manual or your ISP. On the Windows NT RAS computer that will route IP packets from the LAN to the Internet, add the value DisableOtherSrcPackets to the following Registry path, and then set the value to 0.
WARNING: Using Registry Editor incorrectly can cause serious, system- Wide problems that may require you to reinstall Windows NT to correct them. Microsoft cannot guarantee that any problems resulting from the use of Registry Editor can be solved. Use this tool at your own risk.
a. Start Registry Editor (Regedt32.exe) and go to the following
registry key:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\RasArp\
Parameters
b. From the Edit menu, click Add Value.
c. Enter the following value:
Value name: DisableOtherSrcPackets
Value Type: REG_DWORD
Range: Boolean (0 or 1)
Default: 1 (not in Registry)
d. Exit Registry Editor.
NOTE: This change to the Windows NT registry requires the computer to
be restarted to take effect. Do not restart the computer right now,
though, because there are some additional settings that must be
changed.
What this does: By default, the header of each packet sent by the RAS
computer over the PPP link uses the IP address of the RAS computer as
the source. Because the packets that come from LAN clients are not
originating from the RAS computer, you must set DisableOtherSrcPackets
to 0 so that the packets will be forwarded over the PPP link.
If the subnet you have is on the same logical IP subnet as your service provider (which is likely in this scenario), you must also add the value PriorityBasedOnSubNetwork to the registry of the RAS computer that routes packets from the LAN to the Internet, and set this parameter to 1.
A computer can connect to the LAN using a network card and a RAS connection. If the RAS connection and the LAN network adapter are assigned addresses with the same network number and the Use Default Gateway On Remote Network check box is selected, all packets are sent over the RAS connection, even though the two addresses are in different subnetworks within the same network.
For example, if the network adapter card has IP address 17.1.1.1 (subnet mask 255.255.0.0) and the RAS connection is assigned the address 17.2.1.1, RAS sends all 17.x.x.x packets using the RAS connection. If the parameter is set, RAS sends 17.2.x.x packets using the RAS connection and 17.1.x.x packets using the network adapter.
a. Start Registry Editor (Regedt32.exe) and go to the following subkey:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\RasMan\
PPP\IPCP
b. From the Edit menu, click Add Value.
c. Enter the following value:
Value Name: PriorityBasedOnSubNetwork
Value Type: REG_DWORD
Range: Boolean (0 or 1)
Default: 0 (not in registry)
d. Exit Registry Editor.
NOTE: This change to the Windows NT registry requires the computer to
be restarted to take effect. Again, do not restart yet as there is
still one more change to make on the Windows NT RAS computer.
For additional information on the PriorityBasedOnSubNetwork registry
entry, see the following article in the Microsoft Knowledge Base:
ARTICLE-ID: Q143168
TITLE : Routing IP Packets to Network Adapter Rather than RAS
- Enable IP routing on the Windows NT RAS computer. If the computer running Windows NT is using version 3.51, go to the Network Control Panel, click the TCP/IP Properties, click the Advanced button, and select the Enable IP Routing check box. If you are using Windows NT 4.0, go to the Network Control Panel, click the TCP/IP Properties, click the Routing tab, and select the Enable IP Forwarding check box. Click OK until you are prompted to restart the Windows NT RAS computer. After you restart, this setting (and the above registry changes) will take effect.
- Ensure that your ISP has created a route on the ISP router that forwards IP packets that are destined for your subnet (that you are using on your LAN) to your Windows NT RAS computer. In the example above, the ISP would create a route that forwards all packets for the 198.220.250.16 subnet (the subnet in use on the LAN) to the 198.220.250.1 IP address on the Windows NT server. Without this entry, the clients on the LAN will be able to send packets to the Internet, but any replies to those packets will not know how to get back to the LAN.
Install TCP/IP on all the computers on the LAN (that need to get to the Internet). Each computer on the Internet requires a unique IP address. It is very important to use "real" IP addresses when connecting to the Internet, not randomly assigned addresses. Your ISP will provide you with IP addresses to use on your computers.
TIP: One easy way to ensure that you do not have IP address conflicts on your LAN is to install the Microsoft Dynamic Host Configuration Protocol (DHCP) service on your computer running Windows NT Server. DHCP enables the network administrator to create a pool of addresses that the clients on the LAN lease from the server. This provides several benefits:
- Prevents the network administrator from having to enter the IP
address, subnet mask, default gateway, and so on for each user's
computer when installing TCP/IP. Just install TCP/IP, configure
it to use DHCP, and restart. This prevents two of the most common
TCP/IP configuration problems: using an incorrect subnet mask or
using an incorrect IP address.
- Reduces possibility of having duplicate IP address conflicts. This
is also another very common TCP/IP configuration problem.
- Allows the network administrator to change settings (such as DNS
server address) without having to go to each user's computer.
- If we were configuring a DHCP server in the example above, a scope
would be created that offers the addresses from 198.220.250.18 to
198.220.250.30.
For additional information about DHCP, see the following articles in the Microsoft Knowledge Base:
ARTICLE-ID: Q169289
TITLE : DHCP (Dynamic Host Configuration Protocol) Basics ARTICLE-ID: Q139904 TITLE : How To Configure Your DHCP Server Scope A white paper on DHCP and WINS Implementation, Architecture and Planning is available at: ftp://ftp.microsoft.com/bussys/winnt/winnt-docs/papers/dhcpwins.exe Configure the default gateway of the computers on the LAN (that are using TCP/IP) so that their default gateway is the IP address of the LAN adapter on the computer running Windows NT Server. A default gateway is an IP address (which is a router of some type; in this case, the computer running Windows NT) where a clients sends packets that have a destination which is not on their local network.
The default gateway is configured as one of the settings for the TCP/IP protocol. The location of this setting varies depending on operating system and TCP/IP stack. For example, on a computer running Windows 95, the default gateway is configured in the Network Control Panel, in the TCP/IP Properties.
The default gateway for the computer running Windows NT (acting as the router to the Internet) should be left blank. Refer to the diagram above to determine the correct assignment pattern of IP addresses, subnet masks, and default gateways. Configure a Domain Name Service (DNS) server address on the computers on the LAN. A DNS provides host name to IP address mapping. For example, if you wanted to visit the Microsoft Web site, you would enter http://www.microsoft.com instead of http://207.68.137.56. Check with your ISP to find out the IP address of the DNS server address to use for your clients. If you are using Windows NT 4.0, you can install the DNS server in the Network Control Panel.
For information on the DNS server in Windows NT 4.0, see the following Web page:
http://www.microsoft.com/ntserver/info/dnsintegration.htm - Dial into the ISP from the Windows NT RAS client.
- Now your computer running Windows NT should be acting as a router between your LAN and the Internet. You can test the configuration by attempting to communicate with a computer on the Internet from the RAS client, and from a client on your LAN. One easy way to do this is to type "ping www.internic.net" at a command prompt. If this does not work, see the next section on Troubleshooting.
Troubleshooting Windows NT-to-Internet IP RAS Routing
Isolating a network problem involving routers appears very complicated at first, but, when done in a step-by-step process, can actually be fairly easy to isolate. Use the following steps to determine exactly where the problem is occurring.
NOTE: Information on troubleshooting Windows NT-to-Windows NT routing is covered later in this document.
Test the Windows NT-to-Internet connection: The first step in troubleshooting a Windows NT RAS Routing problem is to ensure that the Windows NT RAS Client can access resources on the Internet. If the Windows NT RAS Client itself cannot get to computers on the Internet, it is highly unlikely that it will perform correctly as a router to the Internet.
a. With your Windows NT RAS client connected to your ISP, run the Dial-
Up Networking Monitor (which is an icon on the Taskbar), select the
active RAS connection, and then click the Settings button. This will
show the IP address of the modem on the PPP server that you are
dialed into.
b. Attempt to ping the address of the server identified in step a. To
do this, open a command prompt and type "ping aaa.bbb.ccc.ddd"
(where aaa.bbb.ccc.ddd is the IP address of the PPP server that you
are connected to). This will send four diagnostic packets to your
PPP server. You should see replies to these four packets. If you do
not get replies, there is probably a problem with the IP address you
are using (if specifying an address), or a problem with the PPP
server. To resolve this problem, contact your ISP and ensure you are
using a valid IP address on your RAS Client.
c. Once you can ping the PPP server, the next troubleshooting step is
to attempt to ping something on the Internet. With your Windows NT
RAS client connected to your ISP, open a Command Prompt and type
"ping www.microsoft.com". You should see replies to these four
packets.
NOTE: For the above test to work, you must have a DNS Server
configured on your Windows NT RAS client. Check with your ISP to
find out the IP address of a DNS Server to use on your RAS client.
d. If you do not have a DNS configured, type 'ping 207.68.137.56'
instead (this is one of the IP addresses for WWW.MICROSOFT.COM). If
this does not work, try to ping 198.49.45.10, or some other known IP
address.
e. If you still cannot ping any IP addresses on the Internet, but you
can ping the PPP adapter you are dialed into, then there is probably
a problem with a router at your ISP. Contact your ISP for
troubleshooting assistance.
For additional information on troubleshooting problems between the Windows NT RAS client and the Internet, also see the following article in the Microsoft Knowledge Base:
ARTICLE-ID: Q163391
TITLE : Troubleshooting Problems Communicating on the Internet Test the LAN-to-ISP connection: After we have confirmed that the Windows NT RAS client can communicate with servers on the Internet, we can proceed to troubleshoot the LAN-to-ISP (and Internet) connection. This step involves using Windows NT RAS Monitor on the Windows NT RAS computer. RAS Monitor starts automatically when the Remote Access client is started, unless that option was disabled in the Options menu of Remote Access. Also, if you have an external RAS adapter (modem or ISDN adapter), you can watch the transmit light on that device (instead of RAS Monitor) as we perform the next step.
a. Ping the ISP from the LAN: Attempt to ping the ISP's PPP server
(which we determined in step 1a above) from a client on your LAN.
You should see the transmit light of RAS Monitor (or your external
RAS Adapter) flash four times. If the lights blink four times, the
computer running Windows NT has forwarded the packets to the ISP. If
the lights do not blink four times, skip down to step 3.
If you do get replies on the client, the next step is to try to ping
a server on the Internet (see step 1d for details). If this works,
your configuration is working correctly and you are done.
b. Route problem? If the client does not get a reply to the ping, but
the lights on the RAS Monitor (or your RAS adapter) did blink 4
times, this means that your ISP's router does not know how to get
packets back to the LAN, or possibly (but not likely) that your IP
settings on the computer running Windows NT are configured
incorrectly. In this case, double-check your IP settings on your
Windows NT RAS client; if they are correct, contact your ISP to make
sure the ISP has added a route for your LAN's subnet. At this point
in the troubleshooting process, the problem is not a Windows NT
issue; contact your ISP for assistance.
If the ISP has added the route, have the ISP (from the ISP PPP
server) try to ping both the IP address of the modem you are dialed
in with and the LAN adapter on the Windows NT RAS client. If the ISP
can ping your RAS adapter, but not your LAN adapter, the route on
the ISP for your LAN may not be configured correctly, or the IP
addresses on the computer running Windows NT may have been entered
incorrectly. For example, if you are using a 255.255.255.224 subnet
on your LAN, and you ISP has a route defined for a x.x.x.208 network
(which would be valid for a 255.255.255.240 subnet), the ISP would
not be able to ping anything on your LAN.
There is another way to confirm that the ISP has not added the route
for your LAN to the router. This requires a second dial-in
connection to the Internet, preferably through another ISP, from a
computer that is not connected to your LAN. With the computer
running Windows NT dialed into the ISP (and the Internet), attempt
to ping the RAS adapter, and then the LAN adapter, on the computer
running Windows NT. If the ping to the modem works, and the ping to
the LAN adapter fails, then we can conclude that no route exists on
the Internet for the LAN subnet. In this case, contact your ISP and
ask the ISP to add the route for your LAN. If you cannot ping the
RAS adapter of the Windows NT RAS client that is dialed in, there
may be a problem with the IP address that the RAS client is using,
or a problem on the ISP's PPP server/router. In this case, verify
that you are using the IP address that was given to you by your ISP;
if it is correct, contact your ISP for assistance.Troubleshoot a LAN problem: If you attempt to ping the ISP's PPP server, and RAS Monitor (or your external RAS adapter) does NOT blink 4 times, check the following items:
a. Ping the loopback address: Make sure that the client on the LAN can
ping the loopback address (127.0.0.1). If it cannot, the TCP/IP
protocol is probably not installed correctly. To fix this problem on
the client, remove the TCP/IP protocol, restart, and re-install the
TCP/IP protocol. After you can ping 127.0.0.1, continue.
b. Ping your own address: From the client on the LAN, try to ping the
LAN client's own IP address. If you cannot ping your own IP address,
the TCP/IP protocol is probably not configured or installed
correctly. The first item to check is the TCP/IP protocol binding to
your network adapter; make sure it is not disabled. To verify this,
go to the Network Control Panel, click the Bindings page, and show
bindings for all protocols. If the binding for TCP/IP to your
network adapter is not enabled, enable it and restart your computer
when prompted. If the binding is enabled, the TCP/IP protocol may
not be installed correctly. If this is the case, remove the TCP/IP
protocol, restart, and re-install the protocol.
c. Ping another computer: After the client on the LAN can ping the
loopback address and its own IP address, attempt to ping the IP
address of the LAN adapter on the computer running Windows NT. If
this fails, attempt to ping the IP address of another computer on
your LAN that is also running TCP/IP. If you cannot ping anything on
your LAN, check the following items:
- Physical connection: Make sure your network adapter is plugged
into the hub. Many network adapters have activity lights on them that light up when the network adapter driver loads. If you have lights on your network adapter, and they do not light up when the driver for the adapter loads, the cabling from the computer to the hub, or the adapter itself, may be malfunctioning. Usually (but not always) if a driver loads, and there is a resource conflict with another adapter, or the adapter is malfunctioning, an error message will be displayed. - Hardware problem/conflict: The settings on the network adapter (IRQ, I/O address, memory, and so on) may be conflicting with some other device installed in your computer. If you have a diagnostic disk for your network adapter, run it and make sure there are no problems reported. If possible, swap adapters with one that is known to work correctly in another computer, or take the suspect one to another computer and test it there. - Misconfigured TCP/IP settings: If the TCP/IP settings are incorrect on the client, it may not be able to ping anything on its subnet. Make sure the subnet mask is the same as the other computers running TCP/IP, and make sure the IP address is in the same subnet as the other computers running TCP/IP. Also, make sure that the clients on the LAN have their default gateway IP address configured as the IP address of the LAN adapter on the Windows NT RAS client. - Try another protocol: If you still cannot get one of the clients on the LAN to ping any IP address but its own, or if it cannot ping itself, try installing another protocol (such as IPX or NetBEUI) on two of the computers on the LAN, and test communications between the two computers. Note that ping is a TCP/IP utility and does not work with other protocols. To test communications with NetBEUI or IPX, you can use the "net" commands. For more information on the Net.exe commands, type "net /?" from a command prompt. If the computer on the LAN still cannot ping the IP address of the network adapter in the Windows NT computer, attempt to ping another computer on the LAN from the client. If that one client still cannot ping any another computers on the LAN, but other computers can ping each other (and the computer running Windows NT), there is possibly a hardware problem/conflict on the LAN client. At this point, it is usually necessary to swap hardware and/or network connections (cables) to isolate the problem. If the client is Windows for Workgroups (or Windows 95), see the following article in the Microsoft Knowledge Base: ARTICLE-ID: Q104322 TITLE : How to Troubleshoot WFWG Network Connection Problems d. Is Windows NT routing enabled? If none of the clients on the LAN can ping the PPP server that the Windows NT RAS client is dialed into, check to make sure IP routing is enabled on the computer running Windows NT. To see how to do this, see the instructions, in step 4 above in the "Step-by-step Configuration" section, on configuring Windows NT-to-Internet routing. - If you are still having difficulties, you can contact the Microsoft Consulting Line at (800) 936-5200.
Windows NT 4.0 to Windows NT 4.0 IP RAS Routing
Windows NT RAS routing can be configured between two computers running Windows NT 4.0 (RAS client and server). This enables computers on both LANs (that the RAS computers are attached to) to communicate with each other. Note that Windows NT-to-Windows NT routing was successfully tested in the Microsoft Product Support Services lab with only one subnet on each side of the RAS link. This configuration has not been stress tested.
Configurations with more than one subnet on either side of the RAS link may be possible, but the configuration becomes increasingly complex (and has not been tested) because Windows NT 3.5x and 4.0 have no support for routing protocols such as RIP or OSPF over RAS connections. For this reason, Microsoft Technical Support only supports connectivity between the two LANs (that the RAS client and server are attached to).
NOTE: The above statement does NOT apply to Routing and Remote Access for Windows NT 4.0, which does provide RIP I and II and OSPF support over RAS connections. For more information on Routing and Remote Access for Windows NT 4.0, see the information at the following Web location:
http://www.microsoft.com/ntserver/commserv/exec/feature/routing.asp
Diagram of Windows NT-to-Windows NT RAS Routing (with Two Subnets Only):
The following diagram is an example of Windows NT-to-Windows NT RAS routing:
RAS Adapter |------------| |------------| RAS Adapter
IP Address: | RAS Client |--RAS Link--| RAS Server | IP Address:
bbb.88.89.2 | A | | B | bbb.88.89.1
|------------| |------------|
LAN Adapter | | LAN Adapter
IP Address: | | IP Address:
aaa.180.90.2 | | bbb.8.0.1
Default Gateway: | | Default Gateway:
aaa.180.90.2 | | bbb.8.0.1
| |
| |
| |
| |
IP Address: |------------| |------------| IP Address:
aaa.180.90.1 | LAN Client | | LAN Client | bbb.8.0.2
Default Gateway:| A | | B | Default Gateway:
aaa.180.90.2 |------------| |------------| bbb.8.0.1
NOTE: The aaa and bbb in the IP addresses represent the three decimal
digits of the first part of a regular four-part Class B or Class C IP
address. They are used to protect you from using an actual IP network
address that is in use on the Internet or in your company. Be sure to
replace all IP addresses in this example with your own addresses.
Note the following guidelines for the above example:
- A total of three subnets are used in this configuration: one for the
LAN adapters in computers on Network A; one for the LAN adapters in
computers on Network B; and one for the RAS adapters on the Windows
NT RAS client and RAS server.
- The RAS connection between the computers running Windows NT uses
TCP/IP on a PPP connection.
- The RAS client has selected the Use Default Gateway on Remote
Network check box.
- On both the RAS client and server, the DisableOtherSrcPackets
registry entry is set to 0, and the IpEnableRouter Registry entry is
set to 1. On both LANs, the clients set their default gateway to the
IP address of the LAN Adapter in their RAS computer.
- A route is added to the RAS server (Server B in the above diagram)
that forwards packets for LAN A to the modem on the RAS Client.
Configuring Windows NT-to-Windows NT RAS Routing:
When configuring Windows NT-to-Windows NT RAS routing, it is important to specify one of the computers running Windows NT as the RAS client and one as the RAS server. The settings for each are slightly different.
To configure Windows NT-to-Windows NT routing over RAS between two single subnets, perform the following steps:
Configure the RAS server with a unique subnet of two IP addresses for assignment to RAS clients.
a. On the RAS server, open the Network Control Panel.
b. Select the Remote Access Service properties.
c. Click Network.
d. In the Server Settings, click Configure for TCP/IP.
e. Click the Entire Network button.
f. Click the Use Static Address Pool radio button.
g. Enter an IP subnet address in the Begin and End text boxes.
NOTE: These two addresses must be consecutive. They must not belong
to the same subnet of the local LAN, or the RAS client's LAN. For
example, bbb.88.89.1 through bbb.89.88.2 are valid addresses for the
lab setup above.
The first address of this static pool will belong to the modem on
the RAS server. The other address in this range will be used by the
RAS client that dials in to the RAS Server.
Also, the RAS Server will have another IP address, which is used for
the LAN adapter configured in the Network Control Panel.
h. Select the box for Allow clients to request a predetermined IP
address.
i. Click OK and then restart when prompted. Configure the Windows NT RAS client to use TCP/IP, request a specific IP address, and use the server's default gateway. This assumes you already have an entry in the Dial-Up Networking application. If you do not, create a new entry for the Windows NT RAS server at this time.
To create this entry, perform the following steps:
a. Open Dial-Up Networking. Click More, and then click Edit Entry and
Modem Properties.
b. Click the Server tab.
c. For Dial-Up server type, click PPP: Windows NT, Windows 95 Plus,
Internet.
d. Click TCP/IP Settings.
e. Click Specify an IP Address and enter the second IP address in the
IP range specified on the RAS server in step 1. In the example
above, that would be bbb.88.89.2.
f. Select the Use Default Gateway On Remote Network box at the bottom.
g. Click OK. On the RAS server and the RAS client, add the value DisableOtherSrcPackets to the following registry path, and then set the value to 0. By default, the header of each packet sent by the RAS computer over the PPP link uses the IP address of the RAS computer as the source. Because the packets that come from LAN clients are not originating from the RAS computer, you must set DisableOtherSrcPackets to 0 so that the packets will be forwarded over the PPP link.
a. Start Registry Editor (Regedt32.exe) and go to the following subkey:
HKEY_LOCAL_MACHINE\
System\CurrentControlSet\Services\RasArp\Parameters
b. From the Edit menu, click Add Value.
c. Enter the following value:
Value name: DisableOtherSrcPackets
Value Type: REG_DWORD
Range: Boolean (0 or 1)
Default: 1 (not in Registry)
d. Exit Registry Editor
On the RAS server and the RAS client, set IpEnableRouter to 1 in the Registry.
a. Start Registry Editor (Regedt32.exe) and go to the following subkey:
HKEY_LOCAL_MACHINE\
SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
b. From the Edit menu, click Add Value.
c. Enter the following value:
Value Name: IpEnableRouter
Data Type: REG_DWORD
Value: 1
d. Exit Registry Editor and restart Windows NT.
- Restart the RAS server for the above registry entries to take effect.
Add the route to the RAS server for the RAS client's IP subnet. The reason we have to do this is so that the IP protocol on the Windows NT RAS server will forward packets destined for the RAS client's network (aaa.180.90.0) to the modem on the RAS client (bbb.88.89.2). The RAS client knows about Subnet A (aaa.180.90.0) automatically during startup because its LAN adapter is on Subnet A and IpEnableRouter is enabled, so we do not need to add a route to the RAS client.
To add the route to the RAS server's routing table, use the following syntax when using the Route command (type "route ?" to see a list of command line parameters):
Route add <Subnet_A_Address> MASK <subnet mask> <RasClientAddress>
The following is an example with a fictitious class C subnet addresses:
Route add aaa.180.90.0 MASK 255.255.255.0 bbb.88.89.2
where aaa and bbb in the IP addresses represent the three decimal digits of the first part of a regular four-part IP address.
NOTE: To make the route persistent, so it does not have to be reentered after rebooting, add the "-p" command line parameter to the above "route add" command. - The local LAN clients of Subnet A must set their default gateway to the Subnet A network card IP address of the Windows NT RAS client.
The local LAN clients of Subnet B must set their default gateway to the Subnet B network card IP address of the Windows NT RAS server.
NOTE: A computer on Subnet A should not call into the RAS server on Subnet B while the Windows NT RAS client on Subnet A is connected to the RAS server on Subnet B. This can be prevented if a Subnet C range of only two IP addresses is specified or only one modem is installed on the server. However, if this situation occurs, you will get unpredictable results. - Dial the RAS server from the RAS client. The RAS server and client should be able to ping each other, and the clients on each LAN should be able to communicate with each other (as well as the RAS client and server). If this is not working, see the next section on Troubleshooting.
Troubleshooting Windows NT-to-Windows NT IP RAS Routing
Isolating a network problem involving routers appears very complicated at first, but when done in a step-by-step process, can actually be fairly easy to isolate. Use the following steps to determine exactly where the problem is occurring.
- Verify that the RAS client can ping the RAS server, and vice-versa. If they cannot, the IP addresses on the RAS server and/or client are probably not configured correctly. Verify that the IP addresses that are used for the RAS connection are not on the same subnet as the RAS client or server's LAN adapters.
After the RAS client and server can ping each other, attempt to ping a client on the RAS server's LAN from the RAS client. If this works, IP routing is configured correctly on the RAS server, and the client on the LAN has its default gateway (and other settings) configured correctly. If the RAS client cannot ping a client on the RAS server's LAN, check the following items:
- IP routing enabled? Check the RAS server's Network Control Panel,
and verify that routing is enabled in the TCP/IP Properties.
- Access Entire Network enabled? In the Remote Access properties (in
the Network Control Panel) on the RAS server, verify that the Entire
Network option is selected for the Allow remote TCP/IP clients to
access: option.
- Default gateway on RAS server? The RAS server should not have a
default gateway defined. If it does have a default gateway defined,
it is connected to another LAN, which is not supported. In this
case, a "route add" command must be run on the RAS server to define
the path for the RAS client's subnet. Use the "ipconfig /all"
command to see if a default gateway is defined on the RAS server.
- Default gateway on client? The client on the RAS server's LAN should
have its default gateway configured as the IP address of the network
adapter on the RAS Server. If it does not, the client on the RAS
server's LAN will not know where to send packets destined for a
remote network.
- IP address correct? Make sure that the RAS client's IP address (for
the dial-in connection) is on a different subnet than the RAS
server's LAN adapter.After the RAS client can ping a client on the RAS aerver's LAN, attempt to ping the RAS server from a client on the RAS client's LAN. If the client on the RAS client's LAN cannot ping the RAS server, check the following items:
- First, check all the items listed above in step 2.
- Default gateway on client? Next, ensure that the client on the RAS
client's LAN has its default gateway configured for the IP address
of the RAS client's network adapter.
- Default gateway on RAS client? Ensure that the RAS client does not
have a default gateway defined. If it does have a default gateway
defined, it is connected to an another LAN, which is not supported.
In this case, a "route add" command must be run on the RAS client to
define the path for the RAS server's subnet. Use the "ipconfig /all"
command to see if a default gateway is defined on the RAS client.After the client on the RAS client's LAN can ping the RAS server, attempt to ping a client on the RAS server's LAN from a client on the RAS client's LAN. If the client on the RAS client's LAN cannot ping a client on the RAS server's LAN, check the following items:
- Check all items in steps 2 and 3 above.
- Add route on RAS server? Ensure that the route for the RAS client's
LAN has been added to the RAS server. If it has not, the RAS server
will not know where to send packets that are destined for the RAS
client's subnet.- After the client on the RAS client's LAN can ping a client on the RAS server's LAN, the clients on the RAS server's LAN should also be able to ping the RAS client, and clients on the RAS client's LAN. If not, check all items in steps 2 through 4 above.
- If you are still having difficulties, you can contact the Microsoft Consulting Line at (800) 936-5200.
|
