Scribd
Upload
14 views

Network Address Translation (NAT)

The document discusses Network Address Translation (NAT) and how to configure it on a Windows Server 2016 machine to provide internet access to multiple subnets. It describes setting up the Remote Access role, configuring NAT for two interfaces to service two subnets, and testing connectivity between the subnets and internet access.

Uploaded by

viruss gaming
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
14 views

Network Address Translation (NAT)

The document discusses Network Address Translation (NAT) and how to configure it on a Windows Server 2016 machine to provide internet access to multiple subnets. It describes setting up the Remote Access role, configuring NAT for two interfaces to service two subnets, and testing connectivity between the subnets and internet access.

Uploaded by

viruss gaming
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 14

6.

Network Address Translation (NAT)

Chapter

6 Network Address Translation (NAT)

• Understanding Network Address translator


 Understanding DHCP Allocator
• Understanding Address and Port Translator Understanding NAT
• Configuring Address Pool on NAT Server

Network Address Translation (NAT)


NAT is a mechanism that allows the same sets of IP addresses to be reused in different parts
of the Internet. With NAT as a common use, all incoming and outgoing traffic passes through
a single NAT device that partitions the inside (private) address realm from the global Internet
address realm, all the internal systems can be provided Internet connectivity as clients using
locally assigned, private IP addresses.
NAT is popular because:
 It reduces the need for globally routable Internet addresses
 It offers some degree of natural firewall capability and requires little configuration.

Traditional NAT includes both:

Basic NAT. It performs rewriting of IP addresses only: a private address is rewritten to


be a public address, often from a pool or range of public addresses supplied. This type
of NAT is not the most popular because it does not help to dramatically reduce the
need for (globally routable) IP addresses.
Network Address Port Translation (NAPT), also known as IP masquerading. It uses transport-
layer identifiers (i.e., ports for TCP and UDP, query identifiers for ICMP) to differentiate which
host on the private side of the NAT is associated with a particular packet. This allows a large

Jayendra Goswami
6. Network Address Translation (NAT)

number of internal hosts to access the Internet simultaneously using a limited number of
public addresses, often only a single one.

Setup Requirements for Network Address Translation (NAT) in Windows Server 2016
A Domain Controller
An AD member server with Routing, DirectAccess and VPN (RAS) Role Services installed
The RRAS server require two interfaces: One interface connected to the internet (Will be used
as the NAT interface)
Another interface adapter connected to the internal network (Will share the NAT internet)

In this article I’m setting up a 3 way router with Windows Server 2016, which will be
performing LAN routing between two subnets and NAT for both subnets. This setup will
replace the gateway I had in my Hyper-V virtual lab. So, basically, I needed to add a new
subnet to my virtual lab (10.0.0.32/27) and I needed both subnets to communicate and both
to have internet access. I could have done this by adding a router between both subnets, but
for that I would need to add a new virtual machine, which would be consuming additional
resources from my Hyper-V server. This way, I’ll have a solution that will grow with the virtual
lab. In case I need to add a new subnet to the lab, I just have to add a new interface to the
router and all subnets will be automatically routed between each other. Perfect!

My virtual lab
Please note that this is my virtual lab configuration. You will have to configure the router to
match your own network config, but, if you are reading this, I assume you already know that.
Also, DNS servers are not in place here. After configuring the router, your client PCs will need
to have a DNS server configured – usually your internet router – so that they will be able to
browse the internet. Again, if you are reading this article I assume you have a basic
understanding how these things work.

Jayendra Goswami
6. Network Address Translation (NAT)

Adding the Remote Access role


 Open “Server Manager”. Click on the start button and find “Server Manager”.
 Click on “Add roles and features”.

 Click “Next” until you reach the “Select server roles” window. Check the “Remote
Access” box and click “Next”.

Jayendra Goswami
6. Network Address Translation (NAT)

NOTE: If you get the message below when adding the “Remote Access” role, just press
the “Previous” button and “Next” again, and try again adding the role. This should make
that message go away.

 Click “Next” until you reach the “Select role services” window.
 Select “Routing”

Jayendra Goswami
6. Network Address Translation (NAT)

 Click on “Add Features”

 Note that “DirectAccess and VPN (RAS)” are selected by default. No need to make
any changes. Press “Next”.

Jayendra Goswami
6. Network Address Translation (NAT)

 Click on “Install” on the “Confirmation” window and wait for the role to be installed.

Configuring the Remote Access Role


 Press the “Start” button and find the “Routing and Remote Access” console. Open it.

Jayendra Goswami
6. Network Address Translation (NAT)

 Right-click on the (local) server and select “Configure and Enable Routing and
Remote Access”

 Press “Next” at the welcome window of the “Routing and Remote Access Server
Setup Wizard”.
 On the “Configuration” window, select “Network address translation (NAT)” and
press “Next”.

Jayendra Goswami
6. Network Address Translation (NAT)

 Select the public interface that you are using to connect to the internet. Press
“Next”.
 Select the interface that will have access to internet. Select the first interface and
press “Next”. We’ll deal with the second interface later.

 Click on “Finish” to close the setup wizard. If a pop-up window comes up warning
about firewall ports for VPN connections, you can safely ignore this warning as we are not

Jayendra Goswami
6. Network Address Translation (NAT)

setting up any VPN access. Just press “OK” and wait for the “Routing and Remote” access
service to start.

Adding the second NAT interface


So, during the Routing and Remote Access setup wizard, we’ve configured NAT for one of
the subnets, but if we want (and we do!) to provide internet access to another subnet, we
must configure NAT for the second (n) interface.
 On the “Routing and Remote Access” console, under IPv4, right-click “NAT” and
select “New Interface…”

Jayendra Goswami
6. Network Address Translation (NAT)

 Select the interface for the second subnet and press “OK”.

 Select “Private interface connected to private network” and click “OK”

Jayendra Goswami
6. Network Address Translation (NAT)

And this ends setting up the server. Now it’s time to test if all is working as it should!

Checking the configuration


In the “Routing and Remote Access” console, under IPv4, right-click “Static Routes” and
choose “Show IP Routing Table…”. A new window, with the known routes to this
computer, will pop-up. Analyzing that window (please always remember that this IP Routing
table is regarding my setup, which is the one described in the diagram on the top of the
page), you will see that we have:
1 – A gateway! All traffic that the router doesn’t know where to direct it, will direct it to the
gateway.
2- Traffic for the network (subnet) 10.0.0.0 with a netmask of 255.255.255.224 (/27) will be
directed to the interface S01, which is the interface connected to that subnet.
3- Traffic for the network 10.0.0.32 with a netmask of 255.255.255.224 will be directed to
the interface S02, which is the interface connected to that subnet.

Testing the LAN Routing and NAT


NOTE: for all to work properly, ideally you should have a DHCP assigning IP addresses on
each subnet and also a DNS server for your client computers to be able to resolve names
and browse the internet.
Having said that, from one of the computer clients connected to S01, you should be able to
ping S02. This is the IP config I have at one of my servers in S01. You’ll see that the gateway
for this subnet is the IP of the router (10.0.0.30).

Jayendra Goswami
6. Network Address Translation (NAT)

If you ping an IP address in the S02 subnet, this should be the result:

And if you try and browse the internet, voilà!

Jayendra Goswami
6. Network Address Translation (NAT)

And the same goes from a computer on subnet S02:

Jayendra Goswami
6. Network Address Translation (NAT)

If you run into any issues, ie, not pinging from one subnet to the other, disable the router
firewall and try again. That should do it. Or, instead of disabling the firewall completely, add
– or enable – rules to allow traffic between both subnets. In my case, I disabled the firewall
completely because this is a lab environment, with no direct connection to the internet.

Jayendra Goswami

You might also like