Guidance with NAT on W2K3


G

Guest

I need to bypass my Firewall because it is having problems and setup NAT on a
W2K3 server to act as the Firewall and Router but want to make sure I do it
right. Please let me know if my assumptions are correct.

1. I should not setup NAT on any DC.
2. I have been assigned 15 Public addresses from my ISP, 216.66.77.0-15
3. Two nics in the RRAS/NAT server. NIC connected to the Internet (T-1) gets
IP address of 216.66.77.0 or do I assign 216.66.77.1 from my ISP with a mask
of 255.255.55.240. I believe that is the correct mask given my 15 addresses -
if not, please correct me. What is the Default Gateway for that NIC?

Second NIC connects to the Private network with an IP address of 192.168.0.0
or do I use 192.168.0.1 with a mask of 255.255.255.0 and no gateway address
assigned.
4. From what I have read, do not use the DHCP locator within NAT. All of my
clients will have static addresses assigned with a gateway address of the
Private servers IP address.

I have AD installed with 2 internal DNS servers with forwarding to my ISP's
DNS servers. All clients/servers point to the internal DNS. Are there any
other configurations that I need to be aware of?

Thanks in advance for any help.
Bill
 
Ad

Advertisements

R

Robert L [MS-MVP]

Yes, it is not recommended to enable NAT on a DC. If you do, you may have name resolution and/or connectivity issue.

If you have two internal DNS servers, make sure primary DNS and 2nd DNS servers point to each other as primary and themselves as secondary if both DNS servers are in the LAN.

these links may help,

Name resolution on VPN Connection issues on DC, ISA, DNS and WINS server as VPN server How to assign DNS and WINS on VPN client manually Name resolution Issue in a VPN client ...
www.chicagotech.net/nameresolutionpnvpn.htm

Troubleshooting DNS Make sure primary DNS and 2nd DNS servers point to each other as primary and themselves as secondary if both DNS servers are in the LAN. ...
www.chicagotech.net/dnstroubleshooting.htm



Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
I need to bypass my Firewall because it is having problems and setup NAT on a
W2K3 server to act as the Firewall and Router but want to make sure I do it
right. Please let me know if my assumptions are correct.

1. I should not setup NAT on any DC.
2. I have been assigned 15 Public addresses from my ISP, 216.66.77.0-15
3. Two nics in the RRAS/NAT server. NIC connected to the Internet (T-1) gets
IP address of 216.66.77.0 or do I assign 216.66.77.1 from my ISP with a mask
of 255.255.55.240. I believe that is the correct mask given my 15 addresses -
if not, please correct me. What is the Default Gateway for that NIC?

Second NIC connects to the Private network with an IP address of 192.168.0.0
or do I use 192.168.0.1 with a mask of 255.255.255.0 and no gateway address
assigned.
4. From what I have read, do not use the DHCP locator within NAT. All of my
clients will have static addresses assigned with a gateway address of the
Private servers IP address.

I have AD installed with 2 internal DNS servers with forwarding to my ISP's
DNS servers. All clients/servers point to the internal DNS. Are there any
other configurations that I need to be aware of?

Thanks in advance for any help.
Bill
 
G

Guest

Thanks for the input and the links Robert,

I really don't have any issues with my DNS setup, I was more concerned with
the details of setting up NAT and the settings of both NICS. I'm a little
fuzzy as to where to "plug in" the correct IP addresses for the NICS. I have
read all the articles related to NAT but am unsure about the DG and subnet
mask settings for both NICS. Can you still provide some feedback given the IP
addresses I provided in my first post? Also, I do not plan on using the DHCP
locator service within NAT, as all my clients will have static mappings.

Thx again,
Bill
 
Ad

Advertisements

R

Robert L [MS-MVP]

you should use 216.66.77.1 and 192.168.0.1 (no 0 at end).

Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
Thanks for the input and the links Robert,

I really don't have any issues with my DNS setup, I was more concerned with
the details of setting up NAT and the settings of both NICS. I'm a little
fuzzy as to where to "plug in" the correct IP addresses for the NICS. I have
read all the articles related to NAT but am unsure about the DG and subnet
mask settings for both NICS. Can you still provide some feedback given the IP
addresses I provided in my first post? Also, I do not plan on using the DHCP
locator service within NAT, as all my clients will have static mappings.

Thx again,
Bill
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top