This test network needs to be installed on a secondary network with an Internet connection. In this network, we will install Windows Server 2008 on an unused computer, which will have two network interface cards (NICs). It will then install the Routing and Remote Access Service service, and use this computer as a router between the test network and the working network.
Figure 1: Network organization model using RRAS as a router that connects two secondary networks.
Basically, we can follow two methods. First, configure RRAS as an IP router to relay traffic between two secondary networks. This will allow workstations on the test network to send information to the server on the Internet, however, traffic will not be allowed to be returned to workstations. This is because a packet sent via the DSL router from the Internet will be redirected to a network with 172.16.11.0 Ip address, so this data will not be accessible to the client on the network with IP address 10.0.0.0 . The solution to this problem is to add a static router to the DSL router to directly forward any data to the specified destination. However, we do not have administrative access to the DSL router because this router is managed with the Internet service provider, so this method is not feasible.
We can apply the second method of configuring RRAS systems as a router Network Address Translation (NAT). NAT is an IETF standard that provides methods to translate IPv4 addresses of computers on a network to IPv4 addresses of computers on another network. Of course, the DSL router on the working network is also configured as a NAT router, so the result of this method will create cascading NAT or double NAT. Internet connections work stably through two, or even 3-tiered NATs, although some applications may have problems with this type of network topology. For example, Windows Home Server does not support tiered NATs.
Server settings
First, the Windows Server 2008 operating system will be installed on the computer with two network interface cards (NICs), and the IPv4 settings of each NIC are configured as follows:
The NIC connects to the test LAN
- IP address is 10.0.0.1
- Subnet mask is 255.0.0.0
- Default gateway left blank
- DNS servers are empty
- IP address is 172.16.11.220
- Subnet mask is 255.255.255.0
- Default gateway is 172.16.11.1
- DNS servers are the public IP addresses of DNS servers of ISP providers.
Install workstation on test network
Next, the Windows 7 operating system will be installed on the workstations, then the IPv4 installation will be configured as follows:
- IP address is 10.0.0.101 (.102, .103, .)
- Subnet mask is 255.0.0.0
- Default gateway is 10.0.0.1 (Next interface of RRAS system)
- DNS servers are the public IP addresses of the DNS servers of the ISP we are using.
Figure 2: Cannot ping a public IP address from a workstation on the test network.
Meanwhile, we also cannot access the Internet from the workstation.
Figure 3: Web access failed.
Installing and configuring RRAS
To enable workstations on the test network to access the Internet, we need to install RRAS on the server, then configure the server as a NAT router. To install the RRAS feature, launch Add Roles Wizard from Server Manager or OOBE.exe and add the Network Policy and Access Services role (Figure 4).
Figure 4: Select the Network Policy and Access Services role.
On the next page of this Wizard, select Routing and Remote Access Services to install two functional services, including Remote Access Service and Routing .
Figure 5: Select Routing and Remote Access Services.
When you have completed the steps on this Wizard, open the Routing and Remote Access console from Administrative Tools , right-click the additional server and select the Configure and Enable Routing and Remote Access to launch the Routing and Remote Access Server Setup Wizard . Then select the Network Address Translation (NAT) option on this Wizard's Configuration page and click Next .
Figure 6: RRAS configuration.
Next, on the NAT Internet Connection page, we will select the network interface on the working LAN that is the public interface of the NAT router.
Figure 7: Selecting the network interface on the working LAN.
The next page will ask us if the NAT router is required to provide DNS and DHCP services to the computers on the test network (this network is connected to the private interface of the NAT router). Since all workstations are assigned a static IP address, we will not actually perform this task by selecting the option I will set up name and address services later .
Figure 8: Select option I will set up name and address services later on the page
Name and Address Translation Wizard.
Name and Address Translation Wizard.
After completing the above steps, the RRAS service will launch, and this service is configured for both IPv4 Routing and NAT. To confirm this information, right-click the local server in RRAS Console and select Properties . The General tab shows that IPv4 Routing is enabled, meaning that IPv4 packets can be forwarded from one NIC to another.
Figure 9: Properties dialog of the local server.
When selecting the NAT node in the RRAS Console we will see the network interfaces created when the NAT is configured on the server using the Routing and Remote Access Server Setup Wizard . Figure 10 shows the properties of Local Area Connection , in this case the network connection to the test network (10.0.0.0). Note that NAT will treat this network as a private network, which is the network behind the NAT router.
Figure 10: Properties dialog of Local Area Connection.
Figure 11 shows the properties of Local Area Connection 2 , in this case the working network (172.16.11.0). Note that NAT considers this network a public network, which is the front end of the NAT router.
Figure 11: Properties dialog of Local Area Connection 2.
Intranet communication is also added to configuring NAT as a private interface.
Testing NAT
So far, NAT has been configured with IP Routing, if we try to ping the DSL router from a test network workstation, or track it from one workstation to another on the Internet, these processes will work.
Figure 12: Network connection is verified between the test network and the Internet.
In addition, we can also browse the Web from a workstation on the test network.
Figure 13: Computers behind the NAT router can browse the Web.
We can control NAT operation with RRAS Console. To do this, open the RRAS Console and select the NAT node, and check the network data of Local Area Connection 2 (NAT communication to the Internet or to the public network) as shown in Figure 14.
Figure 14: Check the NAT operation.
Finally, clicking on this interface selects Show Mappings, we can open a new window showing detailed information about what the NAT router is doing (Figure 15).
Figure 15: Details about NAT operation.
Conclude
By taking advantage of RRAS's Network Address Translation and IP Routing feature in Windows Server 2008, we can set up a secondary test network on the main network and ensure that all computers on the secondary network This level can connect to the Internet.