to add network address translation
to open routing and remote access.
In the console tree, click General.
Location
Routing and Remote Access
Server Name
IP Routing
General
Right-click "General" and then click "Add Routing Protocol".
In the Select Routing Protocol dialog box, click NAT/Basic Firewall, and then click OK.
Note:
To perform this procedure, you must be a member of the Administrators group. As a security best practice, consider using the runas command instead of logging in with administrative credentials. If you are already logged in with administrative credentials, you can also open Routing and Remote Access by clicking Start and Control Panel, double-clicking Administrative Tools, and then double-click Routing and Remote Access.
Add and configure interfaces for network address translation
Open Routing and Remote Access.
In the console tree, click NAT/Basic Firewall.
position
Routing and Remote Access Server Name
IP routing
NAT /Basic Firewall
right-click "NAT /Basic Firewall" and then click "New Add interface."
In Interface, click the interface you want to add, and then click OK.
Do one of the following:
If the interface is connected to the Internet, on the NAT/Basic Firewall tab, click Public Interface to Connect to the Internet and check Enable NAT on this interface. Check box. If you want to protect the public interface with a dynamic packet filter, select the Enable basic firewall on this interface check box.
If the interface is connected to a small office or home network, on the NAT/Basic Firewall tab, click Dedicated Interface to Private Network.
Note
To perform this procedure, you must be a member of the Administrators group. As a security best practice, consider using the runas command instead of logging in with administrative credentials. If you are already logged in with administrative credentials, you can also open Routing and Remote Access by clicking Start and Control Panel, double-clicking Administrative Tools, and then double-click Routing and Remote Access.
Click "Basic Firewall Only" to enable only the basic firewall of the public interface without enabling NAT.
For dial-up connections to the Internet, select the demand-dial interface that is configured to connect to your Internet Service Provider (ISP).
For a permanent connection to the Internet, choose a permanent interface to your ISP.
Enable Network Address Translation Addressing
Open Routing and Remote Access.
In the console tree, click NAT/Basic Firewall.
position
Routing and Remote Access Server Name
IP routing
NAT /Basic Firewall
right-click "NAT /Basic Firewall" and then click "Properties ".
On the Address Assignment tab, select the Automatically assign IP addresses using DHCP allocator check box.
(Optional) To assign a DHCP client on a private network, configure the range of IP addresses in IP Address and Mask.
(Optional) To exclude addresses that are not assigned to DHCP clients on the private network, click Exclude, click Add, and then configure the address.
Note
To perform this procedure, you must be a member of the Administrators group. As a security best practice, consider using the runas command instead of logging in with administrative credentials. If you are already logged in with administrative credentials, you can also open Routing and Remote Access by clicking Start and Control Panel, double-clicking Administrative Tools, and then double-click Routing and Remote Access.
Enable Network Address Translation Name Resolution
Open Routing and Remote Access.
In the console tree, click NAT/Basic Firewall.
position
Routing and Remote Access Server Name
IP routing
NAT /Basic Firewall
right-click "NAT /Basic Firewall" and then click "Properties ".
To perform host name resolution for the DNS server, select the "Use Domain Name System (DNS) Clients" checkbox on the "Name Resolution" tab.
If you want the connection to the Internet to be initiated when the host on the private network sends a DNS name query to the Network Address Translation (NAT) computer, select the Connect to public network when the name needs to be resolved check box. Then click the name of the appropriate demand-dial interface in the Demand-Dial Interface.
Note
To perform this procedure, you must be a member of the Administrators group. As a security best practice, consider using the runas command instead of logging in with administrative credentials. If you are already logged in with administrative credentials, you can also open Routing and Remote Access by clicking Start and Control Panel, double-clicking Administrative Tools, and then double-click Routing and Remote Access.
Configure Interface IP Address Range
Open Routing and Remote Access.
In the console tree, click NAT/Basic Firewall.
position
Routing and Remote Access Server Name
IP routing interfaces
NAT /Basic Firewall
In the details pane, right-click to configure, Then click on "Properties".
On the Address Pools tab, click Add and do one of the following:
If you use a range of IP addresses in IP address and subnet mask, then at the Start Address Type the starting IP address and type the subnet mask in Mask.
If you use a range of IP addresses that cannot be represented by an IP address and subnet mask, type the starting IP address in Start Address and type the ending IP address in End Address.
Note
To perform this procedure, you must be a member of the Administrators group. As a security best practice, consider using the runas command instead of logging in with administrative credentials. If you are already logged in with administrative credentials, you can also open Routing and Remote Access by clicking Start and Control Panel, double-clicking Administrative Tools, and then double-click Routing and Remote Access.
If you have multiple address ranges, you can add each address separately using Add.
Configure basic firewall
Open Routing and remote access.
In the console tree, click NAT/Basic Firewall.
position
Routing and Remote Access server name
IP routing interfaces
NAT /Basic Firewall
In the details pane, right-click to configure, Then click on "Properties".
On the NAT/Basic Firewall tab, do one of the following:
Click Public Interface to Connect to the Internet, and then select the Enable basic firewall on this interface check box.
Click "Basic Firewall Only".
Note
To perform this procedure, you must be a member of the Administrators group. As a security best practice, consider using the runas command instead of logging in with administrative credentials. If you are already logged in with administrative credentials, you can also open Routing and Remote Access by clicking Start and Control Panel, double-clicking Administrative Tools, and then double-click Routing and Remote Access.
Allows or blocks certain types of network traffic from reaching the network by configuring other static packet filters. You can also accept or reject certain types of Internet Control Message Protocol (ICMP) messages, communications required for a particular service, or traffic that is delivered through a specific port.
Configure services and ports
Open Routing and Remote Access.
In the console tree, click NAT/Basic Firewall.
position
Routing and Remote Access Server Name
IP routing interfaces
NAT /Basic Firewall
In the details pane, right-click to configure, Then click on "Properties".
On the Services & Ports tab, do one of the following:
If the interface is associated with a public network service, look at the list in Services, select the service and view the displayed settings, then single Click "OK".
If the interface is not associated with a public network service, or if the service is not listed in the Service, click Add to provide the service name and the required settings for the incoming and outgoing ports, then click determine".
If you want to disable ports associated with public network services, look at the list in Services and clear the corresponding check boxes.
If you want to disable previously added ports, look at the list in Services and clear the check boxes corresponding to the services you added.
If you want to delete a previously added port, look at the list in Services, select the added service, and click Remove.
Note
To perform this procedure, you must be a member of the Administrators group. As a security best practice, consider using the runas command instead of logging in with administrative credentials. If you are already logged in with administrative credentials, you can also open Routing and Remote Access by clicking Start and Control Panel, double-clicking Administrative Tools, and then double-click Routing and Remote Access.
Allow or deny ICMP messages
Open Routing and Remote Access.
In the console tree, click NAT/Basic Firewall.
position
Routing and Remote Access Server Name
IP routing interfaces
NAT /Basic Firewall
In the details pane, right-click to configure, Then click on "Properties".
In "Allow the following functions", do the following:
To allow certain types of ICMP messages to reach your network, select the corresponding check box.
To prevent certain types of ICMP messages from reaching your network, clear the corresponding checkbox.
Note
To perform this procedure, you must be a member of the Administrators group. As a security best practice, consider using the runas command instead of logging in with administrative credentials. If you are already logged in with administrative credentials, you can also open Routing and Remote Access by clicking Start and Control Panel, double-clicking Administrative Tools, and then double-click Routing and Remote Access.
To display a description of the message type, click the message type. The description will appear under "Description".
Enable ICMP Router Discovery
Open Routing and Remote Access.
In the console tree, click General.
position
Routing and Remote Access Server Name
IP routing
conventional
In the details pane, right-click the interface you want to enable, and then click "Attributes".
On the General tab, select the Enable router discovery notifications check box.
In "Notice Life (Minutes)", enter or select how long it takes for the router to shut down after hearing its last router advertisement.
In "Minimum time (minutes)", enter or select the minimum rate at which the router periodically sends ICMP router advertisements.
In Maximum Time (minutes), enter or select the maximum rate at which the router periodically sends ICMP router advertisements.
Based on the minimum time value and the maximum time value, the router periodically sends ICMP router advertisements between the minimum time and the maximum time.
In "Preferred Level", enter or select the preferred level for setting this router as the default gateway for the host.
Note 1
To perform this procedure, you must be a member of the Administrators group. As a security best practice, consider using the runas command instead of logging in with administrative credentials. If you are already logged in with administrative credentials, you can also open Routing and Remote Access by clicking Start and Control Panel, double-clicking Administrative Tools, and then double-click Routing and Remote Access.