RRAS/NAT connected stations can't access websites

Recently it became necessary to setup RRAS on Windows Server 2003 R2 to
perform NAT for a small network that is being used as a testing environment.
The network had an existing domain controller that holds the roles for
DHCP/DNS and Directory services. The RRAS server has just two network
connections (WAN, LAN) and there it connects directly to the outside world.

The WAN NIC is set to:
Public interface connected to the Internet
Enable NAT on this interface

There are no Inbound or Outbound Filters on the connection.

Computers inside the network can ping the LAN Adapter successfully and using
NSLookup from computers behind the NAT it is possible to resolve DNS Names
to IP Addresses. What doesn't work is when a client tries to connect to a
website using a browser all of the clients recieve an error that they cannot
display the page.

Has anyone seen a document that explains setting up a simple NAT router
using Windows Server 2003 R2?

Thanks.

If you are running a domain, all machines must use the local DNS server.

To resolve foreign URLs as well as local names, set this DNS to forward
to a public DNS server or to the DNS server on the corporate LAN.

With a domain you cannot use the default setting in NAT which is to let
the NAT router act as a DNS proxy. You still use the NAT router as your
default gateway but use the local server for DNS because it is necessary for
Active Directory.


"Thorin" <(E-Mail Removed)> wrote in message
news:BE5FB8CD-0A16-475C-90CB-(E-Mail Removed)...
> Recently it became necessary to setup RRAS on Windows Server 2003 R2 to
> perform NAT for a small network that is being used as a testing
> environment. The network had an existing domain controller that holds the
> roles for DHCP/DNS and Directory services. The RRAS server has just two
> network connections (WAN, LAN) and there it connects directly to the
> outside world.
>
> The WAN NIC is set to:
> Public interface connected to the Internet
> Enable NAT on this interface
>
> There are no Inbound or Outbound Filters on the connection.
>
> Computers inside the network can ping the LAN Adapter successfully and
> using NSLookup from computers behind the NAT it is possible to resolve DNS
> Names to IP Addresses. What doesn't work is when a client tries to connect
> to a website using a browser all of the clients recieve an error that they
> cannot display the page.
>
> Has anyone seen a document that explains setting up a simple NAT router
> using Windows Server 2003 R2?
>
> Thanks.

Hello,

Thank you for your post.

There are many reasons which might cause the current issue.
To narrow down the issue, please help answer the following questions first.

1. To ensure that the connection to the internet works well, please check
whether the web page could be opened on RRAS server.

2. To ensure there aren't any route related issues, please check whether
you could ping any public IP addresses from your client PC. You could use
the external DNS Server IP address provided by ISP to do the test.

3. As you have mentioned that " Computers inside the network can ping the
LAN Adapter successfully and using NSLookup from computers behind the NAT
it is possible to resolve DNS Names to IP Addresses." Have you tried to
resolve the external web site's name to IP address? Can this be resolved
correctly?

4. How did you configure your client PCs' DNS server settings?
Did you point to the DNS server in your LAN?

More informations:
================
The following information is for your reference:

Troubleshooting NAT
http://www.microsoft.com/technet/pro...eskit/intwork/
inae_ips_xsxh.mspx?mfr=true

The above article also apply to Windows Server 2003.

Deploying Dial-up and VPN Remote Access Servers
http://technet2.microsoft.com/window...e-0f08-45bc-84
87-3b618bc8ad621033.mspx?mfr=true

I look forward to hearing from you soon.

Sincerely,
Neo Zhu,
Microsoft Online Support
Microsoft Global Technical Support Center

Get Secure! - www.microsoft.com/security
================================================== ===
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
================================================== ===
This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
| From: "Thorin" <(E-Mail Removed)>
| Subject: RRAS/NAT connected stations can't access websites
| Date: Sun, 1 Jun 2008 22:15:14 -0700
| Lines: 23
| Message-ID: <BE5FB8CD-0A16-475C-90CB-(E-Mail Removed)>
| MIME-Version: 1.0
| Content-Type: text/plain;
| format=flowed;
| charset="iso-8859-1";
| reply-type=original
| Content-Transfer-Encoding: 7bit
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Windows Mail 6.0.6001.18000
| X-MimeOLE: Produced By Microsoft MimeOLE V6.0.6001.18000
| X-MS-CommunityGroup-MessageCategory:
{E4FCE0A9-75B4-4168-BFF9-16C22D8747EC}
| X-MS-CommunityGroup-PostID: {BE5FB8CD-0A16-475C-90CB-28AD916F5CAC}
| Newsgroups: microsoft.public.windows.server.networking
| Path: TK2MSFTNGHUB02.phx.gbl
| Xref: TK2MSFTNGHUB02.phx.gbl
microsoft.public.windows.server.networking:12958
| NNTP-Posting-Host: TK2MSFTNGHUB02.phx.gbl 127.0.0.1
| X-Tomcat-NG: microsoft.public.windows.server.networking
|
| Recently it became necessary to setup RRAS on Windows Server 2003 R2 to
| perform NAT for a small network that is being used as a testing
environment.
| The network had an existing domain controller that holds the roles for
| DHCP/DNS and Directory services. The RRAS server has just two network
| connections (WAN, LAN) and there it connects directly to the outside
world.
|
| The WAN NIC is set to:
| Public interface connected to the Internet
| Enable NAT on this interface
|
| There are no Inbound or Outbound Filters on the connection.
|
| Computers inside the network can ping the LAN Adapter successfully and
using
| NSLookup from computers behind the NAT it is possible to resolve DNS
Names
| to IP Addresses. What doesn't work is when a client tries to connect to a
| website using a browser all of the clients recieve an error that they
cannot
| display the page.
|
| Has anyone seen a document that explains setting up a simple NAT router
| using Windows Server 2003 R2?
|
| Thanks.
|
|

Hi Jian-Ping

Thanks for getting back to me so quickly.

To answer your questions:

> 1. To ensure that the connection to the internet works well, please check
> whether the web page could be opened on RRAS server.

The RRAS Server is able to connect to the Internet when it is in a
stand-alone situation and not part of a domain.

> 2. To ensure there aren't any route related issues, please check whether
> you could ping any public IP addresses from your client PC. You could use
> the external DNS Server IP address provided by ISP to do the test.

Before enabling NAT network access is fine and DNS resolution through
NSLOOKUP and a web browser both function correctly. After enabling NAT it is
still possible to use NSLOOKUP from all client computers and the RRAS
Server, and it finds the ISP DNS Server. Names resolve to IP addresses
correctly but no machine on the network is able to ping or browse the web.
IP Addresses garnered from NSLOOKUP return "Destination Unreachable" when
trying to PING them.


> 3. As you have mentioned that " Computers inside the network can ping the
> LAN Adapter successfully and using NSLookup from computers behind the NAT
> it is possible to resolve DNS Names to IP Addresses." Have you tried to
> resolve the external web site's name to IP address? Can this be resolved
> correctly?

Yes for instance using NSLOOKUP from a client workstation you can resolve a
name to an IP successfully. But the web browser will not return a webpage by
DNS Name or IP Address.

> 4. How did you configure your client PCs' DNS server settings?
> Did you point to the DNS server in your LAN?

Yes, DHCP is being handled by the DC and it assigns itself as the primary
DNS.

> More informations:
> ================
> The following information is for your reference:
>
> Troubleshooting NAT
> http://www.microsoft.com/technet/pro...eskit/intwork/
> inae_ips_xsxh.mspx?mfr=true
>
> The above article also apply to Windows Server 2003.
>
> Deploying Dial-up and VPN Remote Access Servers
> http://technet2.microsoft.com/window...e-0f08-45bc-84
> 87-3b618bc8ad621033.mspx?mfr=true
>
> I look forward to hearing from you soon.
>
> Sincerely,
> Neo Zhu,
> Microsoft Online Support
> Microsoft Global Technical Support Center
>
> Get Secure! - www.microsoft.com/security
> ================================================== ===
> When responding to posts, please "Reply to Group" via your newsreader so
> that others may learn and benefit from your issue.
> ================================================== ===
> This posting is provided "AS IS" with no warranties, and confers no
> rights.
>
> --------------------
> | From: "Thorin" <(E-Mail Removed)>
> | Subject: RRAS/NAT connected stations can't access websites
> | Date: Sun, 1 Jun 2008 22:15:14 -0700
> | Lines: 23
> | Message-ID: <BE5FB8CD-0A16-475C-90CB-(E-Mail Removed)>
> | MIME-Version: 1.0
> | Content-Type: text/plain;
> | format=flowed;
> | charset="iso-8859-1";
> | reply-type=original
> | Content-Transfer-Encoding: 7bit
> | X-Priority: 3
> | X-MSMail-Priority: Normal
> | X-Newsreader: Microsoft Windows Mail 6.0.6001.18000
> | X-MimeOLE: Produced By Microsoft MimeOLE V6.0.6001.18000
> | X-MS-CommunityGroup-MessageCategory:
> {E4FCE0A9-75B4-4168-BFF9-16C22D8747EC}
> | X-MS-CommunityGroup-PostID: {BE5FB8CD-0A16-475C-90CB-28AD916F5CAC}
> | Newsgroups: microsoft.public.windows.server.networking
> | Path: TK2MSFTNGHUB02.phx.gbl
> | Xref: TK2MSFTNGHUB02.phx.gbl
> microsoft.public.windows.server.networking:12958
> | NNTP-Posting-Host: TK2MSFTNGHUB02.phx.gbl 127.0.0.1
> | X-Tomcat-NG: microsoft.public.windows.server.networking
> |
> | Recently it became necessary to setup RRAS on Windows Server 2003 R2 to
> | perform NAT for a small network that is being used as a testing
> environment.
> | The network had an existing domain controller that holds the roles for
> | DHCP/DNS and Directory services. The RRAS server has just two network
> | connections (WAN, LAN) and there it connects directly to the outside
> world.
> |
> | The WAN NIC is set to:
> | Public interface connected to the Internet
> | Enable NAT on this interface
> |
> | There are no Inbound or Outbound Filters on the connection.
> |
> | Computers inside the network can ping the LAN Adapter successfully and
> using
> | NSLookup from computers behind the NAT it is possible to resolve DNS
> Names
> | to IP Addresses. What doesn't work is when a client tries to connect to
> a
> | website using a browser all of the clients recieve an error that they
> cannot
> | display the page.
> |
> | Has anyone seen a document that explains setting up a simple NAT router
> | using Windows Server 2003 R2?
> |
> | Thanks.
> |
> |
>

Hi Bill thanks for the help.

Here is what I know about your suggestions.

> To resolve foreign URLs as well as local names, set this DNS to forward
> to a public DNS server or to the DNS server on the corporate LAN.

The DNS forwarder on the server is set to the ISP's DNS and seems to be
working fine. If I am on the DC and perform an NSLOOKUP of something that I
am pretty sure is not cached I get a "non-authoritative answer" but I do get
the correct IP Addresses that I asked for.

> With a domain you cannot use the default setting in NAT which is to let
> the NAT router act as a DNS proxy. You still use the NAT router as your
> default gateway but use the local server for DNS because it is necessary
> for Active Directory.

I see it sounds to me like you might be on to something here since we
obviously can contact the outside world but can't get certain services to
function. When I configured the NAT through the RRAS console I told it to
not setup
DNS and DHCP since those are being handled by the DC. DHCP sets the default
gateway as the RRAS Server's LAN Adapter, and all of the client workstations
(and the DC) show that address to be their default gateway. Obviously since
this is a domain all of the clients perform DNS Resolution through the
Domain Controller.

The LAN adapter on the RRAS Server can be pinged from any workstation inside
the LAN and all appears to be right with the networking. Are there any
Firewall properties, or caching configurations that would block things like
web access?

Thanks again for the help.


>
> "Thorin" <(E-Mail Removed)> wrote in message
> news:BE5FB8CD-0A16-475C-90CB-(E-Mail Removed)...
>> Recently it became necessary to setup RRAS on Windows Server 2003 R2 to
>> perform NAT for a small network that is being used as a testing
>> environment. The network had an existing domain controller that holds the
>> roles for DHCP/DNS and Directory services. The RRAS server has just two
>> network connections (WAN, LAN) and there it connects directly to the
>> outside world.
>>
>> The WAN NIC is set to:
>> Public interface connected to the Internet
>> Enable NAT on this interface
>>
>> There are no Inbound or Outbound Filters on the connection.
>>
>> Computers inside the network can ping the LAN Adapter successfully and
>> using NSLookup from computers behind the NAT it is possible to resolve
>> DNS Names to IP Addresses. What doesn't work is when a client tries to
>> connect to a website using a browser all of the clients recieve an error
>> that they cannot display the page.
>>
>> Has anyone seen a document that explains setting up a simple NAT router
>> using Windows Server 2003 R2?
>>
>> Thanks.
>

Hello,

I need more information for further investigation.
Please help answer the following questions:

1. I'd like to confirm that you could ping ISP DNS Server IP address from
client machines, is this correct?

2. On client machines, any web sites could not be opened and ping to the
sites' IP address return destination unreachable, is this correct?
Could you please copy and post back the output of the ping command?
Please also give me an example of web site links which could not be opened.

3. I'd like to confirm that this issue occurred on all client machines in
your network, is this correct?
Did you use the same model NIC on all the client machines?
Based on my research, a bad NIC might also cause similar issues, please
check whether your NIC on client machines work well and please update the
NIC driver with the latest one.

4. Please check Inbound or Outbound Filters on both of the internal and WAN
interfaces on RRAS server.

Meanwhile, please also help collect the following information:

Networking Edition MPS_Report log:
=============================
Download the Network Edition of MPS_Report tool from
<http://download.microsoft.com/downlo...e5-a579-30b0bd
915706/MPSRPT_NETWORK.EXE>, run it on the RRAS Server and client machine.
Email me the %COMPUTERNAME%_MPSReports_.CAB file which is under the
%systemroot%\MPSReports\network\bin\cab directory.

My email address is v-(E-Mail Removed)

Thanks for your time and I look forward to hearing from you.

Sincerely,
Neo Zhu,
Microsoft Online Support
Microsoft Global Technical Support Center

Get Secure! - www.microsoft.com/security
================================================== ===
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
================================================== ===
This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
| From: "Thorin" <(E-Mail Removed)>
| References: <BE5FB8CD-0A16-475C-90CB-(E-Mail Removed)>
<(E-Mail Removed)>
| In-Reply-To: <(E-Mail Removed)>
| Subject: Re: RRAS/NAT connected stations can't access websites
| Date: Mon, 2 Jun 2008 10:45:33 -0700
| Lines: 128
| Message-ID: <8310C5A6-3C4C-4799-8151-(E-Mail Removed)>
| MIME-Version: 1.0
| Content-Type: text/plain;
| format=flowed;
| charset="iso-8859-1";
| reply-type=original
| Content-Transfer-Encoding: 7bit
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Windows Mail 6.0.6001.18000
| X-MimeOLE: Produced By Microsoft MimeOLE V6.0.6001.18000
| X-MS-CommunityGroup-PostID: {8310C5A6-3C4C-4799-8151-1E8D22CBBB7B}
| X-MS-CommunityGroup-ThreadID: BE5FB8CD-0A16-475C-90CB-28AD916F5CAC
| X-MS-CommunityGroup-ParentID: F35FB906-978B-408D-814F-F8F172A88D82
| Newsgroups: microsoft.public.windows.server.networking
| Path: TK2MSFTNGHUB02.phx.gbl
| Xref: TK2MSFTNGHUB02.phx.gbl
microsoft.public.windows.server.networking:12965
| NNTP-Posting-Host: TK2MSFTNGHUB02.phx.gbl 127.0.0.1
| X-Tomcat-NG: microsoft.public.windows.server.networking
|
| Hi Jian-Ping
|
| Thanks for getting back to me so quickly.
|
| To answer your questions:
|
| > 1. To ensure that the connection to the internet works well, please
check
| > whether the web page could be opened on RRAS server.
|
| The RRAS Server is able to connect to the Internet when it is in a
| stand-alone situation and not part of a domain.
|
| > 2. To ensure there aren't any route related issues, please check whether
| > you could ping any public IP addresses from your client PC. You could
use
| > the external DNS Server IP address provided by ISP to do the test.
|
| Before enabling NAT network access is fine and DNS resolution through
| NSLOOKUP and a web browser both function correctly. After enabling NAT it
is
| still possible to use NSLOOKUP from all client computers and the RRAS
| Server, and it finds the ISP DNS Server. Names resolve to IP addresses
| correctly but no machine on the network is able to ping or browse the
web.
| IP Addresses garnered from NSLOOKUP return "Destination Unreachable" when
| trying to PING them.
|
|
| > 3. As you have mentioned that " Computers inside the network can ping
the
| > LAN Adapter successfully and using NSLookup from computers behind the
NAT
| > it is possible to resolve DNS Names to IP Addresses." Have you tried to
| > resolve the external web site's name to IP address? Can this be resolved
| > correctly?
|
| Yes for instance using NSLOOKUP from a client workstation you can resolve
a
| name to an IP successfully. But the web browser will not return a webpage
by
| DNS Name or IP Address.
|
| > 4. How did you configure your client PCs' DNS server
settings?
| > Did you point to the DNS server in your LAN?
|
| Yes, DHCP is being handled by the DC and it assigns itself as the primary
| DNS.
|
| > More informations:
| > ================
| > The following information is for your reference:
| >
| > Troubleshooting NAT
| >
http://www.microsoft.com/technet/pro...eskit/intwork/
| > inae_ips_xsxh.mspx?mfr=true
| >
| > The above article also apply to Windows Server 2003.
| >
| > Deploying Dial-up and VPN Remote Access Servers
| >
http://technet2.microsoft.com/window...e-0f08-45bc-84
| > 87-3b618bc8ad621033.mspx?mfr=true
| >
| > I look forward to hearing from you soon.
| >
| > Sincerely,
| > Neo Zhu,
| > Microsoft Online Support
| > Microsoft Global Technical Support Center
| >
| > Get Secure! - www.microsoft.com/security
| > ================================================== ===
| > When responding to posts, please "Reply to Group" via your newsreader so
| > that others may learn and benefit from your issue.
| > ================================================== ===
| > This posting is provided "AS IS" with no warranties, and confers no
| > rights.
| >
| > --------------------
| > | From: "Thorin" <(E-Mail Removed)>
| > | Subject: RRAS/NAT connected stations can't access websites
| > | Date: Sun, 1 Jun 2008 22:15:14 -0700
| > | Lines: 23
| > | Message-ID: <BE5FB8CD-0A16-475C-90CB-(E-Mail Removed)>
| > | MIME-Version: 1.0
| > | Content-Type: text/plain;
| > | format=flowed;
| > | charset="iso-8859-1";
| > | reply-type=original
| > | Content-Transfer-Encoding: 7bit
| > | X-Priority: 3
| > | X-MSMail-Priority: Normal
| > | X-Newsreader: Microsoft Windows Mail 6.0.6001.18000
| > | X-MimeOLE: Produced By Microsoft MimeOLE V6.0.6001.18000
| > | X-MS-CommunityGroup-MessageCategory:
| > {E4FCE0A9-75B4-4168-BFF9-16C22D8747EC}
| > | X-MS-CommunityGroup-PostID: {BE5FB8CD-0A16-475C-90CB-28AD916F5CAC}
| > | Newsgroups: microsoft.public.windows.server.networking
| > | Path: TK2MSFTNGHUB02.phx.gbl
| > | Xref: TK2MSFTNGHUB02.phx.gbl
| > microsoft.public.windows.server.networking:12958
| > | NNTP-Posting-Host: TK2MSFTNGHUB02.phx.gbl 127.0.0.1
| > | X-Tomcat-NG: microsoft.public.windows.server.networking
| > |
| > | Recently it became necessary to setup RRAS on Windows Server 2003 R2
to
| > | perform NAT for a small network that is being used as a testing
| > environment.
| > | The network had an existing domain controller that holds the roles for
| > | DHCP/DNS and Directory services. The RRAS server has just two network
| > | connections (WAN, LAN) and there it connects directly to the outside
| > world.
| > |
| > | The WAN NIC is set to:
| > | Public interface connected to the Internet
| > | Enable NAT on this interface
| > |
| > | There are no Inbound or Outbound Filters on the connection.
| > |
| > | Computers inside the network can ping the LAN Adapter successfully and
| > using
| > | NSLookup from computers behind the NAT it is possible to resolve DNS
| > Names
| > | to IP Addresses. What doesn't work is when a client tries to connect
to
| > a
| > | website using a browser all of the clients recieve an error that they
| > cannot
| > | display the page.
| > |
| > | Has anyone seen a document that explains setting up a simple NAT
router
| > | using Windows Server 2003 R2?
| > |
| > | Thanks.
| > |
| > |
| >
|
|

Dear Customer,

Regarding your last email , I am just check and follow-up on your status.

I was wondering , if you were available to try conduct test and provide
the necessary information and logs.

Thank you for your time and attention.

Sincerely,
Neo Zhu,
Microsoft Online Support
Microsoft Global Technical Support Center
--------------------
| X-Tomcat-ID: 60725833
| References: <BE5FB8CD-0A16-475C-90CB-(E-Mail Removed)>
<(E-Mail Removed)>
<8310C5A6-3C4C-4799-8151-(E-Mail Removed)>
| MIME-Version: 1.0
| Content-Type: text/plain
| Content-Transfer-Encoding: 7bit
| From: v-(E-Mail Removed) (Jian-Ping Zhu [MSFT])
| Organization: Microsoft
| Date: Wed, 04 Jun 2008 07:58:25 GMT
| Subject: Re: RRAS/NAT connected stations can't access websites
| X-Tomcat-NG: microsoft.public.windows.server.networking
| Message-ID: <(E-Mail Removed)>
| Newsgroups: microsoft.public.windows.server.networking
| Lines: 212
| Path: TK2MSFTNGHUB02.phx.gbl
| Xref: TK2MSFTNGHUB02.phx.gbl
microsoft.public.windows.server.networking:12989
| NNTP-Posting-Host: tk5tomimport1.phx.gbl 10.201.218.19
|
| Hello,
|
| I need more information for further investigation.
| Please help answer the following questions:
|
| 1. I'd like to confirm that you could ping ISP DNS Server IP address from
| client machines, is this correct?
|
| 2. On client machines, any web sites could not be opened and ping to the
| sites' IP address return destination unreachable, is this correct?
| Could you please copy and post back the output of the ping command?
| Please also give me an example of web site links which could not be
opened.
|
| 3. I'd like to confirm that this issue occurred on all client machines in
| your network, is this correct?
| Did you use the same model NIC on all the client machines?
| Based on my research, a bad NIC might also cause similar issues, please
| check whether your NIC on client machines work well and please update the
| NIC driver with the latest one.
|
| 4. Please check Inbound or Outbound Filters on both of the internal and
WAN
| interfaces on RRAS server.
|
| Meanwhile, please also help collect the following information:
|
| Networking Edition MPS_Report log:
| =============================
| Download the Network Edition of MPS_Report tool from
|
<http://download.microsoft.com/downlo...e5-a579-30b0bd
| 915706/MPSRPT_NETWORK.EXE>, run it on the RRAS Server and client machine.
| Email me the %COMPUTERNAME%_MPSReports_.CAB file which is under the
| %systemroot%\MPSReports\network\bin\cab directory.
|
| My email address is v-(E-Mail Removed)
|
| Thanks for your time and I look forward to hearing from you.
|
| Sincerely,
| Neo Zhu,
| Microsoft Online Support
| Microsoft Global Technical Support Center
|
| Get Secure! - www.microsoft.com/security
| ================================================== ===
| When responding to posts, please "Reply to Group" via your newsreader so
| that others may learn and benefit from your issue.
| ================================================== ===
| This posting is provided "AS IS" with no warranties, and confers no
rights.
|
| --------------------
| | From: "Thorin" <(E-Mail Removed)>
| | References: <BE5FB8CD-0A16-475C-90CB-(E-Mail Removed)>
| <(E-Mail Removed)>
| | In-Reply-To: <(E-Mail Removed)>
| | Subject: Re: RRAS/NAT connected stations can't access websites
| | Date: Mon, 2 Jun 2008 10:45:33 -0700
| | Lines: 128
| | Message-ID: <8310C5A6-3C4C-4799-8151-(E-Mail Removed)>
| | MIME-Version: 1.0
| | Content-Type: text/plain;
| | format=flowed;
| | charset="iso-8859-1";
| | reply-type=original
| | Content-Transfer-Encoding: 7bit
| | X-Priority: 3
| | X-MSMail-Priority: Normal
| | X-Newsreader: Microsoft Windows Mail 6.0.6001.18000
| | X-MimeOLE: Produced By Microsoft MimeOLE V6.0.6001.18000
| | X-MS-CommunityGroup-PostID: {8310C5A6-3C4C-4799-8151-1E8D22CBBB7B}
| | X-MS-CommunityGroup-ThreadID: BE5FB8CD-0A16-475C-90CB-28AD916F5CAC
| | X-MS-CommunityGroup-ParentID: F35FB906-978B-408D-814F-F8F172A88D82
| | Newsgroups: microsoft.public.windows.server.networking
| | Path: TK2MSFTNGHUB02.phx.gbl
| | Xref: TK2MSFTNGHUB02.phx.gbl
| microsoft.public.windows.server.networking:12965
| | NNTP-Posting-Host: TK2MSFTNGHUB02.phx.gbl 127.0.0.1
| | X-Tomcat-NG: microsoft.public.windows.server.networking
| |
| | Hi Jian-Ping
| |
| | Thanks for getting back to me so quickly.
| |
| | To answer your questions:
| |
| | > 1. To ensure that the connection to the internet works well, please
| check
| | > whether the web page could be opened on RRAS server.
| |
| | The RRAS Server is able to connect to the Internet when it is in a
| | stand-alone situation and not part of a domain.
| |
| | > 2. To ensure there aren't any route related issues, please check
whether
| | > you could ping any public IP addresses from your client PC. You could
| use
| | > the external DNS Server IP address provided by ISP to do the test.
| |
| | Before enabling NAT network access is fine and DNS resolution through
| | NSLOOKUP and a web browser both function correctly. After enabling NAT
it
| is
| | still possible to use NSLOOKUP from all client computers and the RRAS
| | Server, and it finds the ISP DNS Server. Names resolve to IP addresses
| | correctly but no machine on the network is able to ping or browse the
| web.
| | IP Addresses garnered from NSLOOKUP return "Destination Unreachable"
when
| | trying to PING them.
| |
| |
| | > 3. As you have mentioned that " Computers inside the network can ping
| the
| | > LAN Adapter successfully and using NSLookup from computers behind the
| NAT
| | > it is possible to resolve DNS Names to IP Addresses." Have you tried
to
| | > resolve the external web site's name to IP address? Can this be
resolved
| | > correctly?
| |
| | Yes for instance using NSLOOKUP from a client workstation you can
resolve
| a
| | name to an IP successfully. But the web browser will not return a
webpage
| by
| | DNS Name or IP Address.
| |
| | > 4. How did you configure your client PCs' DNS server
| settings?
| | > Did you point to the DNS server in your LAN?
| |
| | Yes, DHCP is being handled by the DC and it assigns itself as the
primary
| | DNS.
| |
| | > More informations:
| | > ================
| | > The following information is for your reference:
| | >
| | > Troubleshooting NAT
| | >
|
http://www.microsoft.com/technet/pro...eskit/intwork/
| | > inae_ips_xsxh.mspx?mfr=true
| | >
| | > The above article also apply to Windows Server 2003.
| | >
| | > Deploying Dial-up and VPN Remote Access Servers
| | >
|
http://technet2.microsoft.com/window...e-0f08-45bc-84
| | > 87-3b618bc8ad621033.mspx?mfr=true
| | >
| | > I look forward to hearing from you soon.
| | >
| | > Sincerely,
| | > Neo Zhu,
| | > Microsoft Online Support
| | > Microsoft Global Technical Support Center
| | >
| | > Get Secure! - www.microsoft.com/security
| | > ================================================== ===
| | > When responding to posts, please "Reply to Group" via your newsreader
so
| | > that others may learn and benefit from your issue.
| | > ================================================== ===
| | > This posting is provided "AS IS" with no warranties, and confers no
| | > rights.
| | >
| | > --------------------
| | > | From: "Thorin" <(E-Mail Removed)>
| | > | Subject: RRAS/NAT connected stations can't access websites
| | > | Date: Sun, 1 Jun 2008 22:15:14 -0700
| | > | Lines: 23
| | > | Message-ID: <BE5FB8CD-0A16-475C-90CB-(E-Mail Removed)>
| | > | MIME-Version: 1.0
| | > | Content-Type: text/plain;
| | > | format=flowed;
| | > | charset="iso-8859-1";
| | > | reply-type=original
| | > | Content-Transfer-Encoding: 7bit
| | > | X-Priority: 3
| | > | X-MSMail-Priority: Normal
| | > | X-Newsreader: Microsoft Windows Mail 6.0.6001.18000
| | > | X-MimeOLE: Produced By Microsoft MimeOLE V6.0.6001.18000
| | > | X-MS-CommunityGroup-MessageCategory:
| | > {E4FCE0A9-75B4-4168-BFF9-16C22D8747EC}
| | > | X-MS-CommunityGroup-PostID: {BE5FB8CD-0A16-475C-90CB-28AD916F5CAC}
| | > | Newsgroups: microsoft.public.windows.server.networking
| | > | Path: TK2MSFTNGHUB02.phx.gbl
| | > | Xref: TK2MSFTNGHUB02.phx.gbl
| | > microsoft.public.windows.server.networking:12958
| | > | NNTP-Posting-Host: TK2MSFTNGHUB02.phx.gbl 127.0.0.1
| | > | X-Tomcat-NG: microsoft.public.windows.server.networking
| | > |
| | > | Recently it became necessary to setup RRAS on Windows Server 2003
R2
| to
| | > | perform NAT for a small network that is being used as a testing
| | > environment.
| | > | The network had an existing domain controller that holds the roles
for
| | > | DHCP/DNS and Directory services. The RRAS server has just two
network
| | > | connections (WAN, LAN) and there it connects directly to the outside
| | > world.
| | > |
| | > | The WAN NIC is set to:
| | > | Public interface connected to the Internet
| | > | Enable NAT on this interface
| | > |
| | > | There are no Inbound or Outbound Filters on the connection.
| | > |
| | > | Computers inside the network can ping the LAN Adapter successfully
and
| | > using
| | > | NSLookup from computers behind the NAT it is possible to resolve DNS
| | > Names
| | > | to IP Addresses. What doesn't work is when a client tries to
connect
| to
| | > a
| | > | website using a browser all of the clients recieve an error that
they
| | > cannot
| | > | display the page.
| | > |
| | > | Has anyone seen a document that explains setting up a simple NAT
| router
| | > | using Windows Server 2003 R2?
| | > |
| | > | Thanks.
| | > |
| | > |
| | >
| |
| |
|
|