Routing Capabilities in Windows 2000

	Routing Capabilities in Windows 2000

1. General

As you probably know, whenever you connect to the Internet, using any kind of computer, be it a "client" or a "server", you get assigned a more or less temporary IP-address by the server you connect to. This IP-address is taken from a pool of available IP-addresses that this other server has at its disposal.
Now, as long as you have a single computer at your end, this should not be a problem. But what if you have two or more computers at your premises, configured in one or more local LANs which uses the IP-protocol for communication? Can all of these computers be configured to have free access to Internet through this connected computer? How would it work? How do you control this access?
This page will look a bit closer at how Microsoft Windows 2000 handle this, i.e. we will examine Windows 2000愀 capabilities as a router, how it must be configured and how it behaves.
This webpage grew out of a need to understand how this scenario is supposed to function, because it does not always behave as a reasonably optimistic person might expect. You follow the Microsoft instructions that apply to your specific situation, and it just doesn愒 work!
Your LAN can be configured in various ways, and there are numerous combinations of parameters to consider, depending on each individual setup. We cannot let this page grow too big, nor is that necessary, since Microsft provides ample instructions for each configuration case. Let us here just make these assumptions about your LAN:

It uses the TCP/IP-protocol for internal communication.

The computer at your place that connects to the outside world (and thus serves as a router between your LAN and Internet) is running Windows 2000 Server.

The LAN is centered on a hub (as shown in illustration at right). Whether this hub is free-standing or mounted inside one of your computers does not matter.

The LAN can either use Ethernet cables (RJ-45) and/or WLAN by way of an access point, connected to the hub.

The Windows 2000 installation on your router does or does not use the Active Directory service. We will look at both cases.

The router-connection to the outside world takes place in any of the ways listed below.

Showing how modem- and Internet-connections constitute a different network from the local one.
Figure 1
So, the setup on this page probably does not agree with your setup, but we have just set the stage with these assumptions in order to concentrate on the central questions:

How is the Windows 2000 server-based router supposed to work?
Why doesn愒 it?

2. Connecting options to Internet

The alternative connections to the outside world that are most common are illustrated in figure 2 to the right. They are:

By modem, over the telephone network, to a modem pool at an Internet Service Provider (ISP).
By ADSL or ISDN to an Internet Service Provider.
Directly to Internet, or to another LAN.
To a wireless LAN or Bluetooth network.
To a cellular phone Interface.
These connection modes are somewhat differently treated by Windows, both on the technical level and on the human interface level. You have to:

provide Windows with certain asked-for parameters regarding your ISP-connection
provide information regarding desired security; what users and programs can and cannot do
take due consideration to firewalls
provide drivers to the hardware involved, and configure these properly.
Communication protocols are divided in a hierarchical fashion, with different strata being responsible for different functions. Sometimes these strata from different protocols can be made to work together, sometimes not. We are not going to delve into that on this page. Nor will we discuss VPN. Showing alternative connections to the outside world.
Figure 2

The alternative connections to the outside world that are most common are illustrated in figure 2 to the right. They are: By modem, over the telephone network, to a modem pool at an Internet Service Provider (ISP). By ADSL or ISDN to an Internet Service Provider. Directly to Internet, or to another LAN. To a wireless LAN or Bluetooth network. To a cellular phone Interface. These connection modes are somewhat differently treated by Windows, both on the technical level and on the human interface level. You have to: provide Windows with certain asked-for parameters regarding your ISP-connection provide information regarding desired security; what users and programs can and cannot do take due consideration to firewalls provide drivers to the hardware involved, and configure these properly. Communication protocols are divided in a hierarchical fashion, with different strata being responsible for different functions. Sometimes these strata from different protocols can be made to work together, sometimes not. We are not going to delve into that on this page. Nor will we discuss VPN.	Figure 2

3. Windows IP-addressing

Let us here (for simplicity愀 sake) refer to the Internet-connected computer as the "server", and make these assumptions:

There are two LANs attached to the server (see figure 4 at right)
all LAN-attached computers we are talking about here run Windows 98 or later versions
they all have the TCP/IP protocol enabled
they all belong to the same (local) domain
the server is the only computer with Internet-access
the server is also the domain controller
the server runs "Active Directory"
the server runs DHCP on one of the two LANs (see figure at right). The other LAN has been assigned statitic IP-addresses.
Showing a setup with two LANs
Figure 4

Windows 2000 and XP localize the network adapters at startup. In our case there are two in the server, each leading to a LAN with TCP/IP-enabled computers. The server finds that in LAN 1, the computers already have addresses. Let us assume that they cover 192.168.1.1 and up. The address mask is thus 255.255.255.0. In the case of the other LAN (LAN 2), all or some of the attached computers have no assigned addresses. In that situation, the Automatic Private IP Addressing (APIPA) feature Windows 2000 and Windows XP provides default automatic configuration of the IP address in the reserved range from 169.254.0.1 through 169.254.255.254, and thus uses a subnet mask of 255.255.0.0. There is no automatic configuration of a default gateway, DNS server, or WINS server. APIPA is designed for networks that consist of a single network segment that are not connected to the Internet. Therefore, you do not need to configure the default gateway, DNS server, and WINS server. For manual configuration of LANs with permanent addresses (i.e. when not using DHCP), IP-addresses in the range 192.168.0.1 to 192.168.1.255 are often used. But we have chosen another range here.

Let us here (for simplicity愀 sake) refer to the Internet-connected computer as the "server", and make these assumptions: There are two LANs attached to the server (see figure 4 at right) all LAN-attached computers we are talking about here run Windows 98 or later versions they all have the TCP/IP protocol enabled they all belong to the same (local) domain the server is the only computer with Internet-access the server is also the domain controller the server runs "Active Directory" the server runs DHCP on one of the two LANs (see figure at right). The other LAN has been assigned statitic IP-addresses.	Figure 4

4. How TCP/IP routers function

More text will be forthcoming, when I get the time!
Showing how IP-addresses change when going through a router
Figure 6

More text will be forthcoming, when I get the time!	Figure 6

5. Windows 2000 as Router

Microsoft Windows 2000 Server routing provides multiprotocol LAN-to-LAN, LAN-to-WAN, virtual private network (VPN), and network address translation (NAT) routing services. Windows 2000 Server routing is intended for use by system administrators who are already familiar with routing protocols and services, and routable protocols such as TCP/IP, IPX, and AppleTalk.
Let愀 get started, after all this talk! We will not go into all the details, since there are ample instructions in the Microsoft WindowsHELP files that come with the operating systems, and also in Microsoft TechNet.

The first step is to enable the Routing and Remote Access service on the server which serves as Domain Controler.
If this server is a member of a Windows 2000 Active Directory domain, you have to add the computer account of this server to the RAS and IAS Servers security group in the domain of which this server is a member. If not, you can open "Routing and Remote Access" directly, in the server.
In the console tree, right-click the server you want to enable, and then click Configure and Enable Routing and Remote Access. Follow the instructions in the Routing and Remote Access wizard.

More text will be forthcoming, when I get the time!

Last Updated: 2007-01-02	Author: Ove Johnsson