Can't access because of firewall
Can't access network sharing because of firewall
Difference between ICS and NAT
Due to an unidentified problem, windows cannot display windows firewall settings
Error 5: Access is denied when trying to start the Firewall
How to enable NAT
How to enable NAT name resolution
How to enable inbound connections
How to configure 2000/2003 NAT services and ports
NAT server can assign IP
No one can access our website behind NAT
Port forwarding on Windows 2003 with two NICs
Server can access the Internet but not clients
Troubleshooting Windows NAT issues
Remote Management Issues

Difference between ICS and NAT

To connect a windows 2000/2003 network to the Internet, you may use one of two methods: ICS and NAT. Both ICS and NAT provide translation, addressing, and name resolution services to the network hosts.

ICS is designed to provide a single step of configuration (a single check box) on the computer running Windows 2000/2003 to provide a translated connection to Internet for all of the hosts on the network. However, once enabled, Internet connection sharing does not allow further configuration beyond the configuration of applications and services on the network.

NAT routing protocol is designed to provide maximum flexibility in the configuration of the computer running Windows 2000 Server to provide a translated connection to Internet. NAT requires more configuration steps; however, each step of the configuration is customizable. The NAT protocol allows for ranges of IP addresses from ISP and the configuration of the range of IP addresses allocated to the network hosts.

How to enable NAT

Open Routing and Remote Access>Server name>IP Routing>General, right-click General, and then click New Routing Protocol. In the Select Routing Protocol dialog box, click NAT/Firewall, and then click OK.

How to enable NAT name resolution

Open Routing and Remote Access>server name>IP Routing>NAT. Right-click NAT, and then click Properties. On the Name Resolution tab, select the Clients using Domain Name System (DNS) check box.

How to enable inbound connections

To allow Internet users to access resources on your private network via NAT, you must enable inbound connections. To do this 1) configure a static IP address configuration on the resource server; 2) exclude the IP address being used by the resource computer from the range of IP addresses being allocated by the NAT computer; 3) configure a special port.

How to configure 2000/2003 NAT services and ports

Open RRAS>IP Routing>NAT, right-click external NIC>Properties>Services and ports, select a service or add a port. To forward to an internal IP, type IP address in Private address.

NAT server can assign IP

The NAT server can automatically assign IP addresses to internal network clients. You may want to use this functionality if you do not have a DHCP server.

No one can access our website behind NAT

Cause: 1) Network address translation interfaces are not properly configured. 2) TCP/UDP port translation is not enabled. 3) The range of public addresses is not configured correctly. 4) The range of private addresses is configured incorrectly. 5) The traffic being forwarded by the network address translation computer is not translatable. 6) IP packet filtering is preventing the receiving or sending of IP traffic.

Server can access the Internet but not clients

Symptoms: You have windows 2003 multihomed server with DNS and NAT/Firewall. The server can access the Internet but none of clients.

Causes: 1. Incorrect default gateway on the client settings.
2. Incorrect DNS on the client settings.
3. NAT/Firewall blocks the client accessing the Internet.
4. The server doesn't enable IP routing or incorrect routing table.

Post your questions, comments, feedbacks and suggestions