Windows Server 2003 + NAT + DSL - ought to be easy

This one should be easy for anyone who knows what they're doing :)

I have a machine running Windows Server 2003, which I want to be my router/dhcp server/wins server for my small network. My internet is provided by Primus Canada, which is a high speed DSL provider. The little modem that came with my internet is configured in "bridge" mode. My internet uses dynamic IPs, and dynamic DNS server IP's.

My Server is already the DHCP server and WINS server and the LAN is working perfectly. All computers can talk to each other, as well as the server.

There are two NICs in the server. One connects to my switch on the lan side (call it the LAN NIC), the other goes to the primus modem (call it the WAN NIC). The LAN NIC has a static IP, the WAN NIC has an automatic IP.

Then I added an "Internet Connection" via Add New Connection Wizard, configured it for PPPoE to connect to the internet. It connects fine.

Then I configured Routing + Remote Access, setting it up as a "NAT/VPN", and selecting the WAN NIC as the network device that has the internet. Turned it on, everything seems fine. The DHCP server is allocating IP's in preparation for VPN clients just fine.

My SERVER has the internet now, and does all the LAN based routing for my entire network just fine.

    1) The "WAN NIC" never gets an IP. Even though the internet works. Always says "Limited or no connectivity". See the code snippet, you'll see the IP is the default invalid one.

    2) Client's cannot connect to the internet. Probably because the "WAN NIC" isn't actually connected to anything, and I don't know why. Something wrong with my Routing + Remote Access settings?

    3) Primus provides two DNS servers. You can see them in the code snippet under "PPP adapter", but how do I configure DHCP to use those addresses?

Windows IP Configuration
   Host Name . . . . . . . . . . . . : quasimodo
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Unknown
   IP Routing Enabled. . . . . . . . : Yes
   WINS Proxy Enabled. . . . . . . . : Yes
Ethernet adapter LAN NIC 100mbps:
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : SOHOware 10/100 PCI Network Adapter
   Physical Address. . . . . . . . . : 00-80-C6-EB-CD-2E
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . :
   Subnet Mask . . . . . . . . . . . :
   Default Gateway . . . . . . . . . :
   Primary WINS Server . . . . . . . :
Ethernet adapter WAN NIC 10mbps:
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel 21041-Based PCI Ethernet Adapter (
eneric) #2
   Physical Address. . . . . . . . . : 00-E0-29-25-75-A9
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Autoconfiguration IP Address. . . :
   Subnet Mask . . . . . . . . . . . :
   Default Gateway . . . . . . . . . :
PPP adapter Primus High Speed Internet:
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
   Physical Address. . . . . . . . . : 00-53-45-00-00-00
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . :
   Subnet Mask . . . . . . . . . . . :
   Default Gateway . . . . . . . . . :
   DNS Servers . . . . . . . . . . . :
   NetBIOS over Tcpip. . . . . . . . : Disabled

Open in new window

LVL 31
Who is Participating?
Frosty555Connect With a Mentor Author Commented:
Figured it out guys.

1) You don't create a new internet connection from Control Panel->Network Connections. That applies only to the server, RRAS knows nothing about it.

If you want RRAS to use PPPoE as it's connection to the internet, you have to setup a demand-dial interface. This option was NOT provided in the config wizard to me, because I selected "VPN/NAT", and not just "NAT". When I reconfigured it using just NAT, it gave me the option.

2) When I configured demand-dial, I had to go into the security tab and select "Allow unsecured password". My ISP doesn't support that, and by default it is set to "Require secure password"

3) MrJemson, like you said, the WAN connection need only have some static IP set, and only if the "limited or no connectivity" icon bothers me. Which it does. So I changed that.
Instead, you setup RRAS to use Demand-Dial

4) The NAT settings in RRAS deployed the DNS servers for me automatically. I didn't need to specify them. They get set for me on the client computers without any intervention on my part. Yay!

Attached are some pictures, for anyone else who visits this thread with the same problem.

Looks like it's working!

MrJemsonConnect With a Mentor Commented:
1) The WAN NIC doesn't need an IP. You can set a static (private) IP on it Ie. if the limited or no connectivity message annoys you. It just needs to be plugged in to the bridge for the sake of the PPP tunnel.

2) What is the default gateway your clients are provided by DHCP?

3) You can specify this in your DHCP options. The other alternative is to setup DNS on your server, and add these to the forward lookup zone.
kdearingConnect With a Mentor Commented:
Is the server running SBS?
Because it's REALLY not a good idea to have a public IP address on your server unless you're running ISA or something similar.
Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

Frosty555Author Commented:
My DHCP server is sending as the default gateway. This is the IP of the server. I can verify that this is going out to the client machines properly.

KDearing: I need to host a website using IIS on the server. My modem's built in DHCP server is pathetic, you can't even change the DHCP's IP range. If you think I should put ISA on the computer, I can do that so long as you help me configure it :)

I tried hard coding the DNS servers into my DHCP server (e.g. I set the scope option so that DNS servers are and I even tried just setting up a static DNS on the client. Still no internet.

What else should I try? Or what other info do you guys need?

Frosty555Author Commented:
KDearing, you expressed concern about exposing the computer to the internet like this.

I have configured the basic firewall, currently it doesn't let ANYTHING through. I have successfully tested that my server's FTP server, IIS (web server), filesharing, and remote desktop are not accessible from other computers on the internet, even though those services are enabled and accessible on my LAN.  Is there anything further I should be concerned about?
kdearingConnect With a Mentor Commented:
I would prefer something other than Windows Firewall, but maybe that's just me.

One other thing...DNS

If your server is a Domain Controller, then you'll need to re-configure your DNS.
On the DC server -
  DNS forwarders set to ISP's DNS
  All NICs configured for itself,
  DHCP configured for DC as DNS only
Frosty555Author Commented:
I take back point (4) on my comment #22733716. My DHCP server had the dns settings hardcoded in. NAT doesn't do anything related to relaying dns addresses to clients.

All seems to be well, provided my DHCP server has the dns settings hard coded in. If those dns settings ever change I will have problems until I fix it, though, and that doesn't really go with the set-it-and-forget-it mentality...

I'm actually on a workgroup, but WINS server is handling my computer name resolution. Are you suggesting that Quasimodo (that's the name of my server) be a DNS server as well? Will that cause any slowdowns as far as DNS name resolution for clients on the network goes?

I'm getting my hands on ICA server 2004 now. I'll see what I can do about using it instead of Windows Firewall.
If you're not using your server as a Domain Controller, then you're good.
Frosty555Author Commented:
Whoops, I already set it up.  But it's working well enough. Oh well.

Thank you for your help, I'm really glad I got this working finally.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.