Configuring Windows Server 2003 for LAN Routing (part 1) - Using the Routing And Remote Access Console

Understanding Routing

Routing is the process of transferring data across an internetwork from one local area network (LAN) to another. Whereas a bridge connects network segments and shares traffic as necessary according to hardware addresses, a router receives and forwards traffic along appropriate pathways according to software addresses. Consequently, bridges, operating at the second, or data link layer of the Open Systems Interconnect (OSI) networking model, are sometimes called “layer 2” devices. Routers, which operate at the third, or network layer of the OSI model, are known as “layer 3” devices.

In IP networks, routing is performed according to IP routing tables. All IP hosts use routing tables to forward IP traffic; IP routers are distinctive from hosts in that they can use these routing tables to forward traffic that has been received from another router or host.

Figure 1 illustrates the role of routers in connecting networks.

Using Routing And Remote Access

The Routing And Remote Access service in Windows Server 2003 is a multiprotocol software router that can be readily integrated with Windows features such as security accounts and group policies. The service can be configured for LAN-to-LAN, LAN-to-WAN, virtual private network (VPN), and Network Address Translation (NAT) routing through IP networks. In addition, the service can be configured for routing features such as IP multicasting, demand-dial routing, DHCP relay, and packet filtering. Finally, it offers built-in support for the dynamic routing protocols Routing Information Protocol (RIP) version 2 and Open Shortest Path First (OSPF).

Hardware routers include many built-in ports, each of which typically connects to a distinct network segment. The hardware router can route traffic from any one port to another. For Routing And Remote Access, however, the number of network segments among which traffic can be routed is limited by the number of network interfaces installed on the Windows Server 2003 computer running the service. For example, if you have configured your Windows Server 2003 computer with two network cards and a modem, the Routing And Remote Access service can route traffic among three networks.

Figure 2 illustrates an example of a Windows Server 2003 computer running the Routing And Remote Access service and configured with four network adapters. In this scenario, the Routing And Remote Access service is routing IP traffic among four LANs.

Figure 2. Windows router configured with four network interface cards (NICs)

Enabling Routing And Remote Access

The Routing And Remote Access service is installed by Windows Server 2003 Setup in a disabled state. You can enable and configure the service by running the Routing And Remote Access Server Setup Wizard. Note that if the server on which you want to configure the Routing And Remote Access service is a member server of an Active Directory domain, you must add the server’s computer account to the RAS And IAS Servers domain local security group before the router can function. If the server is already a domain local controller, it will be automatically added to this security group.

Using the Routing And Remote Access Console

The Routing And Remote Access console is the graphical user interface (GUI) tool used to configure routing in Windows Server 2003. In a basic installation in which Routing And Remote Access has been configured only for LAN routing, the Routing And Remote Access console includes two main nodes for each server node: the Network Interfaces node and the IP Routing node. Figure 3 shows these nodes.

Adding Interfaces

In the Routing And Remote Access console, a network interface is a software component that connects to a physical device such as a modem or a network card. To configure routing through Routing And Remote Access, you must first verify that all software interfaces through which you want to route traffic are listed in the Network Interfaces node.

The server running Routing And Remote Access usually detects all network adapters when the Routing And Remote Access Server Setup Wizard is run. Network interfaces corresponding to these adapters are then listed in the Network Interfaces node and are immediately available for configuration in the Routing And Remote Access console.

However, preconfigured dial-up connections are not available in Routing And Remote Access. If you want to configure routing through an on-demand or persistent dial-up connection, a VPN connection, or a Point-to-Point Protocol over Ethernet (PPPoE) connection, you must add this connection type manually through the Network Interfaces node in the Routing And Remote Access console. All three of these connection types are known collectively as demand-dial interfaces. Once your demand-dial interface is added, you can then apply to it Routing And Remote Access routing features such as NAT, static routes, or DHCP relay.

To add a dial-up connection, VPN connection, or PPPoE connection, complete the following steps:

The only other occasion when you need to add an interface manually in the Routing And Remote Access console is when you add a new network adapter after you have configured and enabled Routing And Remote Access. To perform this task, use the Interfaces node within the IP Routing node, as described in the next procedure.

To add a routing interface, complete the following steps:

Using the IP Routing Node

In the Routing And Remote Access console, the IP Routing node allows you to configure basic features of IP routing. As shown in Figure 3, this node by default includes three subnodes: General, Static Routes, and NAT/Basic Firewall.