Routing and Remote Access Page 1 of 336 Routing and Remote Access The Microsoft Windows 2000 Server Routing and Remote Access service provides: z Multiprotocol LAN-to-LAN, LAN-to-WAN, virtual private network (VPN), and network address translation (NAT) routing services. For more information, see Routing. z Dial-up and VPN remote access services. For more information, see Remote access. Routing Microsoft Windows 2000 Server routing provides multiprotocol LAN-to-LAN, LAN-to-WAN, virtual private network (VPN), and network address translation (NAT) routing services. Windows 2000 Server routing is intended for use by system administrators who are already familiar with routing protocols and services, and routable protocols such as TCP/IP, IPX, and AppleTalk. z Before installing the Windows 2000 router, see Checklist: Installing and configuring the router. z To find features that have been moved in Windows 2000 Server, see New ways to do familiar tasks. z For tips about using routing, see Best practices. z For help with specific tasks, see How to. z For general background information, see Concepts. z For problem-solving instructions, see Troubleshooting. Checklist: Installing and configuring the router Step Reference gfedc Review key concepts. Routing overview Microsoft Windows Hardware Verify the compatibility of all hardware to be installed in a gfedc Compatibility List at the Microsoft Web computer running Windows 2000. site(http://www.microsoft.com/) gfedc Install the hardware. Manufacturer's documentation For a new network, decide which protocols and routing features of gfedc the Windows 2000 router you want to use. For an existing Routing overview and documentation network, determine which protocols and routing features of the about your network Windows 2000 router you need to enable. gfedc Install and configure the protocols. Network communications To enable the Routing and Remote gfedc Enable and configure the Routing and Remote Access service. Access service Setting up a static routed IP gfedc (Optional) Design and deploy static IP routing. internetwork Setting up a RIP-for-IP routed gfedc (Optional) Design and deploy the RIP-for-IP routing protocol. internetwork Setting up an OSPF routed gfedc (Optional) Design and deploy the OSPF routing protocol. internetwork gfedc (Optional) Add and configure the DHCP Relay Agent. Configure the DHCP Relay Agent gfedc (Optional) Configure IP multicast support. Configure IP multicast support file://C:\Documents and Settings\Administrator\Local Settings\Temp\~hh1CC0.htm 11/24/2003 Routing and Remote Access Page 2 of 336 gfedc (Optional) Design and deploy network address translation. Setting up network address translation gfedc (Optional) Configure the appropriate IP or IPX packet filters. Manage packet filters gfedc (Optional) Design and deploy demand-dial routing. Setting up demand-dial routing New ways to do familiar tasks The following table lists common tasks for configuring routing features in Windows 2000. The user interface for performing these tasks is different in Windows 2000 than it was in Windows NT version 4.0 and Windows NT version 4.0 with the Routing and Remote Access Service (RRAS). In Windows NT 4.0 In Windows 2000 If you want to In Windows NT 4.0 use with RRAS use use Install, configure, and Services tab of Network in Control Routing and Routing and RAS Admin remove routing protocols Panel Remote Access The route print command at a Routing and View the IP routing table Routing and RAS Admin Windows NT command prompt Remote Access Best practices For best practice information about design, security, and deployment for the Windows 2000 router, see the following: z Setting up a static routed IP internetwork z Setting up a RIP-for-IP routed internetwork z Setting up an OSPF routed internetwork z Setting up network address translation z Setting up an IPX internetwork z Setting up demand-dial routing z Setting up router-to-router VPNs How to... This section provides instructions for installing and configuring the Windows 2000 router. z Enable the Routing and Remote Access service z Enable LAN and WAN routing z Manage routing interfaces z Manage devices and ports z Manage routing protocols z Manage static routes z Manage routers z Manage packet filters z Configure RIP for IP z Configure OSPF z Configure network address translation z Enable ICMP router discovery z Configure the DHCP Relay Agent z Configure IP multicast support z Enable AppleTalk routing z Configure IPX routing z Connect your internal network to the Internet z Gather troubleshooting information To enable the Routing and Remote Access service 1. If this server is a member of a Windows 2000 Active Directory domain and you are not a domain file://C:\Documents and Settings\Administrator\Local Settings\Temp\~hh1CC0.htm 11/24/2003 Routing and Remote Access Page 3 of 336 administrator, instruct your domain administrator to add the computer account of this server to the RAS and IAS Servers security group in the domain of which this server is a member. The domain administrator can add the computer account to the RAS and IAS Servers security group by using Active Directory Users and Computers or with the netsh ras add registeredserver command. 2. Open Routing and Remote Access. 3. By default, the local computer is listed as a server. To add another server, in the console tree, right-click Server Status, and then click Add Server. In the Add Server dialog box, click the applicable option, and then click OK. 4. In the console tree, right-click the server you want to enable, and then click Configure and Enable Routing and Remote Access. 5. Follow the instructions in the Routing and Remote Access wizard. Note z To open Routing and Remote Access, click Start, point to Programs, point to Administrative Tools, and then click Routing and Remote Access. Related Topics To enable LAN and WAN routing 1. Open Routing and Remote Access. 2. Right-click the server name for which you want to enable routing, and then click Properties. 3. On the General tab, select the Enable this server as a router check box, and then do one of the following: z For LAN routing, click Local routing only (LAN router). z For LAN and WAN routing, click Local and remote routing (LAN and WAN router). Note z To open Routing and Remote Access, click Start, point to Programs, point to Administrative Tools, and then click Routing and Remote Access. Related Topics Manage routing interfaces z Add a routing interface z Add a demand-dial interface z Configure demand-dial filters z Configure dial-out hours z Add an IP-in-IP tunnel z Delete an interface To add a routing interface 1. Open Routing and Remote Access. 2. In the console tree, click General. Where? Routing and Remote Access server name IP Routing General file://C:\Documents and Settings\Administrator\Local Settings\Temp\~hh1CC0.htm 11/24/2003 Routing and Remote Access Page 4 of 336 3. Right-click General, and then click New Interface. 4. In Interfaces, click the interface you want to add, and then click OK. 5. If applicable, complete any configuration dialog boxes for the interface. Notes z To open Routing and Remote Access, click Start, point to Programs, point to Administrative Tools, and then click Routing and Remote Access. z All available IPX routing protocols are automatically added. To add a routing interface to IPX, in the console tree, under IPX Routing, right-click General, and then click New Interface. The interface is added to all the IPX protocols. Related Topics To add a demand-dial interface 1. Open Routing and Remote Access. 2. In the console tree, click Routing Interfaces. Where? Routing and Remote Access server name Routing Interfaces 3. Right-click Routing Interfaces, and then click New Demand dial interface. 4. Follow the instructions in the Demand-Dial Interface wizard. Note z To open Routing and Remote Access, click Start, point to Programs, point to Administrative Tools, and then click Routing and Remote Access. Related Topics To configure demand-dial filters 1. Open Routing and Remote Access. 2. In the console tree, click Routing Interfaces. Where? Routing and Remote Access server name Routing Interfaces 3. In the details pane, right-click the demand-dial interface you want to configure, and then click Set IP Demand Dial filters. 4. In the Set Demand-Dial Filters dialog box, click the appropriate action in Initiate connection, and then do one or more of the following: z To add a demand-dial filter, click Add. z To modify the settings for a demand-dial filter, click the filter, and then click Edit. z To delete a configured demand-dial filter, click the filter, and then click Remove. Note z To open Routing and Remote Access, click Start, point to Programs, point to Administrative Tools, and then click Routing and Remote Access. Related Topics file://C:\Documents and Settings\Administrator\Local Settings\Temp\~hh1CC0.htm 11/24/2003 Routing and Remote Access Page 5 of 336 To configure dial-out hours 1. Open Routing and Remote Access. 2. In the console tree, click Routing Interfaces. Where? Routing and Remote Access server name Routing Interfaces 3. In the details pane, right-click the demand-dial interface you want to configure, and then click Dial-out Hours. 4. In the Dial-out Hours dialog box, click either Permitted or Denied, click the appropriate day and time boxes to either permit or deny dial-out access, and then click OK. Note z To open Routing and Remote Access, click Start, point to Programs, point to Administrative Tools, and then click Routing and Remote Access. Related Topics To add an IP-in-IP tunnel 1. Open Routing and Remote Access. 2. In the console tree, click Routing Interfaces.