Microsoft Support Engineers Troubleshoot Remote Access Service (RAS)
Q: How can I route Internet Protocol (IP) packets from my Local Area Network (LAN) to the Internet through an NT-based RAS client?
This is perhaps the most frequently asked question about RAS. When used with the TCP/IP protocol, you can configure RAS to allow your entire LAN to access the Internet via a single Windows NT-based machine with a dial-up RAS connection. If you can't afford to put in a leased line for Internet access, RAS may work for you, but there are certain requirements that must be met first.
- The Point-to-Point Protocol (PPP) or Serial-Line Internet Protocol (SLIP) server you use for Internet access--whether it's a Windows NT-based RAS server or a third-party server--must support routing tables that can be set up to forward packets to your LAN via the RAS client connection in NT 3.5x. Usually, you obtain dial-up access from an Internet Service Provider (ISP). Your RAS client connects to the ISP's PPP or SLIP server.
- You must use TCP/IP on your LAN. Microsoft provides no protocol translation for the Internet.
- Your RAS client machine will have two IP addresses: One will be assigned to the network card, and the other to the RAS connection to the ISP's PPP or SLIP server. These addresses cannot be on the same logical subnet, or routing will not function properly.
- You must obtain unique IP addresses for each machine on your LAN that will be sending packets to the Internet. There are two options for obtaining these IP addresses. First, contact Internic (the organization that assigns IP addresses) and obtain a range of addresses to use on the Internet. Second--and most common--ask your ISP to subnet its IP addresses and assign you a range for your local LAN. In either case, the addresses you use must be unique.
Now, you are ready to configure the NT 3.5x-based RAS client to allow it to function as a router.
- Configure the RAS PhoneBook entry for your ISP as either PPP or SLIP. (Your provider will tell you which to use.)
- Modify the DisableOtherSrcPackets Registry parameter. DisableOtherSrc-Packets is located in the HKEY_LOCAL_MACHINE subtree under the following subkey: \System\CurrentControl-Set\Services\RasArp\Parameters. It has a data type of REG_DWORD and can be set to 0 or 1 (the default setting is 1). You must set the DisableOtherSrcPackets parameter to 0.
- Enable the IPEnableRouter parameter. IPEnableRouter is located in the HKEY_LOCAL_MACHINE subtree under the following subkey: \System\CurrentControlSet\Services\Tcp-ip\Parameters. It has a data type of REG_DWORD and can be set to 0 or 1. Change the value to 1 to enable this parameter.
- The Default Gateway for the network card on your RAS client computer must be blank.
- The LAN clients on the network must set their Default Gateway to the IP address of the network card on your NT-based RAS client.
- The ISP must add a static route on the PPP or SLIP server that routes traffic destined for your LAN via the RAS IP address of your RAS client.
Caution: If you are part of the Internet, your shares may be visible to others. You can avoid this by stopping the server service on your LAN clients when you are connected to the Internet. If you run the FTP Server service on any of your LAN clients, you may also need to stop it to prevent other Internet clients from accessing that LAN client.
Q: After upgrading to NT 3.51, I can no longer send or receive TCP/IP packets via my RAS PPP connection. Why?
This problem occurs if you use the same IP address for your network interface card (NIC) that you use for your RAS PPP connection. Using the same IP address for more than one interface is an illegal configuration with TCP/IP. Under NT 3.5, you could use the same IP address for both and properly route packets via your RAS PPP connection due to a bug in RAS. This bug has been fixed in NT 3.51.
To get around this limitation, disable the binding of TCP/IP to your NIC or use a different IP address for the NIC than the one you use for your RAS PPP connection. In addition, make sure you select the "Use default gateway on remote network" check box in the TCP/IP settings of your RAS PhoneBook entry.
Q: How does NT determine whether to send IP packets via the NIC or RAS?
If you have enabled the "Use default gateway on remote network" check box in the TCP/IP settings of your RAS PhoneBook entry, any IP packets with a destination address on the same IP subnet as the NT machine's NIC will be sent via the NIC. If the destination IP address is on a different subnet, the packets will be sent via RAS and the default gateway assigned by the RAS server will locate the destination host. If you have not enabled the "Use default gateway on remote network" check box, packets for all subnets other than RAS will be sent via the NIC.
If you have more than one subnet on your local LAN, packets destined for other subnet addresses on your LAN will be sent to the default gateway. The default will be the remote network if you have the "Use default gateway on remote network" selection enabled. To correct this, you must add a static route to the routing table on your RAS server. For example, if your mail server is on the 199.199.40 network and your local LAN gateway address is 199.199.41.1, you can add a route to your routing table to ensure that all packets destined for this subnet are sent to the LAN gateway. For example: RouteADD199. 199.40.0 MASK 255.255.255.0 199.199.41.1 /P. With this addition to your routing table, all packets destined for the 199.199.40 network will be routed through your local gateway--199.199.41.1. The/P, a new switch in NT 3.51, at the end of the command makes the route persistent, meaning that the entry will be maintained even after you shut down the machine.
Windows NT 3.51 Service Pack 2 includes the Multi-Protocol Router (MPR) software. Using MPR allows you to automate this procedure. (For more information about routing TCP/IP packets on a multihomed RAS machine (i.e., one with more than one network interface, including RAS), see the Microsoft Windows NT 3.5 Resource Kit, Volume 2, Chapter 22 (see the book review "Windows NT Resource Kit" on page 59 of the October, 1995, issue).
Q: How can I automate the logon to a third-party PPP or SLIP server?
RAS includes a scripting language that you can use to automate the logon to a third-party PPP or SLIP server. Your automated logon script will consist of a series of commands--these are sent to the server--and responses--these are received from the server. Your script should be saved in the %system-root%\system32\ras\switch.inf file. Once you have entered your script in this file, you can select it in the RAS PhoneBook application. Choose the Security button, and then select your script in the After Dialing field. Be sure to modify this file with a text editor, as opposed to using Write or another application that might embed printing codes into the file.
For example, if you connect to a third-party PPP or SLIP server that issues the following prompts for information during the logon sequence:
Enter UserName:
Enter Password:
PPP or SLIP:
Thank you!
Then you could add the following script to the SWITCH.INF file to automate the logon:
[MyServer]
;Lines preceded by a semi-colon are comments
COMMAND=<cr>
; Causes a two-second delay
OK=<match>"UserName:"
LOOP=<ignore>
; These two lines cause RAS to ignore all responses until your login name is requested
COMMAND=MyName<cr>
; Sends your login name to the server
OK=<match>"Password:" LOOP=<ignore>
COMMAND=MyPassword<cr>
OK=<match>"PPP or SLIP:"
LOOP=<ignore>
COMMAND=PPP<cr>
; Complete the login sequence
OK=<ignore>
; Ignore all additional responses from the server
The SWITCH.INF file found in your %systemroot%\system32\ras directory includes some good examples of login scripts. Another good reference is the Microsoft Windows NT 3.5 Resource Kit, Volume 2, Chapter 9.