NAT enables you to implement a private Internet Protocol Version 4 (IPv4) addressing scheme within your organization while still enabling users, apps, and services to access the Internet. NAT is a
device, a component in a device, or a software service that enables your organization’s computers to access Internet-based resources by translating private IPv4 addresses in your intranet into public IPv4 addresses on the Internet, as shown in Figure 4-1.
FIGURE 4-1 An illustration shows a NAT device connecting a corporate intranet to the Internet All devices that connect to the Internet require a unique public IPv4 address. However, there are
insufficient public addresses available in the IPv4 address space for all devices that require this type of connection. As a result, organizations use private IPv4 address ranges for devices within their intranets. These addresses are designated by the Internet Assigned Numbers Authority (IANA), and are listed in Table 4-1.
TABLE 4-1 Private IPv4 address ranges
Note Private IPv4 Addressing
Implementing private IPv4 addressing is covered in Chapter 5, “Implement core and distributed network solutions.”
Communications from designated private IPv4 addresses are not routed onto the public Internet.
This is where NAT is useful. A NAT device edits the header of IPv4 traffic originating on the private network. It replaces the source IPv4 address in the header with one of its assigned public IPv4
addresses and then routes the traffic on to the Internet.
When return traffic is received on the public interface, the NAT device edits the header. It replaces the public destination’s IPv4 address with the appropriate private IPv4 address, and then routes the traffic to the appropriate internal device.
Exam Tip
A mapping table is maintained by the NAT device to record to which internal client traffic must be routed.
Implement NAT
On a computer running Windows Server 2016, a NAT server is installed with at least two network adapters. You must configure one of these network adapters with a private IPv4 address and connect it to the intranet within your organization. You must configure the second adapter with a public IPv4 address, and connect it to the Internet, either directly, or by configuring routing through your perimeter network to the Internet.
To enable NAT within your organization, you must deploy a NAT device, and then configure client computers to use the NAT device’s private IPv4 interface as their configured default gateway.
Note More On Configuring An IPv4 Host
Configuring an IPv4 host is covered in Chapter 5, “Implement core and distributed network solutions.”
The NAT device also helps to secure your organization’s network devices by hiding your
computers’ IPv4 addresses. When a computer on the intranet initiates communications with a server on the Internet, only the NAT device’s external IPv4 address is visible to devices on the Internet.
Implement NAT with Windows Server 2016
Before you can configure a Windows Server 2016 computer as a NAT server, you must install the Remote Access server role.
Installing the Remote Access Server Role
On Windows Server 2016, use the following procedure to enable NAT:
1. Install the Remote Access server role with Server Manager. When prompted by the Add Roles And Features Wizard, on the Select role services page, select the Routing check box.
2. Follow the instructions in the wizard to install the necessary features to support the Remote Access role, as shown in Figure 4-2. Click Close when the installation is complete.
FIGURE 4-2 Installing the Remote Access role
Enabling nat in Remote Access
After you have installed the Routing role service, you must enable NAT in Remote Access. Use the following procedure:
1. In Server Manager, click Tools, and then click Routing And Remote Access.
2. In Routing And Remote Access, right-click your server and then click Configure and Enable Routing and Remote Access.
3. In the Routing And Remote Access Server Setup Wizard, choose Network Address Translation (NAT), as shown in Figure 4-3, and then click Next.
FIGURE 4-3 Configuring the NAT role
4. On the NAT Internet Connection page, select the appropriate network interface and then click Next. This interface must be able to communicate with the Internet and must be assigned a public IPv4 address, as shown in Figure 4-4.
FIGURE 4-4 Selecting the Internet connection for a NAT server
Exam Tip
It’s a good idea to name your network connections so they are easily identifiable. To do this, right-click Start, and then click Network Connections. You can then rename your connections to match their configured purposes.
5. On the Network Selection page, select the network connection that this device uses to connect to the intranet, as shown in Figure 4-5. Click Next.
FIGURE 4-5 Selecting the intranet connection
6. Complete the wizard and when prompted, click Finish. The Routing and Remote Access service starts automatically.
Configuring nat Interfaces
After you have enabled NAT, you must complete its configuration. In the Routing And Remote Access console, use the following procedure:
1. In the navigation pane, locate the IPv4 node. Beneath it, locate the NAT node, as shown in Figure 4-6.
FIGURE 4-6 The NAT node in the Routing and Remote Access console
2. Right-click the interface that you assigned to the Internet and then click Properties. On the NAT page, you can change the type of interface from public to private. You can also disable or
enable NAT by selecting the Enable NAT On This Interface check box, as shown in Figure 4-7.
FIGURE 4-7 The properties dialog box of the configure Internet-connected network connection
3. On the Address Pool page, shown in Figure 4-8, you can configure a range of public IPv4 addresses that your ISP has assigned for your use, if required. The Reservations button enables you to configure specific public IPv4 addresses for use by specific private IPv4 clients.
FIGURE 4-8 Configuring the public IPv4 address pool
4. The Services And Ports tab, shown in Figure 4-9, enables you to define how inbound requests are handled. You can define what services you want the NAT server to publish on the Internet.
For example, you can enable a web server by selecting the Web Server (HTTP) check box, and then, as shown in Figure 4-10, define the internal server that hosts this web server.
FIGURE 4-9 Configuring inbound services and ports
FIGURE 4-10 Adding a publishable service
Configuring the Nat Node
You can configure the NAT node in the Routing and Remote Access console. Right-click NAT in the console and then click Properties, as shown in Figure 4-11.
FIGURE 4-11 Configuring the NAT node Table 4-2 shows the configurable settings.
TABLE 4-2 NAT node configurable options
Monitoring NAT
After you have installed and configured NAT, and enabled your NAT clients, you must know how to monitor the NAT service. You can do this in the Routing And Remote Access console.
Right-click the NAT node, and then click one of the following:
Show DHCP Allocator Information Displays DHCP-related information. This includes a list of the DHCP messages, such as DISCOVER, REQUEST, and OFFER.
Show DNS Proxy Information Displays the DNS-related information, including the number of queries received from clients and the number of responses sent.
You can also view the live mappings being used by NAT clients. In the NAT node, in the Details pane, right-click the Internet-connected interface, and then click Show Mappings. The following information is displayed:
Protocol Direction
Private Address Private Port Public Address Remote Address Remote Port
Idle Time
You can also use Event Viewer to view NAT-related events.
Need More Review? Network Address Translation
To review further details about NAT, refer to the Microsoft TechNet website at
https://technet.microsoft.com/library/d151130d-6925-4e43-8f1b-c6bc0d920f5c.aspx.
Configure routing
Routing is the process of managing the flow of network traffic between subnets. You can configure Windows Server 2016 as both an IPv4 or IPv6 router to connect multiple IP subnets together.
Note
Configure routing is covered in Chapter 5, “Implement core and distributed network solutions.”