As the Internet becomes increasingly important in business computing, you need to find efficient ways to give users Internet access. Now Windows NT 3.51 Server can provide easy Internet access, serving as an Internet router for an entire LAN. The NT server will need to support a Point-to-Point Protocol (PPP) connection to your Internet Service Provider (ISP).
The following step-by-step guide walks you through TCP/IP and Remote Access Service (RAS) installation, configuration, and testing. This approach is one of two ways to use NT as a network router. This is a simple solution for routing traffic between a small LAN and the Internet, where Internet activity is light. A more elegant, more comprehensive--and more complex--solution works with Microsoft's MultiProtocol Routing (MPR) software. By implementing MPR, as Mark Minasi explains in "Unlock Your Gateway to the Internet" (Windows NT Magazine, June 1996), you can route TCP/IP and Internet Packet eXchange (IPX) traffic between two networks of any type. For example, you can use MPR to connect an Ethernet-based IPX network to a Token Ring-based IPX network, or to enable Dynamic Host Configuration Protocol (DHCP) resolution between two TCP/IP LANs.
Before you install and configure RAS and TCP/IP on an NT 3.51 server, you have to ask your ISP for
- the correct dial-up number (some ISPs have a phone number for each modem speed; get the number that matches your modem's speed)
- the ISP's Domain Name System (DNS) IP address
- the ISP's Domain Name and Host Name (plan ahead if you need to request a Domain Name; it can take up to a month to establish)
- at least four unique IP addresses (one for the NIC in the server, one for RAS, one for the network ID, and one for a broadcast address) for your server and LAN, if applicable; if you don't have an NIC installed, you need to install one
- the exact sequence of login prompts and replies, which are necessary for scripting
- a decision on whether to use Van Jacobson (VJ) header compression (for PPP connections)
Insert the NT Server Installation CD-ROM into your server's CD-ROM drive and log in as Administrator. Access the Network Settings dialog by selecting the Network option in the Control Panel. Follow the on-screen instructions to install RAS using the Add Software selection.
After you install RAS, configure and enable the communications settings on your server. Follow these steps before attempting to connect to your ISP.
Step 1--Modem and COM Settings: To configure the correct modem and COM port settings, you have to identify the COM port the first time you install RAS. Remote Access Setup then tries to automatically detect the modem at that port.
Select the correct COM port for your modem in the Add Port dialog, and select OK so Setup can autodetect your modem. If your modem is on the Hardware Compatibility List (HCL) and at the port you specified, a confirmation screen appears (select OK). Setup leaves you in the Configure Port dialog. Choose Dial Out Only and select OK.
If Setup doesn't detect your server's modem, scroll through the HCL in the Configure Port dialog to locate your modem type. If you find your modem type on the list, highlight it and select Dial Out Only on Port Usage. Otherwise, select the Hayes-compatible modem option that best matches your modem's speed (this option might not work if the server's modem type isn't listed on the HCL), and select Dial Out Only on Port Usage. Select OK.
Step 2--Network Protocols: This step specifies the appropriate network protocols for your server. Under the Remote Access Setup dialog, select Network to open the Network Configuration dialog. Unmark all network protocols except TCP/IP and any others your server uses, and select OK. Select Continue to exit the Remote Access Setup dialog. Setup creates a new program group, Remote Access Service (common).
Select OK when you see the RAS pop-up window and again when you see the Network Settings dialog. Setup performs some bindings and will display a warning if you didn't select the NetBEUI protocol. Setup then invokes the TCP/IP setup program.
Step 3--TCP/IP: In the TCP/IP setup program, enter your server's unique IP and subnet address. This address is bound to the NIC in the server, not to RAS, and must be on the same logical subnet as the LAN clients. NOTE: Leave the Default Gateway field blank (for an explanation, see Mark Minasi's article "NT Workstations Using an IP Router--Get Rid of Those Default Gateways," Windows NT Magazine, May 1996).
Select DNS to open the DNS Configuration dialog. Enter your ISP's Host Name and Domain Name. If you requested and registered your own Domain Name, enter it instead (confirm this entry with your ISP).
Select OK. You will return to the TCP/IP Configuration dialog.
Restart your computer when Setup prompts you, and log on as Administrator. After you configure your modem and port settings, configure RAS setup to dial out to your ISP.
Step 4--RAS Script File: RAS installs a script file, SWITCH.INF, into the \WINNT35\SYSTEM32\RAS subdirectory. Locate this file on your server, and make a backup (e.g., copy SWITCH.INF to SWITCH.OLD). Read the SWITCH.INF file, which includes three sample scripts. Brackets delimit each script.
You'll need to modify the SCRIPT.INF file to handle your ISP logon process. Enter the exact sequence or string of characters that your ISP sends to the server's modem at login. This string of characters must exactly match the ISP's logon sequence.
Although you can manually enter your login ID and password each time you dial your ISP, doing so prevents your server from automatically re-establishing a lost connection with your ISP. Instead, you can provide your login ID and password, as in the following sample script. (Note that the script omits the first character of the login and password prompts because the first character doesn't always transmit clearly.)
\[Type in the Name of Your Script Here\]
Replace the example script's <login ID> and <password> with your information. Be aware that if you hard code your login ID and password into your SWITCH.INF file, anyone accessing your server can access your ISP login account. To protect this information, make sure your server is in a secure area and limit who can access it.
Save your changes to the SWITCH.INF file. The server reads this file when RAS starts, so you have to restart the RAS client for it to recognize your changes.
Step 5--RAS Phone Book: Next you create an entry in your RAS phone book to record your ISP's dialing and security information. Select the Remote Access icon in the RAS program group. RAS displays the message, "The phone book is empty. Press OK to add an entry." Select OK.
Enter your dialing information, including the Entry Name (your ISP's name), the Phone Number (the number you dial to log on), and a Description. If you usually dial 9 to get an outside line, don't forget to add 9 at the beginning of the phone number (e.g., 9,5551212). If your phone has call waiting, turn it off by entering *70 (e.g., *70,5551212).
Because you're using a script to log on to your ISP, unmark the Authenticate Using Current User Name and Password option. Otherwise, RAS will try to log on with the name "Administrator" instead of your ISP login ID.
Select Security at the bottom of the screen. If you don't see it, select Advanced to display Security. Under Security Settings, mark the radio selection for Accept Any Authentication, Including Clear Text.
Locate the Before Dialing and After Dialing options in the area marked "Terminal or Script" at the bottom of the Security Settings dialog. Select the arrow beside the After Dialing option to view available script files. Select the script you created earlier in the SWITCH.INF file, and select OK to return to the Edit Phone Book Entry dialog.
Select Network to open the Network Protocol Settings dialog. Select TCP/IP Settings next to the TCP/IP option. Ask your ISP to confirm the settings on this screen.
Note the two options at the top of the screen: Server assigned IP address and Require specific IP address. Users type this address into a Web browser to locate your Web server if you have one installed. For example, if your Web server's IP address is 184.108.40.206, you type http://220.127.116.11 in your Web browser to locate your server. If you have a registered Domain Name, you enter it instead of the IP address.
If you choose Server assigned IP address, your ISP will assign a dynamically allocated address that can change each time your NT 3.51 server dials your ISP. This option isn't desirable because users can't easily locate or address your server.
If you choose Require specific IP address, you must enter your server's unique IP address (a static address). Getting a registered Domain Name is the best option. At the very least, you can get a unique IP address for your server so users can create a Bookmark (as Netscape calls it) in their Web browsers for your server.
Ask your ISP to verify all information in the PPP TCP/IP Settings dialog, and select OK to return to the Network Protocol Settings dialog. Select OK to return to the Edit Phone Book Entry dialog, and select OK again to return to the Remote Access dialog.
Editing the Registry
Once you finish installing and configuring RAS and TCP/IP, you can edit your NT server's Registry so it can recognize itself as a router. Depending on how your ISP assigns your IP address, you have to change the server's Registry.
Choose Run from the File menu in the Program Manager. Type REGEDT32.EXE and select OK to run the Registry Editor. Select HKEY_LOCAL_MACHINE and navigate through the directory levels until you find \SYSTEM\CURRENTCONTROLSET\SERVICES\RASARP\PARAMETERS.
Set the DisableOtherSrcPackets parameter to 0 as follows: DisableOtherSrcPackets:REG_DWORD:0. If this value doesn't appear on the right side of your screen, you have to add it under Parameters. While in Registry Editor, choose Edit from the pulldown menu and select Add Value. You need to specify the Value Name (DisableOtherSrcPackets) and the Data Type (REG_DWORD) in the Add Value dialog. Select OK to open the DWORD Editor dialog. Specify Data as "0" and Radix as Hex, and select OK.
Select HKEY_LOCAL_MACHINE and navigate through the directory levels until you find \SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS. Set the IPEnableRouter parameter to 1 so you have IPEnableRouter:REG_DWORD:0x1.
Make the following Registry entry only if the addresses for your RAS connection and LAN network adapter have the same network number (but different subnetworks) and if you've marked the Use Default Gateway On Remote Network box. For a complete explanation of this topic, see Microsoft's Knowledge Base (http://www.microsoft.com/kb/) for Article-ID: Q121877 and your Windows NT Resource Kit (3.51), Volume 2, page 420. If you're not sure about these settings, try your setup without this change. If your setup doesn't work, try adding this entry.
Select HKEY_LOCAL_MACHINE, and navigate through the directory levels until you find \SYSTEM\CURRENTCONTROLSET\SERVICES\RASMAN\PPP\IPCP. Set the PriorityBasedOnSubNetwork parameter to 1 so you have PriorityBasedOnSubNetwork:REG_DWORD:0x1. Exit the Registry Editor to automatically save your changes.
Test Your Client Setup
Next, dial your ISP, and test your script (in the SWITCH.INF file) and connection. If you are successful in connecting with your ISP, configure your workstations as LAN-based Internet clients instead of PPP-based Internet clients.
Select Dial from the Remote Access dialog to bring up the Authentication box. Select OK without entering any data. If your modem sound is on, you'll hear a dial tone and sounds of your server's modem connecting to the ISP's modem.
Your screen will explain that the modem is postconnecting, verifying login ID and password, and registering your computer on the network. Once the ISP's system verifies your login ID and password, RAS will minimize to an icon.
All You Need
These steps are all you need to configure your NT server as a RAS client router. Remember, the LAN clients must set their Default Gateway to the IP address of the RAS client's NIC. So you must add the IP address you assigned to the RAS client connection in your NT server to the Default Gateway configuration of each workstation connected to that server. Administrators can purchase the Windows NT Resource Kit (3.51) and install an NT domain planner utility that comes with that unit.