If your RRAS (Routing and Remote Access Service) server is both a RAS (Remote Access Services) server for VPN, or dial-in clients, and a NAT (Network Address Translation) server for your LAN, your LAN clients can access the Internet, but your RAS clients cannot.

If the incoming RAS connections are using a private IP address range, these addresses are NOT routable on the Internet.

You can workaround this behavior by using one RRAS server for NAT and a different RRAS server for your RAS clients.

If you cannot install a separate server:

1. Close the Routing and Remote Access Services management console, if it is open.

2. Open a CMD.EXE prompt.

3. Type netsh routing ip nat add interface internal private and press Enter.

The above command makes the Internal interface a private NAT interface, causing incoming RAS connections to be treated as private interfaces, and routed by your NAT server.

NOTE: If you receive internal interface already owned by the protocol, the Internal interface is already owned by NAT, and you have a different problem.