UEU-co logo

ch22lev1sec1.html


Previous Page Next Page

Hour 22. Using Network Address Translation and Certificate Services

What You’ll Learn in This Hour:

Hour 17, “Remote Access and Virtual Private Networking,” took a look at some of the features provided by the Routing and Remote Access Service, and then Hour 18, “Implementing Network Routing”, continued this discussion in relation to routing. This hour looks at how you can use Network Address Translation (NAT) to “hide” a group of computers behind one public IP address. This enables a small network or branch office to take advantage of one Internet connection provided by a server running Windows Server 2008.

Another important issue related to networking with Windows Server 2008 is security. As discussed briefly in Hour 21, “Working with the Windows Firewall and IPSec,” protecting data on your network is extremely important, particularly when data exchange occurs between private and public networks. The public key infrastructure embraced by Windows Server 2008 provides a method of authenticating users involved in data transactions. One aspect of creating an environment in which the identity of users involved in transactions is known is using the digital certificate. This hour looks at how you install and use the Windows Server 2008 Active Directory Certificate Services.

Using Network Address Translation

Network Address Translation (enables you to hide a group of computers (such as a network) behind one IP address. In the good old days of computing, which weren’t that good and certainly weren’t that long ago, this was known as IP masquerading. Basically, your network sits behind the NAT server, meaning that you need only one “legal,” or public, IP address for the server running the NAT software. The IP addressing scheme that you use on the computer network behind the NAT server is really up to you (although ranges of IP addresses are reserved for this purpose).

When the Internet Assigned Numbers Authority (IANA) developed the IPv4 address classes (A, B, and C), it designated a range in each class to serve as private addresses. So, a private address is an IP address taken from one of the private ranges designated by IANA.

These addresses are meant to be used, as their name suggests, on private networks. They are not to be used as legitimate IP addresses for connecting to the Internet. These private addresses provide a means of assigning unique IP addresses to an internal network that then uses Network Address Translation to actually connect to the public Internet.

There are Class A, B, and C private ranges:

The great thing about using NAT is that you can use as many IP addresses as required internally. For example, you can treat your internal network as if it were a Class A or a Class B network, which provides a huge number of addresses. Remember, NAT requires only one “official” IP address for the NAT server that sits between your network and the Internet.

A server with multiple network interfaces (such as the router configuration discussed in this hour) can sit between your private network and a public network and, using RRAS and NAT, provide a connection between the two networks. This enables you to take advantage of a single broadband or DSL connection when you want to connect a small office to the Internet.

Before configuring NAT as part of RRAS, configure one of the LAN interfaces with the IP address provided by your Internet service provider (or connect the interface to the broadband or DSL devices that connect to your ISP so that the device can receive the public address via DHCP from your provider).

Configure the other LAN interface with a fixed IP address from one of the IPv4 private ranges (a Class A, B, or C private range address). You can then set up NAT to provide private IP addresses using NAT’s DHCP allocator (discussed shortly).

Previous Page Next Page

Leave a Reply


Time limit is exhausted. Please reload the CAPTCHA.

Categories

apply_now Pepperstone Group Limited