Easy Access to the Internet

A guide for Windows NT 3.51 Server

As the Internet becomes increasingly important in business computing, youneed to find efficient ways to give users Internet access. Now Windows NT 3.51Server can provide easy Internet access, serving as an Internet router for anentire LAN. The NT server will need to support a Point-to-Point Protocol (PPP)connection to your Internet Service Provider (ISP).

The following step-by-step guide walks you through TCP/IP and Remote AccessService (RAS) installation, configuration, and testing. This approach is one oftwo ways to use NT as a network router. This is a simple solution for routingtraffic between a small LAN and the Internet, where Internet activity is light.A more elegant, more comprehensive--and more complex--solution works withMicrosoft's MultiProtocol Routing (MPR) software. By implementing MPR, as MarkMinasi explains in "Unlock Your Gateway to the Internet" (WindowsNT Magazine, June 1996), you can route TCP/IP and Internet PacketeXchange (IPX) traffic between two networks of any type. For example, you canuse MPR to connect an Ethernet-based IPX network to a Token Ring-based IPXnetwork, or to enable Dynamic Host Configuration Protocol (DHCP) resolutionbetween two TCP/IP LANs.

Configuration Information
Before you install and configure RAS and TCP/IP on an NT 3.51 server, youhave to ask your ISP for

Installation
Insert the NT Server Installation CD-ROM into your server's CD-ROM drive andlog in as Administrator. Access the Network Settings dialog by selecting theNetwork option in the Control Panel. Follow the on-screen instructions toinstall RAS using the Add Software selection.

Configuration
After you install RAS, configure and enable the communications settings onyour server. Follow these steps before attempting to connect to your ISP.

Step 1--Modem and COM Settings: To configure the correct modem andCOM port settings, you have to identify the COM port the first time you installRAS. Remote Access Setup then tries to automatically detect the modem at thatport.

Select the correct COM port for your modem in the Add Port dialog, andselect OK so Setup can autodetect your modem. If your modem is on the HardwareCompatibility List (HCL) and at the port you specified, a confirmation screenappears (select OK). Setup leaves you in the Configure Port dialog. Choose DialOut Only and select OK.

If Setup doesn't detect your server's modem, scroll through the HCL in theConfigure Port dialog to locate your modem type. If you find your modem type onthe list, highlight it and select Dial Out Only on Port Usage.Otherwise, select the Hayes-compatible modem option that best matches yourmodem's speed (this option might not work if the server's modem type isn'tlisted on the HCL), and select Dial Out Only on Port Usage. Select OK.

Step 2--Network Protocols: This step specifies the appropriatenetwork protocols for your server. Under the Remote Access Setup dialog, selectNetwork to open the Network Configuration dialog. Unmark all network protocolsexcept TCP/IP and any others your server uses, and select OK. Select Continue toexit the Remote Access Setup dialog. Setup creates a new program group, RemoteAccess Service (common).

Select OK when you see the RAS pop-up window and again when you see theNetwork Settings dialog. Setup performs some bindings and will display a warningif you didn't select the NetBEUI protocol. Setup then invokes the TCP/IP setupprogram.

Step 3--TCP/IP: In the TCP/IP setup program, enter your server'sunique IP and subnet address. This address is bound to the NIC in the server,not to RAS, and must be on the same logical subnet as the LAN clients. NOTE:Leave the Default Gateway field blank (for an explanation, see Mark Minasi'sarticle "NT Workstations Using an IP Router--Get Rid of Those DefaultGateways," Windows NT Magazine, May 1996).

Select DNS to open the DNS Configuration dialog. Enter your ISP's Host Nameand Domain Name. If you requested and registered your own Domain Name, enter itinstead (confirm this entry with your ISP).

Select OK. You will return to the TCP/IP Configuration dialog.

Restart your computer when Setup prompts you, and log on as Administrator.After you configure your modem and port settings, configure RAS setup to dialout to your ISP.

Step 4--RAS Script File: RAS installs a script file, SWITCH.INF,into the WINNT35SYSTEM32RAS subdirectory. Locate this file on your server,and make a backup (e.g., copy SWITCH.INF to SWITCH.OLD). Read the SWITCH.INFfile, which includes three sample scripts. Brackets delimit each script.

You'll need to modify the SCRIPT.INF file to handle your ISP logon process.Enter the exact sequence or string of characters that your ISP sends to theserver's modem at login. This string of characters must exactly match the ISP'slogon sequence.

Although you can manually enter your login ID and password each time youdial your ISP, doing so prevents your server from automatically re-establishinga lost connection with your ISP. Instead, you can provide your login ID andpassword, as in the following sample script. (Note that the script omits thefirst character of the login and password prompts because the first characterdoesn't always transmit clearly.)

[Type in the Name of Your Script Here]

COMMAND=

OK="ogin:"

LOOP=

COMMAND=

OK="assword:"

LOOP=

COMMAND=

OK=

Replace the example script's and withyour information. Be aware that if you hard code your login ID and password intoyour SWITCH.INF file, anyone accessing your server can access your ISP loginaccount. To protect this information, make sure your server is in a secure areaand limit who can access it.

Save your changes to the SWITCH.INF file. The server reads this file whenRAS starts, so you have to restart the RAS client for it to recognize yourchanges.

Step 5--RAS Phone Book: Next you create an entry in your RAS phonebook to record your ISP's dialing and security information. Select the RemoteAccess icon in the RAS program group. RAS displays the message, "The phonebook is empty. Press OK to add an entry." Select OK.

Enter your dialing information, including the Entry Name (your ISP's name),the Phone Number (the number you dial to log on), and a Description. If youusually dial 9 to get an outside line, don't forget to add 9 at the beginning ofthe phone number (e.g., 9,5551212). If your phone has call waiting, turn it offby entering *70 (e.g., *70,5551212).

Because you're using a script to log on to your ISP, unmark the AuthenticateUsing Current User Name and Password option. Otherwise, RAS will try to logon with the name "Administrator" instead of your ISP login ID.

Select Security at the bottom of the screen. If you don't see it, selectAdvanced to display Security. Under Security Settings, mark the radio selectionfor Accept Any Authentication, Including Clear Text.

Locate the Before Dialing and After Dialing options in the area marked "Terminalor Script" at the bottom of the Security Settings dialog. Select the arrowbeside the After Dialing option to view available script files. Select thescript you created earlier in the SWITCH.INF file, and select OK to return tothe Edit Phone Book Entry dialog.

Select Network to open the Network Protocol Settings dialog. Select TCP/IPSettings next to the TCP/IP option. Ask your ISP to confirm the settings on thisscreen.

Note the two options at the top of the screen: Server assigned IPaddress and Require specific IP address. Users type this addressinto a Web browser to locate your Web server if you have one installed. Forexample, if your Web server's IP address is 205.198.215.12, you typehttp://205.198.215.12 in your Web browser to locate your server. If you have aregistered Domain Name, you enter it instead of the IP address.

If you choose Server assigned IP address, your ISP will assign adynamically allocated address that can change each time your NT 3.51 serverdials your ISP. This option isn't desirable because users can't easily locate oraddress your server.

If you choose Require specific IP address, you must enter yourserver's unique IP address (a static address). Getting a registered Domain Nameis the best option. At the very least, you can get a unique IP address for yourserver so users can create a Bookmark (as Netscape calls it) in their Webbrowsers for your server.

Ask your ISP to verify all information in the PPP TCP/IP Settings dialog,and select OK to return to the Network Protocol Settings dialog. Select OK toreturn to the Edit Phone Book Entry dialog, and select OK again to return to theRemote Access dialog.

Editing the Registry
Once you finish installing and configuring RAS and TCP/IP, you can edit yourNT server's Registry so it can recognize itself as a router. Depending on howyour ISP assigns your IP address, you have to change the server's Registry.

Choose Run from the File menu in the Program Manager. Type REGEDT32.EXE andselect OK to run the Registry Editor. Select HKEY_LOCAL_MACHINE and navigatethrough the directory levels until you findSYSTEMCURRENTCONTROLSETSERVICESRASARPPARAMETERS.

Set the DisableOtherSrcPackets parameter to 0 as follows:DisableOtherSrcPackets:REG_DWORD:0. If this value doesn't appear on the rightside of your screen, you have to add it under Parameters. While in RegistryEditor, choose Edit from the pulldown menu and select Add Value. You need tospecify the Value Name (DisableOtherSrcPackets) and the Data Type (REG_DWORD) inthe Add Value dialog. Select OK to open the DWORD Editor dialog. Specify Data as"0" and Radix as Hex, and select OK.

Select HKEY_LOCAL_MACHINE and navigate through the directory levels untilyou find SYSTEMCURRENTCONTROLSETSERVICESTCPIPPARAMETERS. Set theIPEnableRouter parameter to 1 so you have IPEnableRouter:REG_DWORD:0x1.

Make the following Registry entry only if the addresses for your RASconnection and LAN network adapter have the same network number (but differentsubnetworks) and if you've marked the Use Default Gateway On Remote Networkbox. For a complete explanation of this topic, see Microsoft's Knowledge Base(http://www.microsoft.com/kb/) for Article-ID: Q121877 and your Windows NTResource Kit (3.51), Volume 2, page 420. If you're not sure about thesesettings, try your setup without this change. If your setup doesn't work, tryadding this entry.

Select HKEY_LOCAL_MACHINE, and navigate through the directory levels untilyou find SYSTEMCURRENTCONTROLSETSERVICESRASMANPPPIPCP. Set thePriorityBasedOnSubNetwork parameter to 1 so you havePriorityBasedOnSubNetwork:REG_DWORD:0x1. Exit the Registry Editor toautomatically save your changes.

Test Your Client Setup
Next, dial your ISP, and test your script (in the SWITCH.INF file) andconnection. If you are successful in connecting with your ISP, configure yourworkstations as LAN-based Internet clients instead of PPP-based Internetclients.

Select Dial from the Remote Access dialog to bring up the Authenticationbox. Select OK without entering any data. If your modem sound is on, you'll heara dial tone and sounds of your server's modem connecting to the ISP's modem.

Your screen will explain that the modem is postconnecting, verifying loginID and password, and registering your computer on the network. Once the ISP'ssystem verifies your login ID and password, RAS will minimize to an icon.

All You Need
These steps are all you need to configure your NT server as a RAS clientrouter. Remember, the LAN clients must set their Default Gateway to the IPaddress of the RAS client's NIC. So you must add the IP address you assigned tothe RAS client connection in your NT server to the Default Gateway configurationof each workstation connected to that server. Administrators can purchase theWindows NT Resource Kit (3.51) and install an NT domain planner utilitythat comes with that unit.