JSI Tip 7762. Your RAS clients have no internet connectivity when the RAS server is also a NAT server?

If your RRAS (Routing and Remote Access Service) server is both a RAS (Remote Access Services) server for VPN, or dial-in clients, and a NAT (Network Address Translation) server for your LAN, your LAN clients can access the Internet, but your RAS clients cannot.

If the incoming RAS connections are using a private IP address range, these addresses are NOT routable on the Internet.

You can workaround this behavior by using one RRAS server for NAT and a different RRAS server for your RAS clients.

If you cannot install a separate server:

1. Close the Routing and Remote Access Services management console, if it is open.

2. Open a CMD.EXE prompt.

3. Type netsh routing ip nat add interface internal private and press Enter.

The above command makes the Internal interface a private NAT interface, causing incoming RAS connections to be treated as private interfaces, and routed by your NAT server.

NOTE: If you receive internal interface already owned by the protocol, the Internal interface is already owned by NAT, and you have a different problem.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.