Network Address Translation (NAT) Quick Start Guide

One topic that seems to cause users a great deal of anguish is the configuration of Network Address Translation (NAT) for the purpose of providing shared Internet access on private network. This guide is meant as a quick reference for those who need to implement NAT on networks, especially small networks that include Active Directory.

For all intents and purposes, the most simple way to provide your internal network with shared access of a broadband (or for that matter dial-up or ISDN) Internet connection is the Internet Connection Sharing (ICS) feature of Windows 2000. However, ICS also imposes a number of limitations that make it a poor choice for environments that include Active Directory. For example, when the external connection (the one to which a public IP address is assigned) is shared, it will automatically give the internal adapter an IP address of On top of this, ICS automatically configures itself as a mini-DHCP server, allocating addresses to internal clients in the range. Finally, ICS also works as a DNS proxy, expecting that your clients will use the ICS system as the destination for all DNS-related queries to the public Internet.

While this may work fine for small LANs, ICS makes life complicated on networks that already have an IP addressing structure in place (either through the use of static addresses or a via a separate DHCP server), as well as those running Active Directory (and by extension, DNS). In cases where you don’t want to undo your current IP addressing, and want a more robust Internet sharing solution, Windows 2000 NAT is the answer.

In this quick guide, I assume that the server on which you want to configure NAT is running Windows 2000 Server at a minimum, and has two network cards installed – one connected to your external network (using a DSL or cable connection, for example), and one connected to your internal LAN. NAT can also work with dial-on-demand modem or ISDN connections, but that’s another topic, for another time.

Author: Dan DiNicolo

Dan DiNicolo is a freelance author, consultant, trainer, and the managing editor of He is the author of the CCNA Study Guide found on this site, as well as many books including the PC Magazine titles Windows XP Security Solutions and Windows Vista Security Solutions. Click here to contact Dan.