Security NAT in RRAS

[Andy Sheley]

I have NAT setup on a Windows 2000 server(PDC) with 2
cards so my internal network can get to the internet.
However, i can take a computer and plug into the network
and without even joining the domain, or logging on as an
account in the domain I can access the internet. Is their
a way to set security on NAT so only authenticated users
can get through to access the internet, and keep anonymous
people out? Thanks.

Andy Sheley

 

[Scott Harding - MS MVP]

Since you rae spitting out DHCP ip info internally I don't think you are
going to stop this with the built in NAT as it doesn't have authentication
of users if I remember correctly. DHCP doesn't care who it gives an ip too.
You could turn off DHCP and just jand out IP's and keep track of them but
that may be more of a headache than it's worth.

--
Scott Harding
MCSE, MCSA, A+, Network+
Microsoft MVP - Windows NT Server

scrockel@***No_SPAM***hotmail.com

 

[Steven L Umbach]

NAT can not do that. You would need something like ISA server, but even so I do not
think that a user has to logon if they are using a local machine account with domain
credentials. You would need some switches that can control access based on
certificate or mac address. How about a user policy with consequences? Accessing the
internet is the least of your worries with that kind of unauthorized access. Did you
read the stories about how innocent little Betty hooked her laptop from home to use
the internet and then infected the whole network with blaster virus?? --- Steve

 

[Marc Reynolds [MSFT]]

I would recommend that you look at ISA Server. See
www.microsoft.com/isaserver

Thanks,
Marc Reynolds
Microsoft Technical Support

This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------