This is a guide to setting up Windows Server 2012 R2 routing/NAT functionality.

This feature is a part of “Remote Access” and allows for connecting 2 networks together, allowing a Windows machine with at least 2 NICs on 2 separate networks to handle the routing between them. To install this feature complete the steps below.

The RRAS configuration portion of this guide may be used for Windows Server versions from 2003 to 2012 R2 as that portion of setup has not changed much since its first implementation.


  • Windows 2012 R2
  • 2 Physical or virtual NICs
  • Static IP’s on each NIC, 1 on each separate network

To start, from Server Manager click Manage > Add Roles and Features.

On the Before You Begin page, click Next.

Select Role-based or feature-based installation and click Next.

On Server Selection select the server you want to install the feature on and click Next.

In the list of Server Roles, select Remote Access and click Next.

On the Features page click Next.

Click Next on Remote Access.

On Role Services click the Routing checkbox. Click Add Features on the pop-up dialogue.

Machine generated alternative text:Add Roles and Features Wizard Select role services DESTINATION SERVER WIN-8NJv.'PJæ6R6 Description Routing provides support for NAT Routers, LAN Routers running BGP, RIP, and multicast capable routers ('GMP Proxy). Before You Begin Installation Type Server Selection Server Roles Features Remote Access Role Services Select the n31e services to install for Remote Access Role services DirectAccess and VPN (RAS) Routin Web Application Proxy Previous Cancel Next Install

Click Next.

Click Next on the Web Server Role (IIS) page.

On this Role Services page, leave the defaults and click Next.

Finally on the Confirmation screen click Install.

The Feature has now been added to Windows. A reboot is not necessary for this process so we will now proceed to the next part of the configuration.

From Administrative Tools look for Routing and Remote Access. Open the console and you will see a red down arrow over the server name.

Right-Click the server name and click Configure and Enable Routing and Remote Access.

Machine generated alternative text:File Action View Help Routing and Remote Access Server Status Routing and Remote Access mote Access secure remote access to private networks. nfigure the following rivate networks. ewe y. Configure and Enable Routing and Remote Access Disable Routing and Remote Access All Tasks Delete Refresh Properties Help To add a Routing and Remote Access server, on the Action menu, c Ck Add Se

The Routing and Remote Access Server Setup Wizard appears.

Click Next.

On the Configuration screen select Network Address Translation (NAT).

Machine generated alternative text:Routi Corin_zäion and Remote Access Server Setu Wizard You can enable any of the following combinations of services. or you can customize this server Remote access or VPN) Alow remote clients to connect to this server through either a connection or a secure virtual private network (VPN) Intemet connection Network address translation (NAT) Alow intemal clients to connect to the Internet using one public IP address V"tual private network (VPN) access and NAT Alow remote clients to connect to this server through the Internet and local clients to connect to the Intemet using a single public IP address Secure connection between tvw private networks Connect this network to a remote network. such as a branch office Custom configuration Select any combination of the features available in Routing and Remote Access Back

Click Next.

Note: If desired you may select VPN & NAT if you wish to setup VPN functionality on the system as well.

Here you will select your network interface that is connected to the external network or internet.

Machine generated alternative text:uting a Remote NAT Serv r tup Wiza You can select an existing interface or create a new demanddial interface for client computers to connect to the Intemet use this public interface to connect to the Internet IP Address Network Interfaces Name Intemet Desch ion Microsoft Hyper-V Net Microsoft Hyper-V Net Create a new demanddial interface to the Intemet A demandZiaI interface is activated when a client uses the Internet Select this option this server connects Nth a modem or by using the Pointko-Point Protocol over Ethemet The Demand-Dial Interface Wizard Will start at the end of this Wizard Back

Click Next.

Next you will need to select to have RRAS provide DHCP and DNS forwarding or otherwise select that you will set up DHCP and DNS on your network later, if desired.

In our configuration we will choose the second option as under most circumstances you will set up DNS and DHCP separately from RRAS.

Machine generated alternative text:Routi and Remote Access Server Setu TrMWI*ion %-vices You can enable basic name and address services Wizard Windows didnt detect name and address services (DNS and DHCP) on this network How do you want to obtain these services? Enable basic name and address services Routing and Remote Access assigns addresses automatically and forwards name resolution requests to a DNS server on the Intemet I will set up name and address services later Choose this option f you have set up the Active Directory on your network. or f you have DHCP or DNS servers in your network Back

Click Next.

Click Finish.

Windows is now configured as a router to with a private network and an external network connected.

Machine generated alternative text:File Action View Help Routing and Remote Access Server Status W N-8NJVPJD8ERE (local) Network Interfaces General Interface Loopback LAN Type Loopback Dedicated Dedicated Internal IP Address Not available Incoming bytes 120255 Outgoing bytes 61,610 Static Filters Disabled Disabled Disabled Disabled Remote Access Logging Internet Internal General Static Routes IGMp NAT IPVE General Static Routes

Then you can click the IPv4>Static Routes. right click on the right pane, and choose “Show IP routing table…”. From the window popping up, you can double check if the routing functionality on the track.

Possible Issue:

1.  If the interface connected to the public network is assigned IP address by NAT, you may need to create a reservation on the DHCP server, and assign the reserved IP address to this interface.

2. If you believe every step above is correct and the client can not connect to the public network, from the client computer open cmd window, type ipconfig /all. See if the first default gateway is if so, check here for solution.