Remote Access

Applies To: Windows Server (Semi-Annual Channel), Windows Server 2016, Windows Server 2012 R2, Windows 10

The Remote Access guide provides you with an overview of the Remote Access server role in Windows Server 2016, and covers the following subjects:

For more information about other networking technologies, see Networking in Windows Server 2016.

The Remote Access server role is a logical grouping of these related network access technologies: Remote Access Service (RAS), Routing, and Web Application Proxy. These technologies are the role services of the Remote Access server role. When you install the Remote Access server role with the Add Roles and Features Wizard or Windows PowerShell, you can install one or more of these three role services.

Do not attempt to deploy Remote Access on a virtual machine (VM) in Microsoft Azure. Using Remote Access in Microsoft Azure is not supported. You cannot use Remote Access in an Azure VM to deploy VPN, DirectAccess, or any other Remote Access feature in Windows Server 2016 or earlier versions of Windows Server. For more information, see Microsoft server software support for Microsoft Azure virtual machines.

Remote Access Service (RAS) — RAS Gateway

When you install the DirectAccess and VPN (RAS) role service, you are deploying the Remote Access Service Gateway (RAS Gateway). You can deploy the RAS Gateway a single tenant RAS Gateway virtual private network (VPN) server, a multitenant RAS Gateway VPN server, and as a DirectAccess server.

RAS Gateway — Single Tenant. By using RAS Gateway, you can deploy VPN connections to provide end users with remote access to your organization’s network and resources. If your clients are running Windows 10, you can deploy Always On VPN, which maintains a persistent connection between clients and your organization network whenever remote computers are connected to the Internet. With RAS Gateway, you can also create a site-to-site VPN connection between two servers at different locations, such as between your primary office and a branch office, and use Network Address Translation (NAT) so that users inside the network can access external resources, such as the Internet. In addition, RAS Gateway supports Border Gateway Protocol (BGP), which provides dynamic routing services when your remote office locations also have edge gateways that support BGP.

RAS Gateway — Multitenant. You can deploy RAS Gateway as a multitenant, software-based edge gateway and router when you are using Hyper-V Network Virtualization or you have VM networks deployed with virtual Local Area Networks (VLANs). With the RAS Gateway, Cloud Service Providers (CSPs) and Enterprises can enable datacenter and cloud network traffic routing between virtual and physical networks, including the Internet. With the RAS Gateway, your tenants can use point-so-site VPN connections to access their VM network resources in the datacenter from anywhere. You can also provide tenants with site-to-site VPN connections between their remote sites and your CSP datacenter. In addition, you can configure the RAS Gateway with BGP for dynamic routing, and you can enable Network Address Translation (NAT) to provide Internet access for VMs on VM networks.

The RAS Gateway with multitenant capabilities is also available in Windows Server 2012 R2.

• Always On VPN. Always On VPN enables remote users to securely access shared resources, intranet Web sites, and applications on an internal network without connecting to a VPN.

Routing

You can use Remote Access to route network traffic between subnets on your Local Area Network. Routing provides support for Network Address Translation (NAT) routers, LAN routers running BGP, Routing Information Protocol (RIP), and multicast-capable routers using Internet Group Management Protocol (IGMP). As a full-featured router, you can deploy RAS on either a server computer or as a virtual machine (VM) on a computer that is running Hyper-V.

To install Remote Access as a LAN router, either use the Add Roles and Features Wizard in Server Manager and select the Remote Access server role and the Routing role service; or type the following command at a Windows PowerShell prompt, and then press ENTER.

Web Application Proxy

Web Application Proxy is a Remote Access role service in Windows Server 2016. Web Application Proxy provides reverse proxy functionality for web applications inside your corporate network to allow users on any device to access them from outside the corporate network. Web Application Proxy pre-authenticates access to web applications using Active Directory Federation Services (AD FS), and also functions as an AD FS proxy.

To install Remote Access as a Web Application Proxy, either use the Add Roles and Features Wizard in Server Manager and select the Remote Access server role and the Web Application Proxy role service; or type the following command at a Windows PowerShell prompt, and then press ENTER.

How to Configure Windows Server 2016 as a Router

Browse Post Topics

Introduction

This guide demos Windows Server 2016 router configuration. It walks you though how to configure Windows Server 2016 to work as a router.

A router is used to route traffic between two subnets (or networks).

Most people may know about Cisco routers. But what they may not know is that Windows Server 2016 can also be configured as a router. Yes, it can!

Lap Setup for Windows Server 2016 Router Configuration

To be able to demo this guide I setup a lab as shown below:

WinSRVSTD2016: Server 2016 with 2 network cards – one with IP 10.0.0.21, the second 172.20.10.9
Win101903D: Windows 10 client configured to receive IP addresses from a DHCP server.
RolesSRV1: DHCP Server with 10.0.0.0 scope

Before I configure the Windows Server 2016 server WinSRVSTD2016 as a router, I pinged the IP address on the second network card of the server 172.20.10.9.

Here is the result: “Transient failed: General failure”

The Windows 10 PC could not reach that IP address because it is outside its local subnet.

Steps for Windows Server 2016 Router Configuration

• Install Remote Access Role
• Configure Windows Server 2016 as a router
• Modify DHCP Scope

Here are the detailed steps

Install Remote Access Role

Windows Server 2016 router configuration requires Routing and Remote Access role.

Here are the steps to install this role in Windows Server 2016:

• Login to the server you wish to configure as a router and open Server Manager.
• From Server Manager, click Manage and select Add Roles and Features.

• When Add Roles and Features Wizard opens click Next.

• Then on the Select installation type, select Role-based or feature-based and click Next.

• Select the server to install the role. Then click Next.

• On Server roles screen, check the box beside Remote Access. Then click Next.

• When Features screen opens click Next

• Then read the information about Remote Access role and click Next.

• On Role Services screen, check the box beside Routing. Then at the add features that are requiredfor routing pop up, click Add Features.

• Note that Direct Access and VPN (RAS) is also checked. The two role services are installed together. Click Next.

• At the Web Server Role (IIS) screen, read the information and click Next.

• Review the role services selected and click Next.

• Finally, at the Confirmation screen, click Install.

• When Remote Access role installation is completed, click Close.

Windows Server 2016 Router Configuration

After installing the role, the final step is to complete Windows Server 2016 Router Configuration.

Here are the steps:

• Still from Server Manager, click Tools. Then select Routing and Remote Access.

• When Routing and Remote Access opens, right-click the server. Then select Configure and EnableRouting and Remote Access.

• On the first page of the setup wizard, click Next.

• Then on the Configuration page, select Custom configuration and click Next.

• On the Custom configuration page select LAN routing and click Next.

• On the summary page, click Finish. If you receive the prompt in the second image below, click OK.

• Finally, to start the service, click Start service. Then wait. When the service starts, the server will turn green.

• Once the service starts, expand the server. Then expand IPv4 and click the General node. The network cards on the server are now acting as routers.

The network interfaces on the server are configured to route packets.

Add the New Router IP as Default Gateway in Your DHCP Scope

Though you have completed Windows Server 2016 router configuration, you will need to add the IP address of the server as Default gateway for your clients.

You can do this in one of 2 ways:

1. Add the default gateway manually to the TCP/IPv4 of your computers
2. Modify the DHCP scope to add 003 Router Option

This last part of this guide demos how to add Option 003 Router to the DHCP server. This adds the IP address of the router (Server 2016 you just configured) as the default gateway.

Here are the steps:

• Open DHCP Configuration tool. Expand your DHCP server. Then expand IPv4. Finally, expand the scope.

• Beneath the scope, right-click Scope Options and select Configure Options…

• Beneath Available Options, locate 003 Router. Then check the box beside it. Data entry will then be displayed. Beneath IP address, enter the IP address of the server you configured as a router then click Add.

• The IP address will now appear in the list. To save the changes, click Apply, then click OK.

• The option is now listed in the scope

When computers configured to receive IP address from the DHCP scope are rebooted, they will pick up the new configuration.

However, if you wish to force a computer to receive the new configuration, open command prompt from the client computer, type the command below and press enter.

It will pick up the servers IP as its default gateway.

For my own test, when I now ping the IP address on the other network of the server, 172.20.10.9, it replied!

Conclusion

It is that easy to configure Windows Server 2016 as a router!

If you have any question or want to comment on this guide, use the “Leave a Reply” form at the end of this page.

If you want to read more Windows Server guides visit our Windows Server How Tos page.

To read more about routers and how they work, click this Wikipedia link – Router (Computer).