Home and small office networking compared to Routing and Remote Access

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Home and small office networking compared to Routing and Remote Access

Home and small office networking and the Routing and Remote Access service are both included in Microsoft® Windows® XP and the Windows Server 2003 family to provide the following networking capabilities:

  • Network address translation (NAT)

  • Packet filtering

  • Dial-up access

  • Virtual private network (VPN) access

  • Automated IP addressing for network clients

  • Name resolution

  • Internet connections

Because home and small office networking features and Routing and Remote Access share common drivers, they cannot coexist, and you need to decide which to implement in order to meet the needs of your networking environment.

Home and small office networking

You can use home and small office networking features--Internet Connection Firewall (ICF), Windows Firewall, Network Bridge, and Internet Connection Sharing (ICS)--to simplify the configuration of your home or small office network. These features are intended for networks that consist of two to 10 computers when you want to:

  • Protect computers that are connected to the Internet using an easily configured firewall. For more information, see Internet Connection Firewall.

  • Connect LAN segments simply, by using the Bridge Connections menu command. For more information, see Network Bridge.

  • Provide simultaneous Internet access for up to 10 computers using a single dial-up or high-speed Internet connection. For more information, see Connecting to the Internet in a home or small office network.

  • Support up to 10 simultaneous dial-up or VPN connections to provide remote computers with access to network resources. For more information, see Incoming connections.

Routing and Remote Access

You can use Routing and Remote Access in combination with Internet Security and Acceleration (ISA) server to meet the needs of your small business with high security needs, your medium-sized private business, or your enterprise network that spans multiple subnets and supports up to 1,000 computers running Windows Server 2003, Standard Edition or up to 5,000 computers running Windows Server 2003, Enterprise Edition. Internet connectivity for branch offices is routed through the corporate routing and firewall infrastructure. Use Routing and Remote Access when you want to:

  • Provide local and branch office computers with high-security Internet access.

  • Connect branch offices with corporate intranets, and share resources as if all computers are connected to the same LAN.

  • Protect network interfaces with static packet filters or dynamic packet filters.

  • Support up to 1,000 simultaneous dial-up or VPN connections to provide remote computers with access to corporate network resources.

Comparisons

The following table summarizes the differences between the way that home and small office networking features (and incoming connections) and Routing and Remote Access (with ISA server) implement basic networking services.

Service Description Home and small office networking features (and incoming connections) Routing and Remote Access (with ISA server)

NAT

Hides internally managed IP addresses from external networks by translating private internal addresses to public external addresses. This reduces IP address registration costs by letting you use unregistered IP addresses internally, with translation to a small number of registered IP addresses externally. It also hides the internal network structure, reducing the risk of attacks against internal systems.

ICS

Routing and Remote Access NAT

Dynamic packet filtering

Provides protection from unsolicited traffic for the private network. Permits only traffic that is sent in response to an internal request.

ICF, Windows Firewall

Basic Firewall

VPN and dial-up access

Allows clients on a remote computer to connect to a private network and to access network resources as if the computer was physically attached to the network.

Incoming connections

Routing and Remote Access

Address assignment

Automates the assignment of client IP addresses on the private network in order to configure clients to allow client-access to network resources.

ICS DHCP allocator

Routing and Remote Access NAT, with a DHCP allocator or a DHCP server

DNS name resolution

Converts the names of computers and other network devices, such as printers, to IP addresses.

ICS DNS Proxy

NAT, with a DNS proxy or a DNS server

Internet connections

Provides a high-speed or dial-up connection for the computer that is connected to the Internet to use to publish its services to the private network.

Configured through Network Connections

Configured through Routing and Remote Access

The following table summarizes which components, features, and connection types are best suited to provide networking services in a given networking scenario.

Service Scenario: Small office, non-domain network Scenario:Small office, domain network Scenario: Medium office network with NAT traversal Scenario: Medium office network without NAT traversal Scenario: Enterprise network Scenario: Branch office network

NAT

ICS

ICS

Routing and Remote Access

Routing and Remote Access

Routing and Remote Access

Routing and Remote Access with ISA (on the corporate network)

Packet filtering

ICF, Windows Firewall

ICF, Windows Firewall

Basic Firewall or ISA

Basic Firewall or ISA

ISA

ISA (on the corporate network)

VPN/remote access

Incoming connections

Incoming connections

Routing and Remote Access

Routing and Remote Access

Routing and Remote Access

Routing and Remote Access with ISA (on the corporate network)

Address assignment

ICS DHCP allocator

DHCP server

DHCP server

DHCP server

DHCP server

DHCP server

Internet connection

Dial-up, ISDN, broadband, DSL, or LAN

Dial-up, ISDN, broadband, DSL, or LAN (with ISA)

Any combination of T1 or T3, dial-up, ISDN, broadband, DSL, and LAN

Any combination of dial on demand (DoD) routing, T1 or T3, dial-up, ISDN, broadband, DSL, or LAN

Any combination of dial on demand (DoD) routing, T1 or T3, dial-up, ISDN, broadband, DSL, or LAN

Any combination of dial on demand (DoD) routing, T1 or T3, dial-up, ISDN, broadband, DSL, or LAN

NAT traversal

Not available

Not available

ISA

Does not apply

ISA

ISA (on the corporate network)

DNS

DNS proxy

DNS server

DNS server

DNS server

DNS server

DNS server

Notes

  • In the case of ICS with a DNS or DHCP server, ICS discovers the DHCP service or DNS service and, if present, disables the DNS proxy, DHCP allocator, or both.

  • Because ICS, ICF, and Windows Firewall are not compatible with Routing and Remote Access, you cannot enable ICS or ICF if Routing and Remote Access is configured. Likewise, if ICS or ICF are enabled, they must first be disabled in order to configure Routing and Remote Access.

  • Windows Firewall is not included in the original release of the Windows Server 2003 operating systems.

  • Internet Connection Firewall is included only in the original releases of Windows Server 2003, Standard Edition, and Windows Server 2003, Enterprise Edition.

  • Internet Connection Sharing and Network Bridge are not included in Windows Server 2003, Web Edition; Windows Server 2003, Datacenter Edition; and the Itanium-based versions of the original release of the Windows Server 2003 operating systems.