Home and small office networking compared to Routing and Remote Access
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
Home and small office networking compared to Routing and Remote Access
Home and small office networking and the Routing and Remote Access service are both included in Microsoft® Windows® XP and the Windows Server 2003 family to provide the following networking capabilities:
Network address translation (NAT)
Packet filtering
Dial-up access
Virtual private network (VPN) access
Automated IP addressing for network clients
Name resolution
Internet connections
Because home and small office networking features and Routing and Remote Access share common drivers, they cannot coexist, and you need to decide which to implement in order to meet the needs of your networking environment.
Home and small office networking
You can use home and small office networking features--Internet Connection Firewall (ICF), Windows Firewall, Network Bridge, and Internet Connection Sharing (ICS)--to simplify the configuration of your home or small office network. These features are intended for networks that consist of two to 10 computers when you want to:
Protect computers that are connected to the Internet using an easily configured firewall. For more information, see Internet Connection Firewall.
Connect LAN segments simply, by using the Bridge Connections menu command. For more information, see Network Bridge.
Provide simultaneous Internet access for up to 10 computers using a single dial-up or high-speed Internet connection. For more information, see Connecting to the Internet in a home or small office network.
Support up to 10 simultaneous dial-up or VPN connections to provide remote computers with access to network resources. For more information, see Incoming connections.
Routing and Remote Access
You can use Routing and Remote Access in combination with Internet Security and Acceleration (ISA) server to meet the needs of your small business with high security needs, your medium-sized private business, or your enterprise network that spans multiple subnets and supports up to 1,000 computers running Windows Server 2003, Standard Edition or up to 5,000 computers running Windows Server 2003, Enterprise Edition. Internet connectivity for branch offices is routed through the corporate routing and firewall infrastructure. Use Routing and Remote Access when you want to:
Provide local and branch office computers with high-security Internet access.
Connect branch offices with corporate intranets, and share resources as if all computers are connected to the same LAN.
Protect network interfaces with static packet filters or dynamic packet filters.
Support up to 1,000 simultaneous dial-up or VPN connections to provide remote computers with access to corporate network resources.
Comparisons
The following table summarizes the differences between the way that home and small office networking features (and incoming connections) and Routing and Remote Access (with ISA server) implement basic networking services.
| Service | Description | Home and small office networking features (and incoming connections) | Routing and Remote Access (with ISA server) |
|---|---|---|---|
NAT |
Hides internally managed IP addresses from external networks by translating private internal addresses to public external addresses. This reduces IP address registration costs by letting you use unregistered IP addresses internally, with translation to a small number of registered IP addresses externally. It also hides the internal network structure, reducing the risk of attacks against internal systems. |
ICS |
Routing and Remote Access NAT |
Dynamic packet filtering |
Provides protection from unsolicited traffic for the private network. Permits only traffic that is sent in response to an internal request. |
ICF, Windows Firewall |
Basic Firewall |
VPN and dial-up access |
Allows clients on a remote computer to connect to a private network and to access network resources as if the computer was physically attached to the network. |
Incoming connections |
Routing and Remote Access |
Address assignment |
Automates the assignment of client IP addresses on the private network in order to configure clients to allow client-access to network resources. |
ICS DHCP allocator |
Routing and Remote Access NAT, with a DHCP allocator or a DHCP server |
DNS name resolution |
Converts the names of computers and other network devices, such as printers, to IP addresses. |
ICS DNS Proxy |
NAT, with a DNS proxy or a DNS server |
Internet connections |
Provides a high-speed or dial-up connection for the computer that is connected to the Internet to use to publish its services to the private network. |
Configured through Network Connections |
Configured through Routing and Remote Access |
The following table summarizes which components, features, and connection types are best suited to provide networking services in a given networking scenario.
| Service | Scenario: Small office, non-domain network | Scenario:Small office, domain network | Scenario: Medium office network with NAT traversal | Scenario: Medium office network without NAT traversal | Scenario: Enterprise network | Scenario: Branch office network |
|---|---|---|---|---|---|---|
NAT |
ICS |
ICS |
Routing and Remote Access |
Routing and Remote Access |
Routing and Remote Access |
Routing and Remote Access with ISA (on the corporate network) |
Packet filtering |
ICF, Windows Firewall |
ICF, Windows Firewall |
Basic Firewall or ISA |
Basic Firewall or ISA |
ISA |
ISA (on the corporate network) |
VPN/remote access |
Incoming connections |
Incoming connections |
Routing and Remote Access |
Routing and Remote Access |
Routing and Remote Access |
Routing and Remote Access with ISA (on the corporate network) |
Address assignment |
ICS DHCP allocator |
DHCP server |
DHCP server |
DHCP server |
DHCP server |
DHCP server |
Internet connection |
Dial-up, ISDN, broadband, DSL, or LAN |
Dial-up, ISDN, broadband, DSL, or LAN (with ISA) |
Any combination of T1 or T3, dial-up, ISDN, broadband, DSL, and LAN |
Any combination of dial on demand (DoD) routing, T1 or T3, dial-up, ISDN, broadband, DSL, or LAN |
Any combination of dial on demand (DoD) routing, T1 or T3, dial-up, ISDN, broadband, DSL, or LAN |
Any combination of dial on demand (DoD) routing, T1 or T3, dial-up, ISDN, broadband, DSL, or LAN |
NAT traversal |
Not available |
Not available |
ISA |
Does not apply |
ISA |
ISA (on the corporate network) |
DNS |
DNS proxy |
DNS server |
DNS server |
DNS server |
DNS server |
DNS server |
Notes
In the case of ICS with a DNS or DHCP server, ICS discovers the DHCP service or DNS service and, if present, disables the DNS proxy, DHCP allocator, or both.
Because ICS, ICF, and Windows Firewall are not compatible with Routing and Remote Access, you cannot enable ICS or ICF if Routing and Remote Access is configured. Likewise, if ICS or ICF are enabled, they must first be disabled in order to configure Routing and Remote Access.
Windows Firewall is not included in the original release of the Windows Server 2003 operating systems.
Internet Connection Firewall is included only in the original releases of Windows Server 2003, Standard Edition, and Windows Server 2003, Enterprise Edition.
Internet Connection Sharing and Network Bridge are not included in Windows Server 2003, Web Edition; Windows Server 2003, Datacenter Edition; and the Itanium-based versions of the original release of the Windows Server 2003 operating systems.