When you run the RRAS Setup Wizard, the wizard prompts you to choose the configuration path that most closely resembles the remote access solution that you want to deploy. If none of the wizard configuration paths meets your needs exactly, you can choose the Custom configuration option. However, if you choose this option, you must manually configure all elements of RRAS. The most common remote access solutions include virtual private network (VPN) connections, dial-up connections, and secure connections between two private networks.

Remote access

Remote access (VPN)

When remote access is enabled, RRAS allows inbound network traffic from VPN clients from across the Internet or from modems connected to the telephone system. The inbound traffic is routed to the private network. You can separately configure which VPN types are supported, how users are authenticated and authorized to access the remote access server, and what IP configuration the remote computer receives when it connects.

Network address translation

Network address translation (NAT)

When network address translation (NAT) is enabled, RRAS allows outbound network traffic from computers on the private network. It shares the Internet connection and its single public IP address with computers on the private network by translating between the public address and the IP addresses and ports used on the private network.


Art Image

In this scenario, RRAS provides NAT for the private network and accepts VPN connections from remote clients.

Secure connection between two private networks

Secure connection between two private networks

An RRAS server on the perimeter of one private network can connect to a remote server through a VPN tunnel. Computers connected to the private networks behind the two servers can exchange data securely across the Internet. The connection between the two servers can be persistent (always on) or on-demand (demand-dial).

Additional references