Home and small office networking compared to Routing and Remote Access

Home and small office networking and the Routing and Remote Access service are both included in XOX and the Windows Server 2003 family to provide the following networking capabilities:

Network address translation (NAT)
Packet filtering
Dial-up access
Virtual private network (VPN) access
Automated IP addressing for network clients
Name resolution
Internet connections

Because home and small office networking features and Routing and Remote Access share common drivers, they cannot coexist, and you need to decide which to implement in order to meet the needs of your networking environment.

Home and small office networking

You can use home and small office networking features—Internet Connection Firewall (ICF), Network Bridge, and Internet Connection Sharing (ICS)—to simplify the configuration of your home or small office network. These features are intended for networks that consist of two to 10 computers when you want to:

Protect computers that are connected to the Internet using an easily configured firewall. For more information, see Internet Connection Firewall.
Connect LAN segments simply, by using the Bridge Connections menu command. For more information, see Network Bridge.
Provide simultaneous Internet access for up to 10 computers using a single dial-up or high-speed Internet connection. For more information, see Connecting to the Internet in a home or small office network.
Support up to 10 simultaneous dial-up or VPN connections to provide remote computers with access to network resources. For more information, see Incoming connections.

Routing and Remote Access

You can use Routing and Remote Access in combination with Internet Security and Acceleration (ISA) Server to meet the needs of your small business with high security needs, your medium-sized private business, or your enterprise network that spans multiple subnets and supports up to 1,000 computers running XOX or up to 5,000 computers running XOX. Internet connectivity for branch offices is routed through the corporate routing and firewall infrastructure. Use Routing and Remote Access when you want to:

Provide local and branch office computers with high-security Internet access.
Connect branch offices with corporate intranets, and share resources as if all computers are connected to the same LAN.
Protect network interfaces with static packet filters or dynamic packet filters.
Support up to 1,000 simultaneous dial-up or VPN connections to provide remote computers with access to corporate network resources.

Comparisons

The following table summarizes the differences between the way that home and small office networking features (and incoming connections) and Routing and Remote Access (with ISA Server) implement basic networking services.

Service	Description	Home and small office networking features (and incoming connections)	Routing and Remote Access (with ISA Server)
NAT	Hides internally managed IP addresses from external networks by translating private internal addresses to public external addresses. This reduces IP address registration costs by letting you use unregistered IP addresses internally, with translation to a small number of registered IP addresses externally. It also hides the internal network structure, reducing the risk of attacks against internal systems.	ICS	Routing and Remote Access NAT
Dynamic packet filtering	Provides protection from unsolicited traffic for the private network. Permits only traffic that is sent in response to an internal request.	ICF	Basic Firewall
VPN and dial-up access	Allows clients on a remote computer to connect to a private network and to access network resources as if the computer was physically attached to the network.	Incoming connections	Routing and Remote Access
Address assignment	Automates the assignment of client IP addresses on the private network in order to configure clients to allow client-access to network resources.	ICS DHCP allocator	Routing and Remote Access NAT, with a DHCP allocator or a DHCP server
DNS name resolution	Converts the names of computers and other network devices, such as printers, to IP addresses.	ICS DNS Proxy	NAT, with a DNS proxy or a DNS server
Internet connections	Provides a high-speed or dial-up connection for the computer that is connected to the Internet to use to publish its services to the private network.	Configured through Network Connections	Configured through Routing and Remote Access

The following table summarizes which components, features, and connection types are best suited to provide networking services in a given networking scenario.

Service	Scenario
Service	Small office, non-domain network	Small office, domain network	Medium office network with NAT traversal	Medium office network without NAT traversal	Enterprise network	Branch office network
NAT	ICS	ICS	Routing and Remote Access	Routing and Remote Access	Routing and Remote Access	Routing and Remote Access with ISA (on the corporate network)
Packet filtering	ICF	ICF	Basic Firewall or ISA	Basic Firewall or ISA	ISA	ISA (on the corporate network)
VPN/remote access	Incoming connections	Incoming connections	Routing and Remote Access	Routing and Remote Access	Routing and Remote Access	Routing and Remote Access with ISA (on the corporate network)
Address assignment	ICS DHCP allocator	DHCP server	DHCP server	DHCP server	DHCP server	DHCP server
Internet connection	Dial-up, ISDN, broadband, DSL, or LAN	Dial-up, ISDN, broadband, DSL, or LAN (with ISA)	Any combination of T1 or T3, dial-up, ISDN, broadband, DSL, and LAN	Any combination of dial on demand (DoD) routing, T1 or T3, dial-up, ISDN, broadband, DSL, or LAN	Any combination of dial on demand (DoD) routing, T1 or T3, dial-up, ISDN, broadband, DSL, or LAN	Any combination of dial on demand (DoD) routing, T1 or T3, dial-up, ISDN, broadband, DSL, or LAN
NAT traversal	Not available	Not available	ISA	Does not apply	ISA	ISA (on the corporate network)
DNS	DNS proxy	DNS server	DNS server	DNS server	DNS server	DNS server

Notes

In the case of ICS with a DNS or DHCP server, ICS discovers the DHCP service or DNS service and, if present, disables the DNS proxy, DHCP allocator, or both.
Because ICS and ICF are not compatible with Routing and Remote Access, you cannot enable ICF or ICF if Routing and Remote Access is configured. Likewise, if ICS or ICF are enabled, they must first be disabled in order to configure Routing and Remote Access.
XOX