RRAS: To use RRAS server as an IPv4 router, IPv4 forwarding must be enabled

Applies To: Windows Server 2008 R2, Windows Server 2012, Windows Storage Server 2012

This topic is intended to address a specific issue identified by a Best Practices Analyzer scan. You should apply the information in this topic only to computers that have had the Network Policy and Access Service (NPAS) Best Practices Analyzer run against them and are experiencing the issue addressed by this topic. For more information about best practices and scans, see Best Practices Analyzer.

Operating System

Windows Server 2012, Windows Server 2008 R2


Routing and Remote Access Service (RRAS)






IPv4 routing is enabled, but IPv4 forwarding is disabled on the Routing and Remote Access server.


If IPv4 forwarding is disabled on the RRAS server, then it cannot operate as an IPv4 router.

RRAS routing requires that the server be configured to permit forwarding of IPv4 network packets from interface to interface on the server. If forwarding is disabled, then routing cannot operate.


Use 'Routing and Remote Access' in Server Manager to select 'Enable IPv4 Forwarding' on the Routing and Remote Access Properties page.

Membership in the local Administrators group, or equivalent, is the minimum required to complete this procedure.

To enable forwarding of IPv4 network packets

  1. Start Server Manager. Click Start, click Administrative Tools, and then click Server Manager.

  2. In the navigation tree, expand Roles, and then expand Network Policy and Access Services.

  3. Right-click Routing and Remote Access, and then click Properties.

  4. On the IPv4 tab, select Enable IPv4 Forwarding, and then click OK to save your changes.

  5. Run the NPAS Best Practice Analyzer again. If this rule still displays as non-compliant, then restart the RRAS server by right-clicking Routing and Remote Access, clicking All Tasks, and then clicking Restart.

Additional references

For more about the Routing and Remote Access role service, see Routing and Remote Access (http://go.microsoft.com/fwlink/?linkid=153482) on TechNet, and Routing and Remote Access Service in the Windows Server Technical Library.