Actually, I have a good reason why it could be locking up. My installation of Adv Server (it's the ONLY one, and I will not be installing it again for quite a while
) was a bit of a dog when compared to a regular Win2K server install because of the extra services. One of these services that you will probably see, is RIS (Remote Installation Service). It has this oh-so-wonderful <dripping with sarcasm> utility called "grovel" (grovel.exe will be seen in your task manager if it is running) and it will suck down CPU cycles like there is no tomorrow. Also, it runs in fairly regular cycles as well, and you will hear it thrashing the HDD regularly as it scans. If you don't have this running, let me know and I can try to point you in the right direction.
As for NAT, it is available in both Server and Adv Server, and is available for installation after RRAS is installed (I know you know this LA, but this is more for everyone's benefit
). And yes, you can do both NAT and PAT (and yes, there is a difference. No, really...
NAT-Lets you share one IP on one network with many IPs on another network. Generally tied into RIP when used in an application such as RRAS w/ NAT in Win2K server.
PAT-Lets you REDIRECT the traffic coming in on one port and shift it to another. For example, let's say you have 2 terminal servers on your network, and you are using the simple NAT of a Linksys BEFSR41 consumer router/gateway device. You are only allowed to map port 3389 to one machine, and that's it (of course, you can change the hosting port of TS/Remote Desktop if you like, but that's covered here
and I can help with that too if needed). Now, with PAT in Win2K, you can declare that traffic coming in at 5555 will actually go to 192.168.1.101 (which is your second server, and 192.168.1.100 would be the first one sitting at port 3389 in your PAT table) so when traffic comes in on that port, it will be modified and redirected to the correct port from information in its table.
Here's a pic from the mini-domain running on our network at my office:
With this config, they can get out and do whatever they want, except use our resources (our NT 4 domain doesn't acknowledge their credentials) other than our T1 for internet access, while I can use TS to not only get into their server (as seen here), but get to each workstation as well. Pretty nifty eh? Is this what you were asking about?