SBS 2003 Setting up remote access without a domain name for your server
I have been trying to setup remote access & outlook web access on my server, but I only have a static ip for my router and not a domain name.
I am using two nics on the server. The router has the static ip address from my isp and the server nic for the router is assigned 192.168.1.254 (the lan nic is 192.168.1.250)
What do I need to do when I setup remote access using the To Do List, and how do I configure the users pcs at home so they can connect to the server from home.
The router supports upnp, but do I need to open ports manually on the router?
So if someone could give me some steps to setup the remote access without domain names and what would I use for the server name ...
Thanks
lpii
I am using two nics on the server. The router has the static ip address from my isp and the server nic for the router is assigned 192.168.1.254 (the lan nic is 192.168.1.250)
What do I need to do when I setup remote access using the To Do List, and how do I configure the users pcs at home so they can connect to the server from home.
The router supports upnp, but do I need to open ports manually on the router?
So if someone could give me some steps to setup the remote access without domain names and what would I use for the server name ...
Thanks
lpii
Has your ISP given you a publicly addressable IP? Everything in the 192.168.x.x is considered to be in a range called private IP addresses and because of this a remote user cannot access you server using an address in that range.
You don't necessarily need a server name. The public static IP address you have from your ISP can be used as long as you set up your router to port forward, for example you will need to port forward PPTP if you are going to use Windows VPN server, so 1723 should port forward to your internal address.
You could register for a free dyndns account and get your self a free domain name to go with that static address.
You could register for a free dyndns account and get your self a free domain name to go with that static address.
ASKER
Yes the ip is public.
If I port forward the router do I port forward to the NIC that the router is connected to or the NIC that is on the LAN?
Using the to do list, I am using the server for VPN access, so for the server name do I just enter the public IP, or do I enter the actual server name (server.company.lan).
On the remote access screen the only options are vpn or dial-up, is there any other way?
What do I do need to do on the PCs that will connect from the outside?
Peace,
lpii
If I port forward the router do I port forward to the NIC that the router is connected to or the NIC that is on the LAN?
Using the to do list, I am using the server for VPN access, so for the server name do I just enter the public IP, or do I enter the actual server name (server.company.lan).
On the remote access screen the only options are vpn or dial-up, is there any other way?
What do I do need to do on the PCs that will connect from the outside?
Peace,
lpii
Port forward to the LAN address of the Server 192.168.1.254
Enter the server name.
VPN is probably the easiest/cheapest way there are other options such as a VPN Router/Firewall or Gotomypc for connecting users directly to their office pc's.
The PC's that need to connect in remotely just need to run through the New connection wizard in network connections. Choose connect to the network at my workplace, select VPN, give it any name you like, choose do not dial the initial connection if the pc has always on/broadband, then enter the public IP address of your router. The username and password will be their network username and password and make sure you have allow dial in ticked in the users Active Directory profile.
Enter the server name.
VPN is probably the easiest/cheapest way there are other options such as a VPN Router/Firewall or Gotomypc for connecting users directly to their office pc's.
The PC's that need to connect in remotely just need to run through the New connection wizard in network connections. Choose connect to the network at my workplace, select VPN, give it any name you like, choose do not dial the initial connection if the pc has always on/broadband, then enter the public IP address of your router. The username and password will be their network username and password and make sure you have allow dial in ticked in the users Active Directory profile.
ASKER
The LAN NIC is 192.168.1.250 (connected to the switch), while the WAN NIC is 192.168.1.254 (connected to the router) so which do I port forward to?
Is there anything else I need to look at (open ports on the router)?
Is there anything else I need to look at (open ports on the router)?
Port forward to the WAN NIC.
As well as port forwarding PPTP 1723 and creating a rule to allow it through from wan to lan, you may also need to create a rule allowing PPTP-GRE in and out on your router/firewall, specially if users get to the authentication stage and no further.
I take it your router has a firewall? Which make?
As well as port forwarding PPTP 1723 and creating a rule to allow it through from wan to lan, you may also need to create a rule allowing PPTP-GRE in and out on your router/firewall, specially if users get to the authentication stage and no further.
I take it your router has a firewall? Which make?
ASKER
I am using a Netgear FVS114 (ProSafe VPN Firewall)
I also have the SBS Firewall turned on. Are there settings that need changed there also?
Is there any way of connecting to the router from the server or do I have to connect a pc to it in order to connect?
I also have the SBS Firewall turned on. Are there settings that need changed there also?
Is there any way of connecting to the router from the server or do I have to connect a pc to it in order to connect?
You don't need to configure any port forwarding with SBS and an FVS114, it's all done by the Configure Email and Internet Connection Wizard as long as UPnP is enabled on the router.
Can you please post an IPCONFIG /ALL from your server and then I can help you straighten all this out.
Jeff
TechSoEasy
Can you please post an IPCONFIG /ALL from your server and then I can help you straighten all this out.
Jeff
TechSoEasy
ASKER
I will be at the client this by Wed and get that out to you.
Peace,
lpii
Peace,
lpii
ASKER
Here is the ipconfig/all for the sever. If you could also include how to run the remote access so I know what to enter for the server name.
Thanks,
lpii
Windows IP Configuration
Host Name . . . . . . . . . . . . : GKSERVER
Primary Dns Suffix . . . . . . . : gklaw.local
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : Yes
DNS Suffix Search List. . . . . . : gklaw.local
Ethernet adapter Server WAN:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : NETGEAR FA311/FA312 PCI Adapter
Physical Address. . . . . . . . . : 00-0F-B5-42-4A-C0
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.0.253
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.1
DNS Servers . . . . . . . . . . . : 192.168.0.254
NetBIOS over Tcpip. . . . . . . . : Disabled
Ethernet adapter Server LAN:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection
Physical Address. . . . . . . . . : 00-13-72-3D-FB-3A
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.0.254
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 192.168.0.254
Primary WINS Server . . . . . . . : 192.168.0.254
Thanks,
lpii
Windows IP Configuration
Host Name . . . . . . . . . . . . : GKSERVER
Primary Dns Suffix . . . . . . . : gklaw.local
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : Yes
DNS Suffix Search List. . . . . . : gklaw.local
Ethernet adapter Server WAN:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : NETGEAR FA311/FA312 PCI Adapter
Physical Address. . . . . . . . . : 00-0F-B5-42-4A-C0
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.0.253
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.1
DNS Servers . . . . . . . . . . . : 192.168.0.254
NetBIOS over Tcpip. . . . . . . . : Disabled
Ethernet adapter Server LAN:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection
Physical Address. . . . . . . . . : 00-13-72-3D-FB-3A
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.0.254
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 192.168.0.254
Primary WINS Server . . . . . . . : 192.168.0.254
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I can't believe that the small change of putting the router and the WAN NIC on a seperate subnet made it all work. It is unbelievable. Everything else that was listed in your post I had done, just not a seperate subnet.
I looked back at the Mirosoft SBS 2003 Book, and even one of the other manuals that I purchased and neither said anything about different subnets for the LAN & WAN.
I have some very happy clients now. Thank you very much.
Peace,
lpii
I will definitely be looking on your web site and questions that you answered for any other issues I may run into. I have been working on this issue for almost a month now and not getting anywhere, even trying other consultants that I know.
I looked back at the Mirosoft SBS 2003 Book, and even one of the other manuals that I purchased and neither said anything about different subnets for the LAN & WAN.
I have some very happy clients now. Thank you very much.
Peace,
lpii
I will definitely be looking on your web site and questions that you answered for any other issues I may run into. I have been working on this issue for almost a month now and not getting anywhere, even trying other consultants that I know.
That is NOT a small thing!!! Routing has always been my nemesis -- so I've learned enough about it to just make things work because TCP/IP & DNS is what makes your entire SBS network function.
Essentially by using the same IP Subnet on both NICs, you have not accomplished the separation they provide. A Dual Homed (two nic) server with RRAS is essentially a ROUTER, much the same way a Linksys or D-Link Router function. So, I'm sure you would never use the same IP for the Router's WAN connection as you would the LAN connection... this is the same idea.
As for the answers on my website... they come up a lot in Google... but I haven't enabled a good search function on the site itself so you currently have to use a Ctrl-F and find what you're looking for that way. There will be enhanced searching added at some point in the near future!
Jeff
TechSoEasy
Essentially by using the same IP Subnet on both NICs, you have not accomplished the separation they provide. A Dual Homed (two nic) server with RRAS is essentially a ROUTER, much the same way a Linksys or D-Link Router function. So, I'm sure you would never use the same IP for the Router's WAN connection as you would the LAN connection... this is the same idea.
As for the answers on my website... they come up a lot in Google... but I haven't enabled a good search function on the site itself so you currently have to use a Ctrl-F and find what you're looking for that way. There will be enhanced searching added at some point in the near future!
Jeff
TechSoEasy