SBS 2003 Setting up remote access without a domain name for your server

I have been trying to setup remote access & outlook web access on my server, but I only have a static ip for my router and not a domain name.

I am using two nics on the server.  The router has the static ip address from my isp and the server nic for the router is assigned 192.168.1.254 (the lan nic is 192.168.1.250)

What do I need to do when I setup remote access using the To Do List, and how do I configure the users pcs at home so they can connect to the server from home.

The router supports upnp, but do I need to open ports manually on the router?

So if someone could give me some steps to setup the remote access without domain names and what would I use for the server name ...

Thanks

lpii
lpiiAsked:
Who is Participating?
 
Jeffrey Kane - TechSoEasyConnect With a Mentor Principal ConsultantCommented:
Alright, the problem is that you are using the same IP subnet on both of your NICs.  Also, your Router's IP of 192.168.0.1 is the default which could cause a conflict with anyone trying to use VPN and connecting from somewhere that has the same IP schema.

Therefore, you need to change the LAN IP on your router to something like 192.168.200.1 and then change the External IP on the WAN NIC to 192.168.200.2.  DNS will still be 192.168.0.254 -- the internal IP of your SBS.

Then, check to make sure that the binding order is correct by opening Network Connections > Advanced Settings...  The LAN NIC should be on top followed by the WAN NIC.  File and Print Sharing should also be unchecked on the WAN side.

From the server, access the router's control panel at 192.168.200.2 and make sure that UPnP is enabled.

Once that is set, rerun the Configure Email and Internet Connection Wizard (CEICW) which is linked in the Internet & Email section of the Management Console as "Connect to the Internet".  A visual how-to of this is here:  http://sbsurl.com/ceicw  -- be sure to enter your PUBLIC STATIC IP on the certificate page.

When that finishes you should run the Configure Remote Access wizard, again entering your public static IP for the connection information.

That should be all you need.  You should now be able to access https://<publicIP>/remote and https://<publicIP/exchange

I would suggest that you register a domain name... it's only a few bucks and will provide you with a much easier to remember method for your users to connect.  I'd suspect that you are now using POP3 email as well, so this will allow you to also have your own email.  More on how to get to that is here:  http://sbsurl.com/pop2smtp

Jeff
TechSoEasy
0
 
Bull_81073Commented:
Has your ISP given you a publicly addressable IP?  Everything in the 192.168.x.x is considered to be in a range called private IP addresses and because of this a remote user cannot access you server using an address in that range.
0
 
NzarthCommented:
You don't necessarily need a server name.  The public static IP address you have from your ISP can be used as long as you set up your router to port forward, for example you will need to port forward PPTP if you are going to use Windows VPN server, so 1723 should port forward to your internal address.

You could register for a free dyndns account and get your self a free domain name to go with that static address.
0
Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
lpiiAuthor Commented:
Yes the ip is public.

If I port forward the router do I port forward to the NIC that the router is connected to or the NIC that is on the LAN?

Using the to do list, I am using the server for VPN access, so for the server name do I just enter the public IP, or do I enter the actual server name (server.company.lan).

On the remote access screen the only options are vpn or dial-up, is there any other way?

What do I do need to do on the PCs that will connect from the outside?

Peace,

lpii
0
 
NzarthCommented:
Port forward to the LAN address of the Server 192.168.1.254
Enter the server name.
VPN is probably the easiest/cheapest way there are other options such as a VPN Router/Firewall or Gotomypc for connecting users directly to their office pc's.

The PC's that need to connect in remotely just need to run through the New connection wizard in network connections. Choose connect to the network at my workplace, select VPN, give it any name you like, choose do not dial the initial connection if the pc has always on/broadband, then enter the public IP address of your router. The username and password will be their network username and password and make sure you have allow dial in ticked in the users Active Directory profile.
0
 
lpiiAuthor Commented:
The LAN NIC is 192.168.1.250 (connected to the switch), while the WAN NIC is 192.168.1.254 (connected to the router) so which do I port forward to?

Is there anything else I need to look at (open ports on the router)?
0
 
NzarthCommented:
Port forward to the WAN NIC.
As well as port forwarding PPTP 1723 and creating a rule to allow it through from wan to lan, you may also need to create a rule allowing PPTP-GRE in and out on your router/firewall, specially if users get to the authentication stage and no further.  
I take it your router has a firewall? Which make?
0
 
lpiiAuthor Commented:
I am using a Netgear FVS114 (ProSafe VPN Firewall)

I also have the SBS Firewall turned on.  Are there settings that need changed there also?

Is there any way of connecting to the router from the server or do I have to connect a pc to it in order to connect?
0
 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
You don't need to configure any port forwarding with SBS and an FVS114, it's all done by the Configure Email and Internet Connection Wizard as long as UPnP is enabled on the router.

Can you please post an IPCONFIG /ALL from your server and then I can help you straighten all this out.

Jeff
TechSoEasy
0
 
lpiiAuthor Commented:
I will be at the client this by Wed and get that out to you.

Peace,

lpii
0
 
lpiiAuthor Commented:
Here is the ipconfig/all for the sever.  If you could also include how to run the remote access so I know what to enter for the server name.

Thanks,

lpii


Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : GKSERVER
   Primary Dns Suffix  . . . . . . . : gklaw.local
   Node Type . . . . . . . . . . . . : Unknown
   IP Routing Enabled. . . . . . . . : Yes
   WINS Proxy Enabled. . . . . . . . : Yes
   DNS Suffix Search List. . . . . . : gklaw.local
 
Ethernet adapter Server WAN:
 
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : NETGEAR FA311/FA312 PCI Adapter
   Physical Address. . . . . . . . . : 00-0F-B5-42-4A-C0
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.0.253
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.0.1
   DNS Servers . . . . . . . . . . . : 192.168.0.254
   NetBIOS over Tcpip. . . . . . . . : Disabled
 
Ethernet adapter Server LAN:
 
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection
   Physical Address. . . . . . . . . : 00-13-72-3D-FB-3A
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.0.254
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . :
   DNS Servers . . . . . . . . . . . : 192.168.0.254
   Primary WINS Server . . . . . . . : 192.168.0.254
0
 
lpiiAuthor Commented:
I can't believe that the small change of putting the router and the WAN NIC on a seperate subnet made it all work.  It is unbelievable.  Everything else that was listed in your post I had done, just not a seperate subnet.

I looked back at the Mirosoft SBS 2003 Book, and even one of the other manuals that I purchased and neither said anything about different subnets for the LAN & WAN.

I have some very happy clients now.  Thank you very much.

Peace,

lpii

I will definitely be looking on your web site and questions that you answered for any other issues I may run into.  I have been working on this issue for almost a month now and not getting anywhere, even trying other consultants that I know.
0
 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
That is NOT a small thing!!!  Routing has always been my nemesis -- so I've learned enough about it to just make things work because TCP/IP & DNS is what makes your entire SBS network function.  

Essentially by using the same IP Subnet on both NICs, you have not accomplished the separation they provide.  A Dual Homed (two nic) server with RRAS is essentially a ROUTER, much the same way a Linksys or D-Link Router function.  So, I'm sure you would never use the same IP for the Router's WAN connection as you would the LAN connection... this is the same idea.

As for the answers on my website... they come up a lot in Google... but I haven't enabled a good search function on the site itself so you currently have to use a Ctrl-F and find what you're looking for that way.  There will be enhanced searching added at some point in the near future!

Jeff
TechSoEasy
0
All Courses

From novice to tech pro — start learning today.