VPN and external web access with SBS2003

Posted on 2006-10-19
Last Modified: 2010-03-18
Ok guys, I'm fairly new to SBS2003 and im looking to configure two items if possible.

1. i need to establish a VPN between my LAN at my office and y achine at home in SBS 2003
2. i  am interested in the possibility of accessing my internal Company website globally from any machine if posible.

Any ideas on how to confiure these would be greatly appreciated as this is vastly important. Further to this i am using a zyxel prestige 2000 series router which has a static IP address i would like to use through a borwser window to access the internal website from any outsied machine.

Question by:jwd62
  • 3
  • 2

Expert Comment

ID: 17779779
SSL - Explorer will do this trick pretty easy!

You just need to open 1 port on your router for the SSL connection (default 443) to the SBS 2003 machine where you installed ssl - explorer.
From there on you can create a tunneld web to your internal company website.

Hope that helps!

LVL 77

Accepted Solution

Rob Williams earned 500 total points
ID: 17780264
SBS has several built in tools and wizards to allow you remote access to your office. You may not need the VPN depending on what you have a available. The simplest way to connect is using RWW (Remote Web Workplace). With this you connect securely using https and a a web browser. Once logged on you can enable options for users to access their desktop PC to use it remotely, corporate e-mail, and your internal web site. Instructions can be found below. The other option is to create a VPN this allows you access as if you were on the local network. Drives can be mapped and your internal website will be available by connecting using the local address the same as in the office. Again I have outlined the procedure below. RWW will give you slightly better performance in most cases.

Please keep in mind when working with SBS it is very important to use the wizards. You can actually 'break' networking not doing so.

-On the SBS, under administrative tools open the "Server Management" console. In the console click on Internet and e-mail on the left, and on the page that opens on the right, choose connect to the Internet, even though you may have done this before. The wizard will allow you to add to, or change your present configurations. If you already have an Internet connection you really only need to make one addition, but just verify the current options and click next through the screens. If you only have one network adapter configured, you will be prompted regarding the firewall. One network adapter is fine, click no to viewing documentation, and continue. On the "Web Services configuration" page, if it is not already enabled, check "Allow access to only the following web site services", and check the box for "Remote Web Workplace". If "Allow access to the entire web site from the Internet" is already checked that is fine too, but as a rule I recommend you only enable the services you plan to use. Then just continue through the next options and finish.
-If only administrators are connecting you are done on the server. If others wish to connect, and have access to their own desktop, with their existing permissions, they need to be added to the Remote Web Workplace Users Group, located under "Security Groups", again in the Server Management console.
-Then on the router, at the SBS site, you need to forward ports 4125 and 443 to the SBS. You can find details regarding port forwarding at:
On that site click on your router model to see details. However, this is for remote desktop, port 3389, not RWW ports 443 and 4125,. Substitute the port numbers and configure.
-From the remote site it doesn't matter if it is just a DSL connection, a DSL with a router, or even a dial up account there is nothing to configure

To connect; in a web browser enter your public IP such as  (don't forget the 's' on the end of http) If you have a registered domain name pointing to this IP you can use that as well and ignore the following.
-If you do not know the public IP, from a web browser on the SBS, log on to and it will advise you.
-If you have a domain name registered with that IP you can use that to access
-If you do not have a static (fixed) public IP you can also set up a DDNS service that will assign you a domain name, and track the changing IP so you can always simply use the domain name to connect. Get it working, and then if this is an issue you can deal with the DDNS service afterwards. I prefer, but there are many others such as
-When the connection starts you will be asked to accept an SSL secure certificate
-Then a logon window will appear where you enter your username and password.
-On the first page you will be given the options available to you. As an administrator you will have access to servers, but users will only see desktops.
-The first time the web page is viewed on any computer, it will ask to install an Active-X control when you try to log on to a computer. allow it to do so. If XP you may get the message bar at the top warning the Active-x control was blocked. Rick click on the bar and allow installation. You may then need to click on the logon option to a computer again. There is a little delay while the component is installed.
-Then you will be asked again for your username and password.

It works very well and is quite secure. There is a webcast outlining RWW features.

To create the server end of the VPN open the server management console, click on Internet and E-Mail, followed by Configure remote access, then just follow the very short wizard. If you want to verify the configuration there is a great article at:
However, only use it for reference, use the wizard for the basic configuration.

As for the client end SBS again has a wizard. This will actually create a disk to configure the remote computer to connect. This is on the same page of the Server management console and is called Create a remote connection disk. The client can be configured manually, but it is recommended to use the disk. Should you need to do so manually see:

You also need to forward port 1723, and GRE. Depending on the router, GRE may be a specific command, or is often labeled "PPTP pass-through". For many routers detailed instruction for port forwarding can be found by going to the following link:
If your router has UPnP enabled SBS will actually configure the port forwarding for you. There are some security concerns with having UPnP enabled:

Once the VPN is established if you have problems connecting to any systems try using the IP address as a test. Sometimes DNS has to be "tweeked" but with SBS and the wizards it is not usually a problem. e.g:
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 17924501
Robwill gave you a great overview... but thought I'd just add a nice visual for RWW:

You'll also find other pertinent info about remote access of your SBS here:

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 17924503
P. S.  trenes... SBS has this built-in!
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 19214587
riteheer... it's pretty clear that you should have recommended that the question be closed and points awarded to RobWill.

LVL 77

Expert Comment

by:Rob Williams
ID: 19220265
Thanks Jeff.
Cheers all !

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Downtime reduced, data recovered by utilizing an Experts Exchange Business Account Challenge The United States Marine Corps employs more than 200,000 active-duty Marines with operations in four continents, all requiring complex networking system…
I'm a big fan of Windows' offline folder caching and have used it on my laptops for over a decade.  One thing I don't like about it, however, is how difficult Microsoft has made it for the cache to be moved out of the Windows folder.  Here's how to …
Internet Business Fax to Email Made Easy - With eFax Corporate (, you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now