VPN and external web access with SBS2003

jwd62 used Ask the Experts™
Ok guys, I'm fairly new to SBS2003 and im looking to configure two items if possible.

1. i need to establish a VPN between my LAN at my office and y achine at home in SBS 2003
2. i  am interested in the possibility of accessing my internal Company website globally from any machine if posible.

Any ideas on how to confiure these would be greatly appreciated as this is vastly important. Further to this i am using a zyxel prestige 2000 series router which has a static IP address i would like to use through a borwser window to access the internal website from any outsied machine.

Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
SSL - Explorer will do this trick pretty easy!

You just need to open 1 port on your router for the SSL connection (default 443) to the SBS 2003 machine where you installed ssl - explorer.
From there on you can create a tunneld web to your internal company website.

Hope that helps!

Top Expert 2013
SBS has several built in tools and wizards to allow you remote access to your office. You may not need the VPN depending on what you have a available. The simplest way to connect is using RWW (Remote Web Workplace). With this you connect securely using https and a a web browser. Once logged on you can enable options for users to access their desktop PC to use it remotely, corporate e-mail, and your internal web site. Instructions can be found below. The other option is to create a VPN this allows you access as if you were on the local network. Drives can be mapped and your internal website will be available by connecting using the local address the same as in the office. Again I have outlined the procedure below. RWW will give you slightly better performance in most cases.

Please keep in mind when working with SBS it is very important to use the wizards. You can actually 'break' networking not doing so.

-On the SBS, under administrative tools open the "Server Management" console. In the console click on Internet and e-mail on the left, and on the page that opens on the right, choose connect to the Internet, even though you may have done this before. The wizard will allow you to add to, or change your present configurations. If you already have an Internet connection you really only need to make one addition, but just verify the current options and click next through the screens. If you only have one network adapter configured, you will be prompted regarding the firewall. One network adapter is fine, click no to viewing documentation, and continue. On the "Web Services configuration" page, if it is not already enabled, check "Allow access to only the following web site services", and check the box for "Remote Web Workplace". If "Allow access to the entire web site from the Internet" is already checked that is fine too, but as a rule I recommend you only enable the services you plan to use. Then just continue through the next options and finish.
-If only administrators are connecting you are done on the server. If others wish to connect, and have access to their own desktop, with their existing permissions, they need to be added to the Remote Web Workplace Users Group, located under "Security Groups", again in the Server Management console.
-Then on the router, at the SBS site, you need to forward ports 4125 and 443 to the SBS. You can find details regarding port forwarding at:
On that site click on your router model to see details. However, this is for remote desktop, port 3389, not RWW ports 443 and 4125,. Substitute the port numbers and configure.
-From the remote site it doesn't matter if it is just a DSL connection, a DSL with a router, or even a dial up account there is nothing to configure

To connect; in a web browser enter your public IP such as  (don't forget the 's' on the end of http) If you have a registered domain name pointing to this IP you can use that as well and ignore the following.
-If you do not know the public IP, from a web browser on the SBS, log on to http://www.whatismyip.com and it will advise you.
-If you have a domain name registered with that IP you can use that to access  http://mydomain.abc/remote
-If you do not have a static (fixed) public IP you can also set up a DDNS service that will assign you a domain name, and track the changing IP so you can always simply use the domain name to connect. Get it working, and then if this is an issue you can deal with the DDNS service afterwards. I prefer www.dyndns.com, but there are many others such as www.no-ip.com
-When the connection starts you will be asked to accept an SSL secure certificate
-Then a logon window will appear where you enter your username and password.
-On the first page you will be given the options available to you. As an administrator you will have access to servers, but users will only see desktops.
-The first time the web page is viewed on any computer, it will ask to install an Active-X control when you try to log on to a computer. allow it to do so. If XP you may get the message bar at the top warning the Active-x control was blocked. Rick click on the bar and allow installation. You may then need to click on the logon option to a computer again. There is a little delay while the component is installed.
-Then you will be asked again for your username and password.

It works very well and is quite secure. There is a webcast outlining RWW features.

To create the server end of the VPN open the server management console, click on Internet and E-Mail, followed by Configure remote access, then just follow the very short wizard. If you want to verify the configuration there is a great article at:
However, only use it for reference, use the wizard for the basic configuration.

As for the client end SBS again has a wizard. This will actually create a disk to configure the remote computer to connect. This is on the same page of the Server management console and is called Create a remote connection disk. The client can be configured manually, but it is recommended to use the disk. Should you need to do so manually see:

You also need to forward port 1723, and GRE. Depending on the router, GRE may be a specific command, or is often labeled "PPTP pass-through". For many routers detailed instruction for port forwarding can be found by going to the following link:
If your router has UPnP enabled SBS will actually configure the port forwarding for you. There are some security concerns with having UPnP enabled:

Once the VPN is established if you have problems connecting to any systems try using the IP address as a test. Sometimes DNS has to be "tweeked" but with SBS and the wizards it is not usually a problem. e.g:
Jeffrey Kane - TechSoEasyPrincipal Consultant
Most Valuable Expert 2016
Top Expert 2014

Robwill gave you a great overview... but thought I'd just add a nice visual for RWW:  http://sbsurl.com/rww

You'll also find other pertinent info about remote access of your SBS here:


Jeffrey Kane - TechSoEasyPrincipal Consultant
Most Valuable Expert 2016
Top Expert 2014

P. S.  trenes... SBS has this built-in!
Jeffrey Kane - TechSoEasyPrincipal Consultant
Most Valuable Expert 2016
Top Expert 2014

riteheer... it's pretty clear that you should have recommended that the question be closed and points awarded to RobWill.

Top Expert 2013

Thanks Jeff.
Cheers all !

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial