Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

VPN and external web access with SBS2003

Posted on 2006-10-19
9
Medium Priority
?
254 Views
Last Modified: 2010-03-18
Ok guys, I'm fairly new to SBS2003 and im looking to configure two items if possible.

1. i need to establish a VPN between my LAN at my office and y achine at home in SBS 2003
2. i  am interested in the possibility of accessing my internal Company website globally from any machine if posible.

Any ideas on how to confiure these would be greatly appreciated as this is vastly important. Further to this i am using a zyxel prestige 2000 series router which has a static IP address i would like to use through a borwser window to access the internal website from any outsied machine.

cheers
 
0
Comment
Question by:jwd62
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
9 Comments
 
LVL 9

Expert Comment

by:trenes
ID: 17779779
SSL - Explorer will do this trick pretty easy!
http://www.sshtools.com/showSslExplorerCommunity.do

You just need to open 1 port on your router for the SSL connection (default 443) to the SBS 2003 machine where you installed ssl - explorer.
From there on you can create a tunneld web to your internal company website.

Hope that helps!

0
 
LVL 77

Accepted Solution

by:
Rob Williams earned 2000 total points
ID: 17780264
SBS has several built in tools and wizards to allow you remote access to your office. You may not need the VPN depending on what you have a available. The simplest way to connect is using RWW (Remote Web Workplace). With this you connect securely using https and a a web browser. Once logged on you can enable options for users to access their desktop PC to use it remotely, corporate e-mail, and your internal web site. Instructions can be found below. The other option is to create a VPN this allows you access as if you were on the local network. Drives can be mapped and your internal website will be available by connecting using the local address the same as in the office. Again I have outlined the procedure below. RWW will give you slightly better performance in most cases.

Please keep in mind when working with SBS it is very important to use the wizards. You can actually 'break' networking not doing so.

RWW
-On the SBS, under administrative tools open the "Server Management" console. In the console click on Internet and e-mail on the left, and on the page that opens on the right, choose connect to the Internet, even though you may have done this before. The wizard will allow you to add to, or change your present configurations. If you already have an Internet connection you really only need to make one addition, but just verify the current options and click next through the screens. If you only have one network adapter configured, you will be prompted regarding the firewall. One network adapter is fine, click no to viewing documentation, and continue. On the "Web Services configuration" page, if it is not already enabled, check "Allow access to only the following web site services", and check the box for "Remote Web Workplace". If "Allow access to the entire web site from the Internet" is already checked that is fine too, but as a rule I recommend you only enable the services you plan to use. Then just continue through the next options and finish.
-If only administrators are connecting you are done on the server. If others wish to connect, and have access to their own desktop, with their existing permissions, they need to be added to the Remote Web Workplace Users Group, located under "Security Groups", again in the Server Management console.
-Then on the router, at the SBS site, you need to forward ports 4125 and 443 to the SBS. You can find details regarding port forwarding at:
http://www.portforward.com/english/applications/port_forwarding/RemoteDesktop/RemoteDesktopindex.htm
On that site click on your router model to see details. However, this is for remote desktop, port 3389, not RWW ports 443 and 4125,. Substitute the port numbers and configure.
-From the remote site it doesn't matter if it is just a DSL connection, a DSL with a router, or even a dial up account there is nothing to configure

To connect; in a web browser enter your public IP such as  https://66.66.123.123/remote  (don't forget the 's' on the end of http) If you have a registered domain name pointing to this IP you can use that as well and ignore the following.
-If you do not know the public IP, from a web browser on the SBS, log on to http://www.whatismyip.com and it will advise you.
-If you have a domain name registered with that IP you can use that to access  http://mydomain.abc/remote
-If you do not have a static (fixed) public IP you can also set up a DDNS service that will assign you a domain name, and track the changing IP so you can always simply use the domain name to connect. Get it working, and then if this is an issue you can deal with the DDNS service afterwards. I prefer www.dyndns.com, but there are many others such as www.no-ip.com
-When the connection starts you will be asked to accept an SSL secure certificate
-Then a logon window will appear where you enter your username and password.
-On the first page you will be given the options available to you. As an administrator you will have access to servers, but users will only see desktops.
-The first time the web page is viewed on any computer, it will ask to install an Active-X control when you try to log on to a computer. allow it to do so. If XP you may get the message bar at the top warning the Active-x control was blocked. Rick click on the bar and allow installation. You may then need to click on the logon option to a computer again. There is a little delay while the component is installed.
-Then you will be asked again for your username and password.

It works very well and is quite secure. There is a webcast outlining RWW features.
http://support.microsoft.com/kb/833983


VPN:
To create the server end of the VPN open the server management console, click on Internet and E-Mail, followed by Configure remote access, then just follow the very short wizard. If you want to verify the configuration there is a great article at:
http://www.onecomputerguy.com/networking/w3k_vpn_server.htm
However, only use it for reference, use the wizard for the basic configuration.

As for the client end SBS again has a wizard. This will actually create a disk to configure the remote computer to connect. This is on the same page of the Server management console and is called Create a remote connection disk. The client can be configured manually, but it is recommended to use the disk. Should you need to do so manually see:
http://www.onecomputerguy.com/networking/xp_vpn.htm

You also need to forward port 1723, and GRE. Depending on the router, GRE may be a specific command, or is often labeled "PPTP pass-through". For many routers detailed instruction for port forwarding can be found by going to the following link:
http://www.portforward.com/english/applications/port_forwarding/PPTP/PPTPindex.htm
If your router has UPnP enabled SBS will actually configure the port forwarding for you. There are some security concerns with having UPnP enabled:
http://www.grc.com/UnPnP/UnPnP.htm

Once the VPN is established if you have problems connecting to any systems try using the IP address as a test. Sometimes DNS has to be "tweeked" but with SBS and the wizards it is not usually a problem. e.g:
\\192.168.123.123\SahreName  
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 17924501
Robwill gave you a great overview... but thought I'd just add a nice visual for RWW:  http://sbsurl.com/rww

You'll also find other pertinent info about remote access of your SBS here:

http://sbsurl.com/remote
http://sbsurl.com/mobile

Jeff
TechSoEasy
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 17924503
P. S.  trenes... SBS has this built-in!
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 19214587
riteheer... it's pretty clear that you should have recommended that the question be closed and points awarded to RobWill.

Jeff
TechSoEasy
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 19220265
Thanks Jeff.
Cheers all !
--Rob
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A brief overview to explain gateways, default gateways and static routes OR NO - you CANNOT have two default gateways on the same server, PC or other Windows-based network device. In simple terms a gateway is formed when a computer such as a serv…
The Need In an Active Directory enviroment, the PDC emulator provide time synchronization for the domain. This is important since Active Directory uses Kerberos for authentication.  By default, if the time difference between systems is off by more …
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
In this video you will find out how to export Office 365 mailboxes using the built in eDiscovery tool. Bear in mind that although this method might be useful in some cases, using PST files as Office 365 backup is troublesome in a long run (more on t…

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question