Avatar of gavinandrewmcmillan
gavinandrewmcmillanFlag for Australia

asked on 

Network Upgrade - Cisco Wireless - DMZ - ISA? SBS 2K3

Hi All

I am about to upgrade a network of 20 local clients, 3 laptops and 12 remote Terminal Server users. The upgrade involves migrating (swing migration) from the current SBS server (P4 Spec.... bad) to a new Xeon Dual core with SBS 2K3 on it. I will be bringing in a Cisco 877-WGA-K9 Integrated Services Router with Wireless into this environment, It is a 2 Nic setup as follows: SN               | SN
Cisco 877 -------- SBS 2003 DC ---------------24p Switch-------------Clients
      |                                                                         |
      |                                                                         |
      |                                                              Terminal Server
Wireless Clients

I guess i have several questions

1: Currently ISA is not installed and am wondering whether the Cisco 877 will be sufficient security wise?
2: I will use the Cisco security software for connecting wireless clients to the router, what options do i have for connecting to my intranet? VPN? do i need ISA?
3: What main issues will i encounter with this set up and what steps can i take to avoid them?

I believe ISA was on there in the past and they (hopefully) have backups of settings etc so it is an option to put it back on. I will be migrating the settings off their current server to a new one using Swing Migration and so would like to get everything perfect for when the upgrade is complete.

Gavin McMillan
OS SecurityWireless NetworkingSBS

Avatar of undefined
Last Comment
Jeffrey Kane - TechSoEasy
Avatar of Jeffrey Kane - TechSoEasy
Jeffrey Kane - TechSoEasy
Flag of United States of America image

Whether or not to deploy ISA is really going to be a question of how secure you want the network.  The Cisco 877 will provide a good firewall, but it would work even better with ISA Server installed if they already have it anyhow.  But if your current SBS license on the old server is Premium Edition (including ISA) OEM, then it cannot be transfered to a new machine... because OEM is licensed only on the machine it was purchased with.

However, if that's not the case, or if you are buying Premium Edition on the new server as well, then don't worry too much about configuration settings because like all things on SBS, ISA is configured automatically with a wizard for most main settings.  

You don't need ISA to use SBS's native VPN, you just need to enable PPTP Passthrough on the Cisco Router.   For wireless clients, if the machines are not members of the domain, then configuring it on the router is fine... I'd suggest that you create a separate Virtual Cirtuit for it though and use a separate IP Subnet and Public IP if you have another one available.  Then if those clients need access to the domain they would connect via SBS's VPN Connection Manager.

If there are wireless clients that are members of the domain, I'd just add a simple Linksys Wireless Access point somewhere within the LAN.

Make sure that the Terminal Server is joined properly (http://sbsurl.com/sbstss) so that it can be accessed via Remote Web Workplace, or if you want direct access you can configure port 3390 for it... this would need to be done in the router, as well as on SBS (in ISA if you use it, or in RRAS otherwise).

Avatar of gavinandrewmcmillan


Hi Jeff

Thanks for your comment!, the new Server does have Premium so i guess I may aswell install ISA. Will cross that bridge at the time.

Just for clarification on the wireless clients, would you

Set up a vlan and have them VPN in?
Have the CISCO 877 manage 2 External IP Addresses and have them connect via VPN that way?

The cost for an extra 4 IP's is only $20.00 extra per month so i think i will probably go with having the CISCO Manage the IP's and VPN in.

Anny suggestions on what i can do with 3 spare IP's????

ISA server gives you one of the best application layer gateways in the world and you've got it as part of the Premium version :) Yes, I would definitely install it.  

SBS is adept at managing the solution with only one IP address, its yet another thing that makes it such a great product.  Hoever, as Jeff has suggested another of the IP's could be used to create the VPN tunnel.

Were there defintely four useable IP addresses?

Avatar of Jeffrey Kane - TechSoEasy
Jeffrey Kane - TechSoEasy
Flag of United States of America image

Blurred text
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial

Small Business Server (SBS) is a line of server operating systems targeted at small businesses by bundling the operating system with a number of other Microsoft products that would normally need to be purchased or licensed separately. The most notable inclusions are Exchange, SQL Server, SharePoint and ISA/TMG (Microsoft's firewall and proxy server).

Top Experts
Get a personalized solution from industry experts
Ask the experts
Read over 600 more reviews


IBM logoIntel logoMicrosoft logoUbisoft logoSAP logo
Qualcomm logoCitrix Systems logoWorkday logoErnst & Young logo
High performer badgeUsers love us badge
LinkedIn logoFacebook logoX logoInstagram logoTikTok logoYouTube logo