How do I setup SBS2003 R2 Standard with Watchguard Firebox X10e for VPN ?

Here's my equipment and software. Keep in mind none of this is installed yet.
Dell Server with 2 NIC Cards
SBS 2003 R2 Standard.
6 Gateway Vista Workstations.
Atlantic Broadband modem with Static IP
10 port switch
Wireless router linksys
(2) Watchguard Firebox X10e

I want to connect our two offices (different city's) with the fireboxes.
The server side has the static ip.

Some of the questions are:

Where will the incoming cable modem line connect? To the firebox first? then to switch and then to nic on server? Can anyone give me a layout for the physical hookup?
What about DHCP. SBS usually wants to be the DHCP server, so how do I do this?

Since I will be pointing my domain records to the static ip for exchange , is there anything I need to think about as far as this setup with the Fireboxes??
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

emumasterAuthor Commented:
I am heading out to lunch, so if you guys answer or have a question, I'll be back at 1:00pm EST
And thanks ahead of time for your advice !!
Rob WilliamsCommented:
-SBS configured with 2 NIC's is intended to be a gateway for your LAN clients. In order for a remote site to gain access you need to open many ports. your best bet would be to disable the WAN/public facing NIC. Do so, and then re-run the Configure E-mail and Internet Connection Wizard located under server management | internet and e-mail | connect to the internet.
-The physical connections will then be as follows:
Internet=>modem=>Watchguard=>switch=>SBS, clients, and wireless Linksys (configured as an access point, not a gateway)
-SBS needs to be the DHCP server. If it is not already, see "Configuring Settings for an Existing DHCP Server Service on Your Network" 1/2 way down the page.
-the remote site must use a different subnet than the SBS site. For example if the SBS site uses 192.168.1.x, the remote site must use something like 192.168.2.x
-the local and remote site MUST use different subnets, this applies to mobile VPN clients as well. Therefore at the primary site it is a good idea to avoid common subnets such as 192.168.0.x, 192.168.1.x, 192.168.2.x, 10.0.0.x, 10.10.10.x
-If you change the servers LAN IP you MUST do so using the change server IP wizard, located under server management | internet and e-mail
-The remote site must also point to your SBS for DNS, and not the public IP. They must also not use the ISP's DNS even as an alternate (second) DNS server

Afraid I am no help with the Watchguard actual site -to-site VPN connection.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Software Firewalls

From novice to tech pro — start learning today.