• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 691
  • Last Modified:

How do I setup SBS2003 R2 Standard with Watchguard Firebox X10e for VPN ?

Here's my equipment and software. Keep in mind none of this is installed yet.
Dell Server with 2 NIC Cards
SBS 2003 R2 Standard.
6 Gateway Vista Workstations.
Atlantic Broadband modem with Static IP
10 port switch
Wireless router linksys
(2) Watchguard Firebox X10e

I want to connect our two offices (different city's) with the fireboxes.
The server side has the static ip.

Some of the questions are:

Where will the incoming cable modem line connect? To the firebox first? then to switch and then to nic on server? Can anyone give me a layout for the physical hookup?
What about DHCP. SBS usually wants to be the DHCP server, so how do I do this?

Since I will be pointing my domain records to the static ip for exchange , is there anything I need to think about as far as this setup with the Fireboxes??
1 Solution
emumasterAuthor Commented:
I am heading out to lunch, so if you guys answer or have a question, I'll be back at 1:00pm EST
And thanks ahead of time for your advice !!
Rob WilliamsCommented:
-SBS configured with 2 NIC's is intended to be a gateway for your LAN clients. In order for a remote site to gain access you need to open many ports. your best bet would be to disable the WAN/public facing NIC. Do so, and then re-run the Configure E-mail and Internet Connection Wizard located under server management | internet and e-mail | connect to the internet.
-The physical connections will then be as follows:
Internet=>modem=>Watchguard=>switch=>SBS, clients, and wireless Linksys (configured as an access point, not a gateway)
-SBS needs to be the DHCP server. If it is not already, see "Configuring Settings for an Existing DHCP Server Service on Your Network" 1/2 way down the page.
-the remote site must use a different subnet than the SBS site. For example if the SBS site uses 192.168.1.x, the remote site must use something like 192.168.2.x
-the local and remote site MUST use different subnets, this applies to mobile VPN clients as well. Therefore at the primary site it is a good idea to avoid common subnets such as 192.168.0.x, 192.168.1.x, 192.168.2.x, 10.0.0.x, 10.10.10.x
-If you change the servers LAN IP you MUST do so using the change server IP wizard, located under server management | internet and e-mail
-The remote site must also point to your SBS for DNS, and not the public IP. They must also not use the ISP's DNS even as an alternate (second) DNS server

Afraid I am no help with the Watchguard actual site -to-site VPN connection.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Simple Misconfiguration =Network Vulnerability

In this technical webinar, AlgoSec will present several examples of common misconfigurations; including a basic device change, business application connectivity changes, and data center migrations. Learn best practices to protect your business from attack.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now