Sharepoint setup in dmz for external access and internal access


I'm looking to setup sharepoint in the dmz so internal users can access the site internally, also so users can access the sharepoint site externally via a web link.  Is this possible and what is the best way to setup?  I would like users already logged onto the domain to access the site as normal internally without username and password, but when they're at home - to still be able to access the site but using a username and password.  All sites have to be ssl.  

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Ted BouskillSenior Software DeveloperCommented:
The best way is setup Sharepoint inside your domain then expose a public site via Microsoft ISA 2006 or higher.
AC_NovaAuthor Commented:
So you're saying place a serverpoint server on the internal network and have a web front end in the dmz? want steps would be needed to set this up?  We arent using ISA, we have cisco ASA and nokia checkpoint
Ted BouskillSenior Software DeveloperCommented:
No, I'm recommending leaving Sharepoint behind a firewall and use a product similiar to ISA to port forward a specific site from Sharepoint.  If you search there is a 3 part series of articles on "What every Administrator needs to know about Alternate Access Mapping" that shows how to expose Sharepoint through a firewall.

All servers in a Sharepoint farm have to be in the same domain and if you have it in the DMZ then you have to setup a trust relationship between the two domains which might be riskier than simple exposing via a secure firewall like ISA or similiar.
AC_NovaAuthor Commented:
So what you're suggesting is having Sharepoint on the LAN, With the appropriate forwarding rules.  I don't think my manager will like that...  How would I setup the second option?
Ted BouskillSenior Software DeveloperCommented:
I don't even know if the second option would work and might be more dangerous.  The firewall between the two separate Sharepoint installations would have to allow the external domain to connect to the internal domain.  As I said that would be risky.

To be honest, if the external site is only for employees I wouldn't event publicly expose it to the internet and would use a secure VPN tunnel instead.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft SharePoint

From novice to tech pro — start learning today.