External access to Sharepoint 2013 Server

Apologies if I have not provided enough detail.

I have a SharePoint 2013 server running inside our organisation.  Authenticated users access this through https and a certificate has been installed.  This work fine and users can directly access sites without any further prompting of username or password.

I now want to let my laptop users access the same sites from outside of the organisation using the the https:// site name.  I have configured a 1to1 NAT on our firewall and created an external DNS entry pointing to the IP address that is natted to the internal SharePoint server.

I can see on our firewall that traffic is being sent but the laptop user receives a page cannot be found, it looks like an authentication issue.

Can someone please assist in how I should set this up using the simplest method available, still using https but without receiving a challenge box as they are already authenticated to their laptop using their AD credentials when outside of the organisation.  I do not need any user who is not registered in AD to have access.

Many thanks
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Yagya ShreeCommented:
When you say external laptop user, i will consider them using internet intead of directly connected to you company network.

In that case make sure you have external IP address purchased  with certificate and added to IIS Manager on the site to give access to external users.

Oh also make sure you have configured your AAM properly.
alanrwebsterAuthor Commented:
Thanks yagyashree

We already have a cert and external IP address which has one to one nat to the internal SharePoint server.  The cert is install on the SP server.

the url we are using internall and externally is https://intranet.domain.com as an example.

If the laptop user is on our company network then everything works well - no challenge boxes and they can browse the SP sites.  The site I am using for testing is located in the internet zone.

I seem to have configured the items you mentioned but it does not work. I should also mention we are using claims based authentication.

Yagya ShreeCommented:
You need to make sure that you site/external IP is allowed on your firewall to pass through and get to user of external network as well as your external IP provider settings are configured as per your requirement.

The error you mentioned "page not found" only comes when the request sent by external users are not getting passed through from external IP to firewall and then towards your SP server.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Newly released Acronis True Image 2019

In announcing the release of the 15th Anniversary Edition of Acronis True Image 2019, the company revealed that its artificial intelligence-based anti-ransomware technology – stopped more than 200,000 ransomware attacks on 150,000 customers last year.

alanrwebsterAuthor Commented:
I can see on the Watchguard host watcher that there is a connection from the external device and the traffic is being passed to the internal server.

The firewall rule is a https 1to1 nat - only port 443 is open - do I need to open any other ports?
Yagya ShreeCommented:
Please open all ports for testing and then after test only open port 80.

Also check your IIS Site binding and confirm that site is binded to port 80 and 443 while the certificate is applied.
alanrwebsterAuthor Commented:
Thanks, it was confirmed to be a firewall problem and now that the rules are correct we can access the SP server as expected.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft SharePoint

From novice to tech pro — start learning today.