External access to Sharepoint 2013 Server

Apologies if I have not provided enough detail.

I have a SharePoint 2013 server running inside our organisation.  Authenticated users access this through https and a certificate has been installed.  This work fine and users can directly access sites without any further prompting of username or password.

I now want to let my laptop users access the same sites from outside of the organisation using the the https:// site name.  I have configured a 1to1 NAT on our firewall and created an external DNS entry pointing to the IP address that is natted to the internal SharePoint server.

I can see on our firewall that traffic is being sent but the laptop user receives a page cannot be found, it looks like an authentication issue.

Can someone please assist in how I should set this up using the simplest method available, still using https but without receiving a challenge box as they are already authenticated to their laptop using their AD credentials when outside of the organisation.  I do not need any user who is not registered in AD to have access.

Many thanks
Who is Participating?
Yagya ShreeConnect With a Mentor Commented:
You need to make sure that you site/external IP is allowed on your firewall to pass through and get to user of external network as well as your external IP provider settings are configured as per your requirement.

The error you mentioned "page not found" only comes when the request sent by external users are not getting passed through from external IP to firewall and then towards your SP server.
Yagya ShreeCommented:
When you say external laptop user, i will consider them using internet intead of directly connected to you company network.

In that case make sure you have external IP address purchased  with certificate and added to IIS Manager on the site to give access to external users.

Oh also make sure you have configured your AAM properly.
alanrwebsterAuthor Commented:
Thanks yagyashree

We already have a cert and external IP address which has one to one nat to the internal SharePoint server.  The cert is install on the SP server.

the url we are using internall and externally is https://intranet.domain.com as an example.

If the laptop user is on our company network then everything works well - no challenge boxes and they can browse the SP sites.  The site I am using for testing is located in the internet zone.

I seem to have configured the items you mentioned but it does not work. I should also mention we are using claims based authentication.

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

alanrwebsterAuthor Commented:
I can see on the Watchguard host watcher that there is a connection from the external device and the traffic is being passed to the internal server.

The firewall rule is a https 1to1 nat - only port 443 is open - do I need to open any other ports?
Yagya ShreeCommented:
Please open all ports for testing and then after test only open port 80.

Also check your IIS Site binding and confirm that site is binded to port 80 and 443 while the certificate is applied.
alanrwebsterAuthor Commented:
Thanks, it was confirmed to be a firewall problem and now that the rules are correct we can access the SP server as expected.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.