none
Setup Remote Web Access - SBS 2011 Essentials

    Question

  • Hello –

    Recently purchased SBS 2011 Essentials Server for small office environment.  One of the many things the client needed was to provide access to employees outside the office.   Remote Web Access sounded like a great solution.   The problem that I am facing is that the client has internet business service through a local cable company.  The cable company provides broadband modem and 4 port router (for multiple ip address) – then they have a Linksys router off one of the router ports that distributes wifi and dhcp.

    I need to find a way that I can configure RWA with this current setup?   Anyone have any ideas?


    Thanks Tim Temple

    Wednesday, November 21, 2012 9:49 PM

Answers

  • First mention of a Cisco Router.  Before you were discussing a switch.

    If you 1. really have two routers you don't need both, and 2.  mean for internal users, it would if the Cisco will allow you to put your linksys in the DMZ and push everthing to it.  Otherwise you would have to do double nat, which is a pain in the ......

    So, for clarity, what are the exact model numbers for the devices?


    Larry Struckmeyer[SBS-MVP]

    Friday, November 23, 2012 6:20 PM
  • Forward the ports on the modem to the server 443 in particular needs to
    be forwarded to the server IP
     
    Monday, November 26, 2012 10:24 PM

All replies

  • Is the cable company equipment a modem-router (single device) or is it a separate modem and router?
    Is the Linksys wireless router used for internal users or just to provide internet access for 'guests'?
    You mentioned 'multiple IP address'... so the client has a bank of static <public> IP addresses from the ISP?
     

    --
    Merv  Porter   [SBS-MVP]
    ============================
    Wednesday, November 21, 2012 11:28 PM
  • Hi Merv -

    Thanks for getting back to me.  The cable company provides two devices to this client.  1) Motorola Surfboard Modem and 2) Cisco 800 Series 4 port switch.  1 port has a vpn device gateway that is used to a hosted ASP and the 2 port has the Linksys router.

    The linksys router is being used right now only for dhcp and guest wifi.

    Yes - they have 5 ip addresses.


    Thanks Tim Temple

    Thursday, November 22, 2012 1:50 AM
  • Hi:

    You seem to be missing a true firewall, preferably a UTM, and I strongly recommend you consider a router/firewall that offers a higher level of protection for your network than a typical consumer call router.

    For enabeling RWA, the data flow is:

    ISP - ISP Device - Router/Firewall - Switch - all the computer systems.

    One public IP address is assigned to the WAN side of the router/firewall and the LAN side has the ip of the rest of the network.  Either the router or the SBS-E can be the DHCP server for the network.

    Then you port forward the required ports from the router to the IP of the SBS E and run the wizards on the SBS to establish the listening ports and order and install your trusted certifiate.  Either before or beginning this process, contact youf public DNS host and setup the pointer for your RWA address, for example, remote.your_domain.com.

    As for the wireless, that depends on if you need wireless users to access the internal domain, or just guest access for the internet.


    Larry Struckmeyer[SBS-MVP]

    Thursday, November 22, 2012 2:29 AM
  • Unless the Linksys router has a 'guest network' Wifi capability (I.e., a separate wireless network that cannot be routed to the main network), I would turn off wireless on the Linksys.  Otherwise, you may have a major security risk since the current configuration places guest computers directly on your internal network.  You can address the need and solution for a guest wireless network after you set up the SBS 2011e server.  Many of the newer consumer routers have a 'guest wireless network' built in (such as the DLink DIR-655).
     
    If the Linksys has UPNP capability, make sure it's turned on.  Then the SBS 2011e setup wizard should be able to find the Linksys and configure it to forward port 443 to your SBS server.  If the wizard fails, you should be able to skip the router auto-setup step and manually configure the Linksys router to forward port 443 to your SBS server.  However, prior to this, you may want to assign the SBS server a static LAN IP address that is in the same IP range as the LAN but is outside the range that is handled by the DHCP service on the router.   Then forward port 443 to this IP address on the proper screen in the router. 

    SBS 2011 Essentials: Router Setup
      Configure the Linksys WRT54GL for Remote Access
    http://social.technet.microsoft.com/wiki/contents/articles/3038.sbs-2011-essentials-router-setup.aspx#LinksysWRT54GL

    The Basics of Local DNS for Small Business Server 2011 Essentials
     
    Lots of good info on SBS 2011e over at Robert Pearman's web site...
     
     
    And an emulator to play with for the GUI of the Linksys WRT54g
     

    --
    Merv  Porter   [SBS-MVP]
    ============================
    Thursday, November 22, 2012 2:42 AM
  • Thanks Larry - So - my current configuration wont work?

    ISP --> ISP Modem --> ISP Cisco Router -- Linksys E1200 --> computer systems


    Thanks Tim Temple

    Friday, November 23, 2012 4:13 PM
  • First mention of a Cisco Router.  Before you were discussing a switch.

    If you 1. really have two routers you don't need both, and 2.  mean for internal users, it would if the Cisco will allow you to put your linksys in the DMZ and push everthing to it.  Otherwise you would have to do double nat, which is a pain in the ......

    So, for clarity, what are the exact model numbers for the devices?


    Larry Struckmeyer[SBS-MVP]

    Friday, November 23, 2012 6:20 PM
  • Thanks Larry - I appreciate your help.  - I will cut and paste from one of my orginal posts.
    "The cable company provides two devices to this client.  1) Motorola Surfboard Modem and 2) Cisco 800 Series 4 port switch.  1 port has a vpn device gateway that is used to a hosted ASP and the 2 port has the Linksys E1200 router."

    Thanks Tim Temple

    Saturday, November 24, 2012 3:15 PM
  • Forward the ports on the modem to the server 443 in particular needs to
    be forwarded to the server IP
     
    Monday, November 26, 2012 10:24 PM