Re: Advise needed for proposed SBS 2003 setup.
From: Cris Hanna \(SBS-MVP\) (crisnospamhanna_at_mindspring.com)
Date: 03/14/04
- Next message: John: "Re: "Send/Receive" in outlook brings old mail."
- Previous message: Lesa H.: "Re: Advise needed for proposed SBS 2003 setup."
- In reply to: Lesa H.: "Re: Advise needed for proposed SBS 2003 setup."
- Messages sorted by: [ date ] [ thread ]
Date: Sat, 13 Mar 2004 21:04:21 -0600
Ideally if you can bring everything into the LAN that will be your best bet
You only need two nics,
1 "private" static IP on the internal nic
1 "routeable" static IP on the external nic
only thing bound to external nic is tcp/ip
after ISA is installed run the internet connection wizard and you can allow VPN through ISA
create user accounts for the "vendors' to vpn in and control what they can access
microsoft.public.windows.server.sbs for smallbiz2003
-- Cris Hanna, SBS-MVP ---------------------------------------------- Please DO NOT respond to me directly but post all responses here in the newsgroup so that all can share the information "Lesa H." <notrealRolypolylesa@hotmail.com> wrote in message news:esvwdHWCEHA.2600@TK2MSFTNGP09.phx.gbl... Thanks for the info so far. Yes, We'll be using ISA and I'm planning on getting the upgrade version for them. The fibre connection is coming directly into the LAN. I'm not sure we can get a fibre connection to building3 but it would be nice. Thanks for the examples. I looked for the SBS2K3 group, but I must have missed it. L "SuperGumby [SBS MVP]" <not@your.nellie> wrote in message news:OwUGqSUCEHA.3024@tk2msftngp13.phx.gbl... > you may do well to repost your question in the SBS2K3 group > microsoft.public.windows.server.sbs > > as Cris asks, and a key question, Do you intend using ISA in the mix. I hope > you've got the upgrade from 4.5 which gives you SBS2K3 Premium rather than > Standard. > > You mention that building2 has a direct fibre connection so I asume you're > bringing this directly into the LAN, whether you bring building3 in directly > to the LAN or via VPN will affect your implementation. > > two basic scenarios > > Two NIC ISA > > public IP > | > | > Simple NAT router > | > | > SBS External > SBS INternal > | > | > Switch -- Router? -- Building2 PC's (building3 PC's could use similar, or > VPN) > | > | > Building1 client PC's > > no ISA > > public IP > | > | > more advanced router, something as capable as ISA, including VPN > | > | > switch -- Router? -- Building2 PC's (building3 PC's could use similar, or > VPN) > | > | > SBS and building1 clients > > I put question marks on the routers for b2/b3 because they are possibly not > required, but quite likely desirable. Running the remotes as routed subnets > cuts down on link traffic, running them as bridged extensions to the network > makes the logical description of the network easier. > > "Lesa H." <notrealRolypolylesa@hotmail.com> wrote in message > news:OR5iOiTCEHA.1452@TK2MSFTNGP09.phx.gbl... > > Next week I'll be turning over a proposal to an organization and I need a > > little advise. They currently have a SBS 4.5 server (the company that set > it > > up didn't really set it up the "SBS" way). I'm planning to pretty much > start > > from scratch with new server hardware and SBS 2003. They have a fractional > > T-1 connection to the Internet at the main site. They currently have a > > portion of the organization in a building connected to the main site via > > fiber optic cable. They want to add a third building to the network which > is > > physically located a little farther away and will probably need to be > > connected via a T-1 point to point connection (we're not sure about this > one > > yet). > > > > The users need access to their e-mail from home. They are currently > allowing > > some vendors into the main office via PC Anywhere via TCP/IP to review > some > > reports. They have PC Anywhere disabled when it is not in use. I'm pretty > > sure they would be willing to try other methods. > > > > E-mail and web site are currently hosted by a separate hosting company and > > mail is being downloaded to individual workstations with POP3 mail. They > > own at least 2 static IP's and I don't think it would be a problem getting > > more if necessary. My goal is to make the setup as secure as possible and > > still allow the e-mail access and allow the vendors to have access to the > > reports they need. > > > > Any advise on how to secure the network? I figure this must have been done > > before. Should we get some sort of router to put in front of the SBS > server > > and do VPN there? If so, any recommendations on brand/models? Is there a > > better way to allow users in but still be secure? > > > > Most of my SBS networks have been hidden behind NAT routers so I have > little > > experience exposing SBS to the Internet directly. > > > > Anyway, suggestions and comments are welcome and appreciated!! > > > > Lesa > > > > > >
- Next message: John: "Re: "Send/Receive" in outlook brings old mail."
- Previous message: Lesa H.: "Re: Advise needed for proposed SBS 2003 setup."
- In reply to: Lesa H.: "Re: Advise needed for proposed SBS 2003 setup."
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
