Re: RWW VPN security problem ?
From: Paul Proefrock (proefrock_at_NO_heartlandgroup_JUNKMAIL.com)
Date: 08/30/04
- Next message: Max: "Out of licences"
- Previous message: Jack Ping: "Re: where to setup FTP server, inside or outside the network?"
- In reply to: Marina Roos [SBS-MVP]: "Re: RWW VPN security problem ?"
- Next in thread: Marina Roos [SBS-MVP]: "Re: RWW VPN security problem ?"
- Reply: Marina Roos [SBS-MVP]: "Re: RWW VPN security problem ?"
- Messages sorted by: [ date ] [ thread ]
Date: Mon, 30 Aug 2004 18:52:30 -0500
Marina,
I suspect there are a lot of companies like ours that are using SBS 2003
with PoP 3 mail, hosted sites and small, inexpensive routers (Linksys,
D-Link, NetGear). If it will help any other potential users, I'd be happy to
model my system and settings, much like is on the smallbizserver.net site.
It could be "Two Nics, a static IP address, No ISA, Std SBS with ISP hosted
site - POP3 mail" Perhaps there is a shorter title but I bet there are a
bunch out there like me.
If it would be of value, I'll do the page modeling and send it your way for
proofing?
Paul P
"Marina Roos [SBS-MVP]" <marina@roos.nodontwantspam.nl.com> wrote in message
news:uDo12VsjEHA.384@TK2MSFTNGP10.phx.gbl...
> Hi Paul,
>
> The https://IP:444/ issues the certificate (which is not right, because
> the
> certificate is pointing to FQDN in stead of your IP and after accepting
> that
> certificate I do get a login screen.
>
> I have tried to login as administrator about 2 hours ago, so you should
> see
> a message in the securitylog about that.
>
> https://FQDN:444 does not work because there is no dns record created by
> your ISP).
>
> You should rerun the CEICW wizard and change the web certificate to your
> public IP .
>
>
> The fact that you get to https://ip:444/ without getting the loginscreen,
> must be due to the fact that you are already logged into the domain or
> that
> login is still cached. So no worries about it, just rerun CEICW and change
> the certificate.
> You will also need to open port 4125 from your router to your external nic
> IP, if you want to enable RWW from the internet.
>
>
> --
> Regards,
>
> Marina
> Microsoft SBS-MVP
>
> "Marina Roos [SBS-MVP]" <marina@roos.nodontwantspam.nl.com> schreef in
> bericht news:u6sVFRmjEHA.1652@TK2MSFTNGP09.phx.gbl...
>> Hi Paul,
>>
>> Don't know what happened to that reply, but you did reach me: this was
> your
>> message:
>>
>>
>>
>> Marina,
>> Thanks for your offer of help. I wanted to make sure I interpreted the
> email
>> address correctly before I started emailing IP addresses.
>>
>> Is this the correct contact point?
>>
>> Paul Proefrock
>>
>>
>>
>>
>> --
>> Regards,
>>
>> Marina
>> Microsoft SBS-MVP
>>
>> "Paul Proefrock" <proefrock@NO_heartlandgroup_JUNKMAIL.com> schreef in
>> bericht news:OIZkGdjjEHA.2340@TK2MSFTNGP11.phx.gbl...
>> > Marina,
>> > Your reply email has not arrived. Just making sure I have the right
> email
>> > address. Don't want to knowingly send out an IP address with a known
>> > security problem.
>> >
>> >
>> > Paul P
>> >
>> >
>> > "Marina Roos [SBS-MVP]" <marina@roos.nodontwantspam.nl.com> wrote in
>> message
>> > news:u1g3r3ijEHA.3348@TK2MSFTNGP12.phx.gbl...
>> > > Hi Paul,
>> > >
>> > > Received and replied.
>> > >
>> > > --
>> > > Regards,
>> > >
>> > > Marina
>> > > Microsoft SBS-MVP
>> > >
>> > > "Paul Proefrock" <proefrock@NO_heartlandgroup_JUNKMAIL.com> schreef
>> > > in
>> > > bericht news:uWhimmijEHA.3988@tk2msftngp13.phx.gbl...
>> > >> Marina,
>> > >> Sent you a personal email, checking if I interpreted email address
>> > >> correctly. Please let me know and I'll fire off IP address
>> > >>
>> > >> Thanks
>> > >>
>> > >> Paul P
>> > >>
>> > >>
>> > >> "Marina Roos [SBS-MVP]" <marina@roos.nodontwantspam.nl.com> wrote in
>> > > message
>> > >> news:uTe9cUcjEHA.2500@TK2MSFTNGP15.phx.gbl...
>> > >> > Hi Paul,
>> > >> >
>> > >> > And how does the certificate look like? Is it pointing to your
> public
>> > >> > IP
>> > >> > or
>> > >> > to your FQDN? Would you mind to give me your IP (email to me
>> privately
>> > > and
>> > >> > take out the nospam part between the dots)?
>> > >> >
>> > >> > --
>> > >> > Regards,
>> > >> >
>> > >> > Marina
>> > >> > Microsoft SBS-MVP
>> > >> >
>> > >> > "Paul Proefrock" <proefrock@NO_heartlandgroup_JUNKMAIL.com>
>> > >> > schreef
>> in
>> > >> > bericht news:uQJ2VMXjEHA.1312@tk2msftngp13.phx.gbl...
>> > >> >> Marina,
>> > >> >> Since your post, I have had multiple reboots so I am confident
> there
>> > >> >> is
>> > >> >> nothing in the cache. Opened Explorer, fresh. enter
>> > >> >> https://IPaddress:444.
>> > >> >>
>> > >> >> The machine presents the security pop-up that says the site has a
>> bad
>> > >> >> security certificate. I click yes and "mycompanyweb" opens, No
> Login
>> > >> > screen
>> > >> >>
>> > >> >> Paul
>> > >> >>
>> > >> >>
>> > >> >> "Marina Roos [SBS-MVP]" <marina@roos.nodontwantspam.nl.com> wrote
> in
>> > >> > message
>> > >> >> news:u3jL6kKjEHA.3608@TK2MSFTNGP09.phx.gbl...
>> > >> >> > Hi Paul,
>> > >> >> >
>> > >> >> > If you close all internet explorer windows, then start IE again
>> with
>> > >> >> > the
>> > >> >> > https://ip:444, do you get the login screen?
>> > >> >> >
>> > >> >> > --
>> > >> >> > Regards,
>> > >> >> >
>> > >> >> > Marina
>> > >> >> > Microsoft SBS-MVP
>> > >> >> >
>> > >> >> > "Paul Proefrock" <proefrock@NO_heartlandgroup_JUNKMAIL.com>
>> schreef
>> > > in
>> > >> >> > bericht news:uWIWJgKjEHA.3896@TK2MSFTNGP10.phx.gbl...
>> > >> >> >> Standard
>> > >> >> >> all options except web server
>> > >> >> >>
>> > >> >> >> Paul P
>> > >> >> >>
>> > >> >> >> "Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]"
>> > >> >> >> <sbradcpa@pacbell.net>
>> > >> >> >> wrote in message news:u3R4PE$iEHA.2544@TK2MSFTNGP10.phx.gbl...
>> > >> >> >> > ISA server or Standard? What options did you select when
>> running
>> > >> >> >> > the
>> > >> >> >> > wizard?
>> > >> >> >> >
>> > >> >> >> > Paul Proefrock wrote:
>> > >> >> >> >> In setting up my system and remote users, I have found a
>> > > situation
>> > >> >> >> >> that
>> > >> >> >> >> alarms me. I don't know if it is due to something I have
> done
>> > >> >> >> >> or
>> > >> >> >> >> if
>> > >> >> >> >> it
>> > >> >> >> >> is a bug in SBS2003.
>> > >> >> >> >>
>> > >> >> >> >> If I connect to my server from a remote box, using
>> > >> >> >> >> https://IPaddress/remote, I get the login screen requesting
>> user
>> > >> > name
>> > >> >> > and
>> > >> >> >> >> password. Enter it and everything connects and works as it
>> > > should.
>> > >> >> >> >>
>> > >> >> >> >> If I connect using https://IPaddress:444, it zips right on
>> thru,
>> > >> >> >> >> bypassing the security screens. It opens my company
>> > >> >> >> >> webpage!
>> > >> >> >> >>
>> > >> >> >> >> We are using SBS2003/SP1 behind a Linksys Router. I am
>> > >> >> >> >> using
>> the
>> > >> >> >> >> actual
>> > >> >> >> >> IP address. If I use the FQDN, it doesn't connect
>> > >> >> >> >>
>> > >> >> >> >> Is this normal? what is to keep anyone out of a site
>> > >> >> >> >> enabled
>> for
>> > >> >> >> >> remote
>> > >> >> >> >> sharepoint access?
>> > >> >> >> >>
>> > >> >> >> >> Paul P
>> > >> >> >> >
>> > >> >> >> > --
>> > >> >> >> > http://www.sbslinks.com/really.htm
>> > >> >> >>
>> > >> >> >>
>> > >> >> >
>> > >> >> >
>> > >> >>
>> > >> >>
>> > >> >
>> > >> >
>> > >>
>> > >>
>> > >
>> > >
>> >
>> >
>>
>>
>
>
- Next message: Max: "Out of licences"
- Previous message: Jack Ping: "Re: where to setup FTP server, inside or outside the network?"
- In reply to: Marina Roos [SBS-MVP]: "Re: RWW VPN security problem ?"
- Next in thread: Marina Roos [SBS-MVP]: "Re: RWW VPN security problem ?"
- Reply: Marina Roos [SBS-MVP]: "Re: RWW VPN security problem ?"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
