Re: Network Hardware Layout w/SBS

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

CCW_at_kc.rr.com
Date: 02/09/05 

Date: Wed, 09 Feb 2005 16:47:39 GMT

Thanks Les,

I love it when I "have to" get more hardware!

On Wed, 9 Feb 2005 09:47:50 -0600, "Les Connor [SBS Community Member -
SBS MVP]" <les.connor@DEL.cfive.ca> wrote:

>Two hardware devices.
>
>The wireless Access Point on the lan needs only be an AP. Some soho
>gateway/router/switches can be set up as Access Points, but a purely AP is
>probably less expensive and simpler to configure.
>
>On the external side, the DHCP would need to be configured to offer IPs on
>the same subnet as your external nic. Computers connected here are still in
>a private network, but are outside the lan. If they want internal resources,
>then the connection type might depend on what resouces they want to access.
>As far as I'm concerned, if they require lan resources it's just plain
>easier for them to connect to the wireless AP on the lan.
>
>Coming from the external side -VPN is a valid method, perhaps not the best
>in all cases though. There's OWA, RWW, and Outlook RPC/HTTP - these all work
>without a VPN, and from any allowed external location - not just this
>particular location.
>
>If you have both internal and external wireless APs, then for those
>requiring access to internal resources, there just isn't any point in
>connecting to the external network. Those such as visitors who want internet
>access connect to the external network, the very reason it's there is to
>keep them outside your lan.
>
>-
>Les Connor [SBS Community Member - SBS MVP]
>-----------------------------------------------------------
>SBS Rocks !
>
>
><cwoltemath@kc.rr.com> wrote in message
>news:4209ecad.6566682@news-server.kc.rr.com...
>> Thanks for your response. I'm finding out you're right.
>> Do you use one set of internal wireless hardware and one set of
>> external hardware? I need two access points to cover my property so
>> that may complicate things as far as hardware goes. Can I somehow
>> bring some internal static addresses in through the external nic
>> without using VPN or do I just duplicate the hardware on the internal
>> side.
>>
>> On Tue, 8 Feb 2005 21:42:45 -0600, "Les Connor [SBS Community Member -
>> SBS MVP]" <les.connor@DEL.cfive.ca> wrote:
>>
>>>I think it depends what the wireless is for, internal access (user
>>>accounts
>>>on the SBS), or external (such as visitors).
>>>
>>>For intenal users, it's simpler to have a wireless AP on the lan, the SBS
>>>DHCP server will look after internal clients. For external users, you
>>>could
>>>utilize an external gateway/router with wirless, running it's own DHCP.
>>>You
>>>reserve the SBS external nic IP. You can set up security on the external
>>>any
>>>way you like, but if it's primarily for visitor use, then it can be lower
>>>security than the internal wireless, where you want the max.
>>>
>>>I have an SBS at home, with both internal and external. I use the
>>>internal,
>>>my kids are at university and come and go with their laptops, so they use
>>>the external ;-).
>>>
>>>--
>>>Les Connor [SBS Community Member - SBS MVP]
>>>-----------------------------------------------------------
>>>SBS Rocks !
>>>
>>>
>>><cwoltemath@kc.rr.com> wrote in message
>>>news:42095e20.245920314@news-server.kc.rr.com...
>>>> Thank you everyone for your response. Now I'm trying to "dial in"
>>>> my wireless. From what I've read, I'm better off to confine my
>>>> wireless connections to the "perimeter" network and vpn back in. My
>>>> router (192.168.1.1) gets its IP from the cable modem (public IP) and
>>>> uses dhcp to give my sbs server 192.168.16.2. The router also hands
>>>> out 192.168.1.3-51 to various wireless devices. All the wireless
>>>> devices use WEP.
>>>>
>>>> 1) Is it OK to use my router's DHCP and have my SBS server also using
>>>> DHCP "below" the router with a different set of addresses or does this
>>>> violate the SBS rules?
>>>>
>>>> 2) Should I use static IP addresses from my router to the wireless
>>>> devices and/or the SBS server?
>>>>
>>>> I plan on setting the wireless devices to vpn back into the server.
>>>> After I accomplish this I'd like to use dyndns.org or something
>>>> similar to access the server with OWA and activesync. I'm also
>>>> planning on providing some guests with wireless internet access.
>>>>
>>>> BTW This 100 year old copy of Free Agent still works pretty well!
>>>>
>>>> Thanks
>>>>
>>>> On Thu, 3 Feb 2005 12:14:07 -0600, "Les Connor [SBS Community Member -
>>>> SBS MVP]" <les.connor@DEL.cfive.ca> wrote:
>>>>
>>>>>Hi CCW,
>>>>>
>>>>>Your setup looks fine. With SBS Standard, running the CEICW (connect to
>>>>>the
>>>>>internet) wizard will configure RRAS to allow the internal resources you
>>>>>select to be available from the internet.
>>>>>
>>>>>The only other measure you have available to you without further
>>>>>investment
>>>>>is to ensure that your router is only allowing traffic on the ports that
>>>>>are
>>>>>actually required. These are:
>>>>>
>>>>>25 (if you host your own email)
>>>>>80 (optionally, not required) - will re-direct to port 443
>>>>>443 (for SSL - OWA, RWW, Outlook RPC/HTTP)
>>>>>4125 (for 'Connect to my Computer/Server') in RWW
>>>>>
>>>>>Some other less common ports are:
>>>>>
>>>>>110 (if you enable pop server)
>>>>>1723 (if you enable VPN - generally called VPN Passthrough on the
>>>>>router)
>>>>>3389 (if you want direct access to the server desktop via RDP)
>>>>>
>>>>>SBS with a two nics, and a router gives you reasonable protection from
>>>>>the
>>>>>outside. It doesn't give you much flexibility for outgoing security, but
>>>>>many small biz's aren't concerned with that at this point. ISA (included
>>>>>in
>>>>>SBS Premium) is a great solution for enhancing your internet security
>>>>>overall.
>>>>>
>>>>>
>>>>>--
>>>>>Les Connor [SBS Community Member - SBS MVP]
>>>>>-----------------------------------------------------------
>>>>>SBS Rocks !
>>>>>
>>>>>
>>>>><ccw@kc.rr.com> wrote in message
>>>>>news:42026034.337098640@news-server.kc.rr.com...
>>>>>> I've been lurking in this group for a few months now trying set up my
>>>>>> system as "right" as I can. I'm not having any major problems(that I
>>>>>> know of) that I haven't been able to cure with a little reading and
>>>>>> searching. But, I do have some doubts about my protection from the
>>>>>> outside world. I'd appreciate it if someone could tell me if I'm
>>>>>> doing anything "major league" wrong as I'm think I'm ready delve into
>>>>>> the "remote" world.
>>>>>>
>>>>>> I'm running SBS Standard with 2 Nics.
>>>>>> Internet>Netgear wireless router>Internal Nic>SBS>External
>>>>>> Nic>Switch>Clients
>>>>>> All XP2 Clients with AV software
>>>>>> Server AV software.
>>>>>> Microsoft Windows [Version 5.2.3790]
>>>>>> (C) Copyright 1985-2003 Microsoft Corp.
>>>>>>
>>>>>> (Server) Windows IP Configuration
>>>>>>
>>>>>> Host Name . . . . . . . . . . . . : Host_Name
>>>>>> Primary Dns Suffix . . . . . . . : CompanyName.local
>>>>>> Node Type . . . . . . . . . . . . : Unknown
>>>>>> IP Routing Enabled. . . . . . . . : Yes
>>>>>> WINS Proxy Enabled. . . . . . . . : Yes
>>>>>> DNS Suffix Search List. . . . . . : CompanyName.local
>>>>>>
>>>>>> Ethernet adapter Network Connection:
>>>>>>
>>>>>> Connection-specific DNS Suffix . :
>>>>>> Description . . . . . . . . . . . : D-Link DGE-530T Gigabit
>>>>>> Ethernet Adapter
>>>>>> #2
>>>>>> Physical Address. . . . . . . . . : 00-0F-3D-F0-AF-C4
>>>>>> DHCP Enabled. . . . . . . . . . . : Yes
>>>>>> Autoconfiguration Enabled . . . . : Yes
>>>>>> IP Address. . . . . . . . . . . . : 192.168.1.2
>>>>>> Subnet Mask . . . . . . . . . . . : 255.255.255.0
>>>>>> Default Gateway . . . . . . . . . : 192.168.1.1
>>>>>> DHCP Server . . . . . . . . . . . : 192.168.1.1
>>>>>> DNS Servers . . . . . . . . . . . : 192.168.16.2
>>>>>> NetBIOS over Tcpip. . . . . . . . : Disabled
>>>>>> Lease Obtained. . . . . . . . . . : Thursday, February 03, 2005
>>>>>> 5:50:53 AM
>>>>>> Lease Expires . . . . . . . . . . : Friday, February 04, 2005
>>>>>> 5:50:53 AM
>>>>>>
>>>>>> Ethernet adapter Server Local Area Connection:
>>>>>>
>>>>>> Connection-specific DNS Suffix . :
>>>>>> Description . . . . . . . . . . . : D-Link DGE-530T Gigabit
>>>>>> Ethernet Adapter
>>>>>> Physical Address. . . . . . . . . : 00-0F-3D-F1-96-A0
>>>>>> DHCP Enabled. . . . . . . . . . . : No
>>>>>> IP Address. . . . . . . . . . . . : 192.168.16.2
>>>>>> Subnet Mask . . . . . . . . . . . : 255.255.255.0
>>>>>> Default Gateway . . . . . . . . . :
>>>>>> DNS Servers . . . . . . . . . . . : 192.168.16.2
>>>>>> Primary WINS Server . . . . . . . : 192.168.16.2
>>>>>>
>>>>>>
>>>>>> (Client) Windows IP Configuration
>>>>>>
>>>>>> Host Name . . . . . . . . . . . . : HostName01
>>>>>> Primary Dns Suffix . . . . . . . :
>>>>>> Node Type . . . . . . . . . . . . : Hybrid
>>>>>> IP Routing Enabled. . . . . . . . : No
>>>>>> WINS Proxy Enabled. . . . . . . . : No
>>>>>> DNS Suffix Search List. . . . . . : CompanyName.local
>>>>>>
>>>>>> Ethernet adapter Local Area Connection:
>>>>>>
>>>>>> Connection-specific DNS Suffix . : CompanyName.local
>>>>>> Description . . . . . . . . . . . : Intel(R) PRO/100 S Desktop
>>>>>> Adapter
>>>>>> Physical Address. . . . . . . . . : 00-02-B3-9A-70-39
>>>>>> Dhcp Enabled. . . . . . . . . . . : Yes
>>>>>> Autoconfiguration Enabled . . . . : Yes
>>>>>> IP Address. . . . . . . . . . . . : 192.168.16.10
>>>>>> Subnet Mask . . . . . . . . . . . : 255.255.255.0
>>>>>> Default Gateway . . . . . . . . . : 192.168.16.2
>>>>>> DHCP Server . . . . . . . . . . . : 192.168.16.2
>>>>>> DNS Servers . . . . . . . . . . . : 192.168.16.2
>>>>>> Primary WINS Server . . . . . . . : 192.168.16.2
>>>>>> Lease Obtained. . . . . . . . . . : Wednesday, February 02,
>>>>>> 2005 6:24:12
>>>>>> PM
>>>>>> Lease Expires . . . . . . . . . . : Thursday, February 10,
>>>>>> 2005 6:24:12
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>
>>>
>>>
>>
>
>

Relevant Pages

  • Re: Network Hardware Layout w/SBS
    ... Two hardware devices. ... The wireless Access Point on the lan needs only be an AP. ... Those such as visitors who want internet ...
    (microsoft.public.windows.server.sbs)
  • pf advice
    ... My objective is to share internet with ... bandwidth too much and b) my LAN is secure. ... altq on $internet cbq bandwidth 100% queue {wireless, ...
    (comp.unix.bsd.openbsd.misc)
  • Re: Wireless Internet Connection for Guests
    ... > We would like to be able to offer clients that visit office Internet ... > Is it simply a matter of replacing our current router with a wireless ... would this allow them to VPN out and not interfere with our LAN ...
    (microsoft.public.backoffice.smallbiz2000)
  • Re: Network Hardware Layout w/SBS
    ... Do you use one set of internal wireless hardware and one set of ... >on the SBS), ... >For intenal users, it's simpler to have a wireless AP on the lan, the SBS ... >> planning on providing some guests with wireless internet access. ...
    (microsoft.public.windows.server.sbs)
  • Cant access wireless to Internet
    ... >Desktop PC running with Windows XP Professional and LAN ... >is working fine for Internet connection via LAN. ... >- Why is DHCP not working via wireless but via LAN DHCP ...
    (microsoft.public.windowsxp.network_web)