Re: SBS2003 VPN question.
- From: "Dana" <NoSpam@xxxxxxx>
- Date: Sat, 10 Jan 2009 12:19:01 -0500
OK, here's where we're at. I got rid of the Symantec and am using the
Netopia that our ISP supplied us with. The 2 ports (443 & 4125 (both TCP))
were forwarded to server's local IP and it works terrific (YAY!). BUT, from
1 laptop, which of course is the person who will be using RWW the most, I
have problems. You can connect & login just fine then I go to "Connect to
my computer at work", select a PC, hit "Connect" - it just sits there
without getting to the TS looking login screen. Regardless of who I login
as. Internal OR external. It works fine from other PCs and laptops,
internal OR external, but not this one (it's a brand new HP laptop w/ Win XP
Pro and Office 2007). What do you think?
Thx yet again,
D
"Merv Porter [SBS-MVP]" <mwport@xxxxxxxxxxxxxxxxxxx> wrote in message
news:Oq$T7KPcJHA.5092@xxxxxxxxxxxxxxxxxxxxxxx
My apologies for the gender-mangling Dana. ;-)
--
Merv Porter [SBS-MVP]
============================
"Dana" <NoSpam@xxxxxxx> wrote in message
news:e5aOLxNcJHA.2132@xxxxxxxxxxxxxxxxxxxxxxx
Dana is a she :-)
"Merv Porter [SBS-MVP]" <mwport@xxxxxxxxxxxxxxxxxxx> wrote in message
news:%231urRSEcJHA.4684@xxxxxxxxxxxxxxxxxxxxxxx
A POX UPON ME!!! Of course your technically correct SG, but I wanted
Dana to make sure that the router was configured for the both SSL and
remote desktop control before he ran CEICW since he mentioned that he
couldn't figure out where to do the port forwarding in the Symantec
device. I figured he might as well do both port forwards at the same
time.
--
Merv Porter [SBS-MVP]
============================
"SuperGumby [SBS MVP]" <not@xxxxxxxxxxx> wrote in message
news:OVC1v5DcJHA.1532@xxxxxxxxxxxxxxxxxxxxxxx
Here we go again. the old RWW and 4125 confusion.
IF https://server1.danaco.com/remote is failing port 4125 deserves no
mention. It is a standard HTTPS resquest, port 443. Yes, it is quite
likely Dana will need to figure out how to forward port 4125 in order
to use the 'connect to...' functions in RWW but _at this point_ 4125 is
irrelevent.
Was this test performed from outside or inside, in relation to the
Symantec(hack ptooii) device, the network? If performed from inside it
is probably exposing that the Symantec(hack ptooii) device is not
properly processing 'loopback' connections.
IF https://server1.danaco.com/remote is failing from outside you need
to look at no other port than 443.
"Merv Porter [SBS-MVP]" <mwport@xxxxxxxxxxxxxxxxxxx> wrote in message
news:%23Ii8KkDcJHA.4900@xxxxxxxxxxxxxxxxxxxxxxx
To forward a port with the Symantec 320 device, I believe you need to
look at...
SymantecT Gateway Security 300 Series Administrator's Guide
Configuring Special Applications (pg. 74)
ftp://ftp.symantec.com/public/english_us_canada/products/symantec_gateway_security/300-Series_2.0/manuals/SGS300_ADM.pdf
Port 4125 is TCP. You also need will need to forward port 443.
Then, to set up RWW, you start up CEICW, select your services
(including RWW). Then on the Web Server Certificate page, Create a
New Web Certificate and enter "server1.danaco.com" (without quotes).
Then finish the rest of CEICW.
Then try https://server1.danaco.com/remote again from an external
source.
--
Merv Porter [SBS-MVP]
============================
"Dana" <NoSpam@xxxxxxx> wrote in message
news:uNI0%23YDcJHA.1732@xxxxxxxxxxxxxxxxxxxxxxx
Well if you're there I guess I'll ask you...
Related to RWW: we have a static public IP address that points to
our domain & our server. (e.g.. danaco.com & server1.danaco.com (not
real)). So if I ping danaco.com or server1.danaco.com, I'll get back
a response with the correct public IP address. I then tried
https://server1.danaco.com/remote (again, not real) & got nothing
(timeout). I assume I should use the name of our server right? How
can I tell if it's our Symantec 320 firewall appliance? I can't find
any way in the appliance to forward port 4125 to the private NIC of
our server. Here's a little twist: we don't actually use Exchange
except for synchronizing with Outlook on each PC. Our actual domain
is (not real) danacomed.com so our email is (not real)
user@xxxxxxxxxxxxxx The SBS server's domain was setup danaco.local
because we were using our ISP for email (user@xxxxxxxxxxxxx) and
that's how we setup Outlook - we only recently got a new domain &
website & email addresses. We did register the danaco.com but never
used it. I don't know if any of that is relevant or if it's the
firewall. Any ideas?
Thx,
D
"Merv Porter [SBS-MVP]" <mwport@xxxxxxxxxxxxxxxxxxx> wrote in message
news:eWKNmBDcJHA.4124@xxxxxxxxxxxxxxxxxxxxxxx
I'm here Dana, but go ahead and create a new post anyway. :-)
--
Merv Porter [SBS-MVP]
============================
"Dana" <NoSpam@xxxxxxx> wrote in message
news:eIPN%236CcJHA.4412@xxxxxxxxxxxxxxxxxxxxxxx
Hi Merv,
I'm not sure if you still monitor this post. If so I'm going to
make a new posting with questions, if not, it doesn't matter :-)
D
"Merv Porter [SBS-MVP]" <mwport@xxxxxxxxxxxxxxxxxxx> wrote in
message news:ef%23nIE7XJHA.5336@xxxxxxxxxxxxxxxxxxxxxxx
Yes, RWW with a single NIC scenario. Just forward port 4125 from
your router to the SBS NIC and re-run CEICW, include RWW in your
services selections, and then complete the rest of CEICW.
TS session on SBS server... NOOOOOOOO! :-) You would have
to make the user a domain admin and you definitely don't want to
do that. Better to just re-run his account through the Add User
Wizard to make him a Mobile user so he has VPN rights into the SBS
server, but at a standard user level (not domain admin level). I
don't really like VPNs but they *can* work, depending on how much
data the user needs to push through them. Email can be set up by
using Outlook RPC over HTTPS; or just set up OWA (Outlook Web
Access) and let the user grab and repond to his mail using that
application.
The remote user will need an SBS User CAL, whether he uses VPN or
RWW.
The easiest/best approach is to push for that cheap PC in the
office that you can dedicate for his RWW use. It doesn't even
have to have a monitor (after the initial setup). It will need MS
Office if you use those apps for your data files. It will not
need a CAL if you use "User" CALs. This approach will keep all
data on the server (or maybe the dedicated workstation) for better
security and nightly backup.
--
Merv Porter [SBS-MVP]
============================
"Dana" <NoSpam@xxxxxxx> wrote in message
news:ut7SyP6XJHA.6036@xxxxxxxxxxxxxxxxxxxxxxx
RWW will work with 1 NIC & a hardware router?
If I can't get the extra PC, would it make sense to setup a VPN
connection and use 1 TS session on the server?
Thx Merv,
D
"Merv Porter [SBS-MVP]" <mwport@xxxxxxxxxxxxxxxxxxx> wrote in
message news:e6Zb08wXJHA.3808@xxxxxxxxxxxxxxxxxxxxxxx
VPN Downside... VPNs can be slow and frustrating, depending on
how they are set up and the robustness Internet connection
between the remote machine and the server. They use a lot of
bandwidth because all data files (in their entirety) have to be
sent from the server to the remote machine and visa versa. By
comparison, a remote desktop session uses very little Internet
bandwidth because it only sends screenshot and keystrokes over
the wires. A remote desktop is essentially a Terminal Services
session.
VPNs can also be a security risk since you may not have control
of the remote mochine to make sure the Antivirus and Antispyware
definitions are kept up to date. A TS session (unless it is
configured for data transfer) is not a security risk fromthe
standpoint of malware and viruses.
RWW...
Remote Web Workplace - Part 1 Accessing your XP desktop anywhere
http://www.sbsfaq.com/Lists/FAQs/Attachments/135/Remote%20Web%20Workplace%20-%20Part%201.pdf
Using Remote Web Workplace on Small Business Server 2003
http://www.youtube.com/watch?v=aayUR43KzPI
--
Merv Porter [SBS-MVP]
============================
"Dana" <NoSpam@xxxxxxx> wrote in message
news:O8P30swXJHA.208@xxxxxxxxxxxxxxxxxxxxxxx
Hi Merv,
Primarily having access to our shared drive and (possibly)
being able to print locally (where he is). It will probably be
a few days a week for several hours each of those days.
Both sides have a reliable high speed connection. We don't
really have a spare PC but we *may* have a little-used one.
How would I setup RWW?
What's the downside to VPN? How can I set it up?
Thx again,
D
"Merv Porter [SBS-MVP]" <mwport@xxxxxxxxxxxxxxxxxxx> wrote in
message news:e3iQ4lwXJHA.256@xxxxxxxxxxxxxxxxxxxxxxx
Hi Dana,
What is your end goal for the remote user? (Email, file
sharing, printing to his remote computer)? And how often will
he remoting in?
Unless the remote user has a stable, (very) high speed
Internet connection (and you have the same at the office), a
better approach may be to put a cheap workstation at the
office and have him access it using Remote Web Workplace. The
'end user experience' will be far better that with a VPN.
Do you have any spare or little-used workstations at the
office?
--
Merv Porter [SBS-MVP]
============================
"Dana" <NoSpam@xxxxxxx> wrote in message
news:%23IfxmMwXJHA.1336@xxxxxxxxxxxxxxxxxxxxxxx
Hi,
We have a Win2003 SBS network w/ 1 NIC. I want to setup
remote access for 1 user. We're behind a Symantec
router/firewall appliance. Can someone please direct me what
the best method is? I assume a VPN but I don't know where to
start (I'm not a tech person).
Thx,
D
.
- Follow-Ups:
- Re: SBS2003 VPN question.
- From: Merv Porter [SBS-MVP]
- Re: SBS2003 VPN question.
- References:
- Re: SBS2003 VPN question.
- From: Dana
- Re: SBS2003 VPN question.
- From: Merv Porter [SBS-MVP]
- Re: SBS2003 VPN question.
- From: Dana
- Re: SBS2003 VPN question.
- From: Merv Porter [SBS-MVP]
- Re: SBS2003 VPN question.
- From: SuperGumby [SBS MVP]
- Re: SBS2003 VPN question.
- From: Merv Porter [SBS-MVP]
- Re: SBS2003 VPN question.
- From: Dana
- Re: SBS2003 VPN question.
- From: Merv Porter [SBS-MVP]
- Re: SBS2003 VPN question.
- Prev by Date: Help with Legacy Network Device Configuration
- Next by Date: Re: SBS 2k3 is not accessable to directory sync
- Previous by thread: Re: SBS2003 VPN question.
- Next by thread: Re: SBS2003 VPN question.
- Index(es):
Relevant Pages
|
