Hello everyone. Here is what I have: 1. Server running SBS 2003 that has two network cards. 2. A highspeed connection. 3. I own 4 IP addresses. 4. A router that I can use if needed. Here is what I want to make happen: 1. I want my clients to be able to access the internet 2. I would like to host email with Exchange Server (already installed). 3. I would also like to enable VPN access. Here is the main question... Should NIC1, NIC2, and the clients all be connected to the router OR should NIC1 be connected to the Router/Internet and NIC2 be connected to a switch where the clients connect?? Pros. Cons. Should I use the router or not? Any info is welcome! Thanks

Is this SBS2003 Premium or Standard? "Enough, enough bowing down to disillusion! Hats off & applause to rogues & evolution! The ripple effect is too good not to mention. If you’re not affected, you’re not paying attention!"

SBS2003 Premium

If you're going to leverage ISA within Premium, you want to have an Internet facing NIC and an Internal facing NIC. I'm assuming you mean NAT router. The optimum security config would be... Internet -> Router -> ISA Net NIC -> ISA Internal NIC -> LAN You would need to ensure the router supports NAT-T to support more advanced security VPN solutions. "Enough, enough bowing down to disillusion! Hats off & applause to rogues & evolution! The ripple effect is too good not to mention. If you’re not affected, you’re not paying attention!"

Thanks for the info. I heard somewhere that running ISA on your server when it is a DC is not a good idea? Is that true?? Does not make much sense considering SBS premium comes with it!

It's also not a good idea to run SQL on a domain controller. It's also not a good idea to run Exchange on a domain controller. None of those are ideal. The ideal network environment is separate servers for every application, each of which redundant, PLUS an identical lab environment with identical hardware for each, etc. Tell me how the typical small business can afford that. SBS is a compromise from ideal to practical, namely at how much it costs to deploy and maintain. Would it be nice if you had separate servers for Exchange, SQL, IIS, ISA, Active Directory, etc.? Sure. But it ain't gonna happen unless the business owner is flush with cash, and even then, it's hard to persuade them to spend it. Also, notice that I recommended to put a SOHO router in front, even though SBS 2003 Premium has ISA. Bottom line is I wouldn't want my bread and butter server of all trades being exposed to anymore traffic than it needs to be. A simple ASIC hardware based firewall that SOHO routers are (or a PIX, etc.) will block the vast majority of crap that will try to hit the server, so it doesn't get bogged down and can fill its role of additional application layer filtering of Exchange SMTP traffic, web traffic for IIS or OWA/OMA, etc. Finally, spec your server appropriately for current AND future needs. Sure this is a small business, but look at all that this server is going to be doing. Make sure it has PLENTY of CPU horsepower (2x dual core procs is very affordable now), plenty of RAM (no excuse to not have 4GB RAM), plenty of disc I/O with redundancy (4 disks min with 2 mirrored arrays, could even justify 6 discs with a 2 disk mirror and 4 disc RAID10 array, might also think about a hot spare), redundant power supplies, etc. This should be a whaling server without a doubt if you're going to use all its capability. Remember the reality of SBS Server - if this server goes down, you pretty much can't do jack crap because it's even part of your link to the internet! "Enough, enough bowing down to disillusion! Hats off & applause to rogues & evolution! The ripple effect is too good not to mention. If you’re not affected, you’re not paying attention!"

Understood. As you have pointed out though, my small business is not about to spring for four servers, there are only six people in the office! I would like to migrate to a new box running SBS2003-R2. On an other note, do you think a real SOHO firewall would be better than an ISP supplied router/NAT firewall? Thanks by the way. You seem to be the resident expert on all the SBS posts!