I manage a windows 2008 Small Business Server and a colleague has installed a new broadband line with new static ip, added all the port forwarding rules I used on the old router to route traffic to the server as before. Unfortunately he opted to use the new broadband line on the Draytek, and put the old router as WAN2

RDP is working but not Remote Windows Workplace that primarily uses tcp ports 80, 443, and 987.

Browsing to Web on the new static ip strangely throws up a '404 not found' with different wording to the one on my sbs server.... weird.

Is there any kind of tracing mechanism in the 2830 that will let us see exactly what is happening to the :80 and :443 traffic?

Many thanks

Thegus

By way of an update, port 80 is ok as it works when forwarded to a freebsd virtual server somewhere else on the lan.

VPN passthrough to the server on the lan also doesn't work :

VPN and Remote Access >> Remote Access Control Setup

Remote Access Control Setup
Enable PPTP VPN Service
Enable IPSec VPN Service
Enable L2TP VPN Service
Enable SSL VPN Service
Enable OpenVPN Service

Note: If you intend running a VPN server inside your LAN, you should uncheck the appropriate protocol above to allow pass-through, as well as the appropriate NAT settings.

Have a feeling not connecting to SBS RWW is to do with port 443 being used elsewhere in the router.

Web Access Control >> General Setup

SSL VPN General Setup
Port (Default: 443)
Server Certificate
Encryption Key Algorithm
High - AES(128 bits) and 3DES
Default - RC4(128 bits)
Low - DES

Note: The settings will act on all SSL applications.

How well do the above work if SSL is moved off 443? The aim is to establish small group of site-to-site vpns with the routers as endpoints.

Reading today that RWW on SBS can't be moved from 443.

.

First, you really shouldn't be forwarding TCP port 80 to your SBS 2008. It's one of the most dangerous things you can do with your server, security-wise. So long as clients use the https:// prefix when surfing to the server's RWA there will be no loss of functionality.

That said, your problems result from running both your server's RWA and your router's SSL VPN on the same port 443. You can't do this, and SBS 2008 requires secure access to be on port 443. Your only choice, therefore, is to move the SSL VPN onto a different port (e.g. 8443). It should work fine. Obviously, the VPN clients will then need to include the changed port number in their URI's, e.g. as in https://yourserverfqdn/remote:8443.