How does a DC cope with being set behind a VPN router?

I have a SBS server with public IP that acts as a DC (it is a local domain
controler still, but might have to serve as a public sometime in the future).

The server is used for a small company as a common space for files, Exchange
and Sharepoint. The server is DHCP enabled and control client IP's.

Anyway, I just realized I am not sure what will happend if I stick a VPN
router "in front of" the SBS server. If I do that, then the SBS will suddenly
be on a private network with a private IP. And as I understand it Windows
DC's require a public IP to work?

This is the setup I am thing about:

internet <-> VPN Router <-> SBS and local clients.

Can SBS and local clients both be hooked up to the router and have the SBS
control their IP's still?

Or do I need to add another NIC to the server and hook it up to a switch to
which the clients connect?

Whats the purpose of a big VPN router with 8 ports if all you can plug into
it is your server?

Mostly I would really like to know how the server will behave when its put
behind a VPN router/firewall. Can routers (we have a Netgear FVX538) be
configured to be "transparent", so that if I connect to the our servers
current public ip from an external source it will be forwarded directly to
out server without delay or interferance?

That is, for example... if I ping our external IP the server will answer the
ping and NOT the router.

I would be very greatful for any ideas, hints or otherwise helpful posts
anyone might have.

Regards,

"Job Andersson" <(E-Mail Removed)> wrote in message
newsC6773F2-538D-4F8D-AAD8-(E-Mail Removed)...
>I have a SBS server with public IP that acts as a DC (it is a local domain
> controler still, but might have to serve as a public sometime in the
> future).
>
> The server is used for a small company as a common space for files,
> Exchange
> and Sharepoint. The server is DHCP enabled and control client IP's.
>
> Anyway, I just realized I am not sure what will happend if I stick a VPN
> router "in front of" the SBS server. If I do that, then the SBS will
> suddenly
> be on a private network with a private IP. And as I understand it Windows
> DC's require a public IP to work?
>
> This is the setup I am thing about:
>
> internet <-> VPN Router <-> SBS and local clients.

You can't do that,..and it has nothing to do with DHCP. People who actually
use the VPN (from the outside) will and up on the wrong side of the SBS box
an be cut off from the LAN

Either run them side by side or run the SBS with only one Nic and it will
have nothing to do with the Internet. Option #2 is by far more secure
assuming the VPN Server is also capable of doubling as a Firewall Device

Option #1

[The Internet]
/ \
/ \
[VPN Router] [SBS]
\ /
\ /
[The LAN]



Option #2 - VPN router doubles as a firewall

[The Internet]
|
[VPN Router]
|
[The LAN]--[SBS and other machines]


--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------