Question : Setting up External Access to Sharepoint

Our organization has a Sharepoint server that is currently used internally (it has an internal address, 10.x.x.x), and we would like to make it available externally. I am looking for the best way to do this with the best security. My network admin would like to avoid putting the server in the DMZ if at all possible. We only have one sharepoint server; no farm.

Our current plan would be to add to our DNS record sharepoint.mydomian.org to point to an external address and have our PIX firewall do a NAT to the internal address of the sharepoint server while allowing only ports 443 and 80 through. I would set up IIS on the sharepoint server to look for the host header value of sharepoint.mydomain.org on the internal address (or do I need it to be looking at the external address?). Is this a good plan? Does this open me up to potential security risks? Is there a better way of doing this without using a reverse proxy server?

Thanks.
Zach

Answer : Setting up External Access to Sharepoint

The best way to achieve this, is to use the alternate access mapping feature of SharePoint. Also, good practice is to add another internal IP address to IIS and assign it to the virtual server hosting the site. This means that you don't tie up port 443 either, and in turn people don't need to add an annoying port number to the end of a url. You then need to add a cname entry to dns to point at the site/host header. Most of it is covered in the following article:

http://blogs.msdn.com/sharepoint/archive/2007/03/06/what-every-sharepoint-administrator-needs-to-know-about-alternate-access-mappings-part-1.aspx

There are 3 parts, and just ignore the parts that aren't elevant, such as ISA.

Good luck.

:-)