There is no real "best" answer. How you configure all this depends on how the external users are going to authenticate. If you are responsible for the usernames and passwords they will use, you can configire the Routing and Remote Access Service on the server and set up a VPN. Or you could set it up as an FTP server, using either SSL/TLS or SSH to secure the connection. Or, depending the server OS you are using, you could enable Remote Desktop Web Access or RDP, again making sure to use only secure, encrypted connections.
If you aren't responsible for creating and maintaining the usernames and passwords, you could set up some sort of federation and allow the external users to access the files through a web browser.
In any event, you will want to create some sort of proxy in your DMZ that will route access to the Quicken file server, which should be sitting behind your firewall.
Those aren't very specific answers, but I don't really have enough info about your configuration to provide more details. Hope this helps.