Guest Access using IAS/AD/ISA/WPA

From: "eugenevr" <evrng@xxxxxxxxx>
Date: 23 Jan 2007 03:03:35 -0800

We have set up secure wireless access using IAS, with WPA/TKIP and
auto-enrollment for domain computers. (On SBS2003SP1 with ISA 2004) All
works fine. Next requirement:

Guest/contractor access using the same infrastructure (WAP etc) Note
that we are using a private CA (no Verisign etc). This access should be
to access the Internet only.

Can anyone assist in testing my logic?

1) We could use WPS, but it seems like a lot of work for the odd guest
connection?
2) We cannot autoenroll certs, as the units will not be joined to the
domain. Even if we do use certs, that means the user would need to add
the certificate to the local store manually. Not something we would
like to see.
3) We could use the guest account, but then I have two q's:
a. Am I right in assuming there will be no certificate issues?
b. I suppose I would need to setup specific rules in ISA to ensure this
user gp has correct outbound access.
4) I could use VLAN's but for a small network once again this seems
like an overkill?

Any suggestions appreciated.

Eugene

.

Follow-Ups:
- Re: Guest Access using IAS/AD/ISA/WPA
  - From: James McIllece [MS]

Prev by Date: RE: check group membership in Connection Request Policy
Next by Date: RE: check group membership in Connection Request Policy
Previous by thread: RE: check group membership in Connection Request Policy
Next by thread: Re: Guest Access using IAS/AD/ISA/WPA
Index(es):
- Date
- Thread

Relevant Pages

Re: SharePoint 3.0: problems with external access
... Here are the steps to publish a WSS 3.0 application behind ISA Server. ... Let's assume that you created a new WSS 3.0 application, that listens to port 80, and the host header is 'Intranet'. ... Go to IIS Manager and make sure that the IP address of the site is set to the IP address of the server. ... Run the wizard to create a new SSL certificate for the site. ...
(microsoft.public.windows.server.sbs)
Re: SharePoint 3.0: problems with external access
... In one of the tabs of the publishing rule there is an option to set that the requests come from the client and not from the ISA computer. ... Do you have an email address you can post for me to send you some screen shots of my ISA rule and Web Certificate for you to look at. ... When it comes down to selecting the Web Listener, create a new one, using the certificate you just created at port 8889. ... Click on delete pending request and then start the wizard again. ...
(microsoft.public.windows.server.sbs)
Re: Adding EXCH2007 SP1 box to existing EXCH2003 SP2 Org
... Certificates - going to be using a SAN Certificate like I have many times before. ... We are making this a virtual server (someone is going on-site on Thursday to install VMWare (which will kill everything on this box) and WIN2008 Server SP1 x64 and then I will install EXCH2007 SP1. ... as mentioned - ISA was not involved in any of those eight environments.... ...
(microsoft.public.exchange.admin)
Re: Adding EXCH2007 SP1 box to existing EXCH2003 SP2 Org
... Certificates - going to be using a SAN Certificate like I have many times before. ... If the Exchange 2007 box is hosting mailboxes, it won't work as a front-end equivalent. ... We are making this a virtual server and WIN2008 Server SP1 x64 and then I will install EXCH2007 SP1. ... as mentioned - ISA was not involved in any of those eight environments.... ...
(microsoft.public.exchange.admin)
Re: How do I require a client certificate when publishing a Web se
... I've exactly the same problem as Bill - ISA returns Error 401 and the HTTP ... I've noticed that in "Choose certificate" dialog there is bad name od the ... ISA server, there is correct name of the certificate in the dialog. ... SSL listener to SSL Client Certificate Authentication, ...
(microsoft.public.isa.publishing)