Re: Public Website and ISA 2000 on SBS2003
From: Chad A. Gross [SBS MVP] (chad.gross_at_laytonflower.nospam.com)
Date: 12/07/04
- Next message: Lanwench [MVP - Exchange]: "Re: SQL2000 and small business server"
- Previous message: Dan Tschippert: "Just Weird..."
- In reply to: Robert Dye: "Re: Public Website and ISA 2000 on SBS2003"
- Next in thread: Robert Dye: "Re: Public Website and ISA 2000 on SBS2003"
- Reply: Robert Dye: "Re: Public Website and ISA 2000 on SBS2003"
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 7 Dec 2004 10:41:37 -0600
Do the external clients need access to LAN resources, or just the internet?
If it were me, I'd split this up (assuming external clients don't need
access to LAN resources). I'd go with two WAPs - one connected to your LAN
switch and one connected to your router outside ISA. Enable WEP / WPA on
the internal and configure your domain clients to use that network. (And
lock down the workstations so users can't use the other wireless network).
Then leave the external WAP wide open, so it's effectively a public hotspot
for visitors . . .
Call me paranoid, but I just don't like machines that I don't control
getting on my LAN . . .
-- Chad A. Gross - SBS MVP SBS ROCKS! www.msmvps.com/cgross www.gosbs.org Robert Dye wrote: > Some of each type > > > "Chad A. Gross [SBS MVP]" <chad.gross@laytonflower.nospam.com> wrote > in message news:OZ20nR$2EHA.1260@TK2MSFTNGP12.phx.gbl... >> Well - do you need to encrypt these sites with SSL, or just allow >> straight http access over port 80? >> >> As for wireless - there's really nothing different between a wired or >> wireless network as far as ISA is concerned. If your WAP supports >> WPA, you should be able to to that just fine (or WEP if not). WEP/WPA are >> encryption protocols used for wireless communications >> between the client & the WAP. They have no bearing on ISA >> whatsoever. I've got a client with several wireless clients using >> WPA behind an SBS Premium. Of course, those clients are still >> configured to use ISA as a web proxy, and the firewall client is >> installed as well . . . Which brings me back to my original >> question - what devices are going to be using the wireless network - >> domain clients or external machines? -- >> >> Chad A. Gross - SBS MVP >> SBS ROCKS! >> >> www.msmvps.com/cgross >> www.gosbs.org >> >> >> Robert Dye wrote: >>> For the Multiple websites served from the SBS2003 server - have a >>> whitepaper from Tony Su that talks about the need to create your own >>> Certificate Authority, suggests wildcard certificates etc. and >>> adding additional IP addresses to the internal NIC TCP/IP >>> configuration. Is this necessary for a secure method to serve >>> websites? Also - what I had in mind was a totally internal wireless >>> segment on >>> the LAN that also allows clients (would these qualify as SecureNAT >>> clients?) can also get out to the internet. I was hoping to use WPA >>> security etc, but it seems ISA doesn't like that too much if at >>> all. Is this feasible? >>> Thanks for any direction you might offer in advance! >>> >>> Robert Dye >>> >>> ps: SBS does ROCK! - Just need to find the right combination of >>> tools! "Chad A. Gross [SBS MVP]" >>> <chad.gross@laytonflower.nospam.com> wrote in message >>> news:eUHfvI92EHA.824@TK2MSFTNGP11.phx.gbl... >>>> Hi Robert - >>>> >>>> No problem serving multiple websites behind ISA on SBS. Although >>>> it is definitely preferrable to not use your SBS to host websites >>>> (considering your SBS is your DC, Exchange and very likely your >>>> file server). As for the wireless access - what sort of clients >>>> are going to be >>>> using the wireless connection? Domain clients? External users >>>> (vendors, customers, etc.)? Since you asking about getting out to >>>> the internet, I'm assuming these are external users. If so, do >>>> they have any need to access LAN resources, or do they just need an >>>> internet connection? If they just need an internet connection, I'd >>>> put a wireless router between ISA & your cable / DSL modem. That >>>> way not only do the wireless clients not have to be configured to >>>> go through ISA, but you've also got ISA protecting your LAN from >>>> the wireless users. -- >>>> >>>> Chad A. Gross - SBS MVP >>>> SBS ROCKS! >>>> >>>> www.msmvps.com/cgross >>>> www.gosbs.org >>>> >>>> >>>> Robert Dye wrote: >>>>> Has anyone successfully configured SBS2003 to run several "public" >>>>> websites (not sharepoint), an internal wireless connection (i.e. >>>>> behind the ISA 2000 install) that allows "surfing" by the clients, >>>>> and with the ISA 2000 configured also allowing RWW, OWA, etc? >>>>> >>>>> If so - are their some instructions that don't require several >>>>> additional servers (I have already checked out the offerings on >>>>> isaserver.org. - impressive stuff but they seem to lean towards >>>>> additional servers etc.) Any help would be greatly appreciated! >>>>> >>>>> Thanks in advance! >>>>> >>>>> Robert Dye
- Next message: Lanwench [MVP - Exchange]: "Re: SQL2000 and small business server"
- Previous message: Dan Tschippert: "Just Weird..."
- In reply to: Robert Dye: "Re: Public Website and ISA 2000 on SBS2003"
- Next in thread: Robert Dye: "Re: Public Website and ISA 2000 on SBS2003"
- Reply: Robert Dye: "Re: Public Website and ISA 2000 on SBS2003"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
