Re: Public Website and ISA 2000 on SBS2003
From: Robert Dye (subscriptions_at_monssoen.com)
Date: 12/08/04
- Next message: Phillip Windell: "Re: Still A Open Relay"
- Previous message: RSWorley: "RE: Server Dead"
- In reply to: Chad A. Gross [SBS MVP]: "Re: Public Website and ISA 2000 on SBS2003"
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 8 Dec 2004 12:42:34 -0700
Thanks for the insight!
"Chad A. Gross [SBS MVP]" <chad.gross@laytonflower.nospam.com> wrote in
message news:uYTgguH3EHA.1124@tk2msftngp13.phx.gbl...
> Do the external clients need access to LAN resources, or just the
> internet? If it were me, I'd split this up (assuming external clients
> don't need access to LAN resources). I'd go with two WAPs - one connected
> to your LAN switch and one connected to your router outside ISA. Enable
> WEP / WPA on the internal and configure your domain clients to use that
> network. (And lock down the workstations so users can't use the other
> wireless network). Then leave the external WAP wide open, so it's
> effectively a public hotspot for visitors . . .
>
> Call me paranoid, but I just don't like machines that I don't control
> getting on my LAN . . .
>
> --
>
> Chad A. Gross - SBS MVP
> SBS ROCKS!
>
> www.msmvps.com/cgross
> www.gosbs.org
>
>
> Robert Dye wrote:
>> Some of each type
>>
>>
>> "Chad A. Gross [SBS MVP]" <chad.gross@laytonflower.nospam.com> wrote
>> in message news:OZ20nR$2EHA.1260@TK2MSFTNGP12.phx.gbl...
>>> Well - do you need to encrypt these sites with SSL, or just allow
>>> straight http access over port 80?
>>>
>>> As for wireless - there's really nothing different between a wired or
>>> wireless network as far as ISA is concerned. If your WAP supports
>>> WPA, you should be able to to that just fine (or WEP if not). WEP/WPA
>>> are encryption protocols used for wireless communications
>>> between the client & the WAP. They have no bearing on ISA
>>> whatsoever. I've got a client with several wireless clients using
>>> WPA behind an SBS Premium. Of course, those clients are still
>>> configured to use ISA as a web proxy, and the firewall client is
>>> installed as well . . . Which brings me back to my original
>>> question - what devices are going to be using the wireless network -
>>> domain clients or external machines? --
>>>
>>> Chad A. Gross - SBS MVP
>>> SBS ROCKS!
>>>
>>> www.msmvps.com/cgross
>>> www.gosbs.org
>>>
>>>
>>> Robert Dye wrote:
>>>> For the Multiple websites served from the SBS2003 server - have a
>>>> whitepaper from Tony Su that talks about the need to create your own
>>>> Certificate Authority, suggests wildcard certificates etc. and
>>>> adding additional IP addresses to the internal NIC TCP/IP
>>>> configuration. Is this necessary for a secure method to serve
>>>> websites? Also - what I had in mind was a totally internal wireless
>>>> segment on
>>>> the LAN that also allows clients (would these qualify as SecureNAT
>>>> clients?) can also get out to the internet. I was hoping to use WPA
>>>> security etc, but it seems ISA doesn't like that too much if at
>>>> all. Is this feasible?
>>>> Thanks for any direction you might offer in advance!
>>>>
>>>> Robert Dye
>>>>
>>>> ps: SBS does ROCK! - Just need to find the right combination of
>>>> tools! "Chad A. Gross [SBS MVP]"
>>>> <chad.gross@laytonflower.nospam.com> wrote in message
>>>> news:eUHfvI92EHA.824@TK2MSFTNGP11.phx.gbl...
>>>>> Hi Robert -
>>>>>
>>>>> No problem serving multiple websites behind ISA on SBS. Although
>>>>> it is definitely preferrable to not use your SBS to host websites
>>>>> (considering your SBS is your DC, Exchange and very likely your
>>>>> file server). As for the wireless access - what sort of clients
>>>>> are going to be
>>>>> using the wireless connection? Domain clients? External users
>>>>> (vendors, customers, etc.)? Since you asking about getting out to
>>>>> the internet, I'm assuming these are external users. If so, do
>>>>> they have any need to access LAN resources, or do they just need an
>>>>> internet connection? If they just need an internet connection, I'd
>>>>> put a wireless router between ISA & your cable / DSL modem. That
>>>>> way not only do the wireless clients not have to be configured to
>>>>> go through ISA, but you've also got ISA protecting your LAN from
>>>>> the wireless users. --
>>>>>
>>>>> Chad A. Gross - SBS MVP
>>>>> SBS ROCKS!
>>>>>
>>>>> www.msmvps.com/cgross
>>>>> www.gosbs.org
>>>>>
>>>>>
>>>>> Robert Dye wrote:
>>>>>> Has anyone successfully configured SBS2003 to run several "public"
>>>>>> websites (not sharepoint), an internal wireless connection (i.e.
>>>>>> behind the ISA 2000 install) that allows "surfing" by the clients,
>>>>>> and with the ISA 2000 configured also allowing RWW, OWA, etc?
>>>>>>
>>>>>> If so - are their some instructions that don't require several
>>>>>> additional servers (I have already checked out the offerings on
>>>>>> isaserver.org. - impressive stuff but they seem to lean towards
>>>>>> additional servers etc.) Any help would be greatly appreciated!
>>>>>>
>>>>>> Thanks in advance!
>>>>>>
>>>>>> Robert Dye
>
>
- Next message: Phillip Windell: "Re: Still A Open Relay"
- Previous message: RSWorley: "RE: Server Dead"
- In reply to: Chad A. Gross [SBS MVP]: "Re: Public Website and ISA 2000 on SBS2003"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
