Re: ISA Server & a WiFi Hotspot (some DHCP for good measure too)

:^) I do it all the time . . . the trick is the dual NAT . . .

For example, have the LAN side of the wireless router be in the 10.0.0.x
subnet, with the router handling DHCP in that subnet for the wireless
clients. Meanwhile, your SBS has two nics - its WAN nic is using 10.0.0.2
for an IP, and its LAN nic is 192.168.16.2. The SBS handles DHCP for the
192.168.16.x subnet. The SBS firewall not only keeps the wireless clients
off your LAN, but also blocks the DHCP from the router so it doesn't
interfere (read: cause DHCP to shut down) with DHCP on the SBS.

Remember - best solution is to keep it simple . . . not only is this
simple - but it's supported by the community & MS . . . :^)
--

Chad A. Gross - SBS MVP
SBS ROCKS!

www.msmvps.com/cgross
www.gosbs.org


M. Hayes wrote:
> Uh, Chad? Dual DCHP? Bad Idea, or am I missing something. Anyway,
> there is a really good file I have 'got to find' so i can give him
> the link. I've used this to allow ppl to take a lil internet from me
> without making my LAN avaiable. I can't figure out what PC it's on
> Fab. chk back 2morrow
>
> "Chad A. Gross [SBS MVP]" wrote:
>
>> Hi Fabio -
>>
>> As the others have mentioned, ISA2k4 is currently not supported on
>> SBS (either Std or Premium). SBS SP1 will be shipping soon, which
>> will include a free upgrade to ISA2k4 for SBS Premium customers.
>>
>> To review - you have LAN clients (I'm assuming wired?) that you want
>> to have unrestricted access to the LAN, and you want your WiFi
>> clients to be able to access the internet only? Assuming that your
>> LAN clients are all wired, you definitely don't need ISA for this .
>> . . all you need is a cheap network card for your server. Then,
>> you use the wireless router as it was intended (a router) inline
>> between your DSL & your SBS. For example:
>>
>> Internet
>> |
>> DSL Modem
>> |
>> Wireless Router ------- WiFi clients
>> |
>> SBS Nic #2
>> SBS Nic #1
>> |
>> LAN Switch
>> |
>> LAN Clients
>>
>> Voila . . . you've got your SBS firewall (whether RRAS in Std or
>> ISA in Prem) separating your WiFi users from your LAN - your LAN
>> clients have full access to the LAN, both WiFi & LAN clients have
>> internet access. You enable DHCP on the wireless router to serve
>> WiFi clients, and you use DHCP on your SBS to serve your LAN
>> clients. And the best part is that this is a supportable
>> configuration that you can continue to use your SBS wizards to
>> maintain & configure (assuming of course that you take ISA2k4 off
>> the box - but you should be ok once SP1 comes out)
>>
>> --
>>
>> Chad A. Gross - SBS MVP
>> SBS ROCKS!
>>
>> www.msmvps.com/cgross
>> www.gosbs.org
>>
>>
>> Fabio wrote:
>>> Running an SBS2K3STD installation on a dell server that acts as a
>>> web server, exchange server, dns server, dhcp server and, of course
>>> isa server (2k4). I run the server with no monitor/keyboard/mouse
>>> in the back office. To complicate things, I have a router on which
>>> I have disabled DHCP and have nothing plugged into the wan port
>>> (the dsl goes into one nic on the server and the other nic is
>>> plugged into port 4 of the router). Essentially this "router" is
>>> being used exclusively as a switch and a wireless access point.
>>>
>>> I'm new to ISA, so this may be an easy question. I have an internal
>>> network (192.168.0.0/24) with 5 client computers. The server is at
>>> 192.168.0.1 and the above "router/switch" is at 192.168.0.253. In
>>> the DHCP console I have excluded 192.168.0.1 to 192.168.0.9 from the
>>> address pool, as well as 192.168.0.14 to 192.168.0.99 and
>>> 192.168.0.200 to 192.168.0.254. Then, also under the DHCP, I have
>>> set up a reservation for the mac address of each of my 5 client
>>> computers for IP addresses 192.168.0.10 to 192.168.0.14. This leaves
>>> 192.168.0.100 to 192.168.0.199 for any future clients.
>>>
>>> The reason that I have done this is because I wanted to set up ISA
>>> with a network named "Internal" that included my client computers
>>> (192.168.0.10 to 192.168.0.14) with unfetterd access to the internal
>>> network and to the internet, and a second network named "Hotspot"
>>> (or whatever) for 192.168.0.100 to 192.168.0.199 with access only
>>> to the internet. My intention was to then have ISA redirect client
>>> computers in the hotspot network to a web site of my creation that
>>> would have users register before being allowed to proceed to the
>>> intended web site.
>>> Obviously my thinking was flawed somewhere along the line because
>>> when I created the two networks in ISA and clicked on "Apply," my
>>> TSE session to the server was broken and I could not reconnect. My
>>> access to the internet was also cut off. As I could not attach a
>>> monitor to the server from where it was, I had no choice but to
>>> shut off the server forcefully (sob). Then I moved it to a location
>>> with a monitor and reverted my ISA networks back to the original
>>> setting and everything worked happily.
>>> Whew! I guess my question are: Why did ISA cut me off from my server
>>> when I created the two networks? Can ISA segregate my internal
>>> network of 5 computers from a wireless hotspot network so that the
>>> hotspot network can't see the internal network? Is it best to just
>>> get another nic and WiFi access point (and assign it a network of
>>> 192.168.1.0/24)? Can ISA redirect users on the hotspot network to
>>> my web site to register them, then let them proceed to whatever web
>>> site they requested and let them have internet access for a period
>>> of time (however long they've paid for), after which they would
>>> have to be redirected to the registration site again?
>>>
>>> Hope that's not too tough.
>>>
>>>
>>>

.

Relevant Pages

  • RE: DHCP: not reached by clients
    ... This newsgroup only focuses on SBS technical issues. ... | Thread-Topic: DHCP: not reached by clients ... | thereafter re-enabling dhcp server it worked perfectly. ...
    (microsoft.public.windows.server.sbs)
  • Re: Problems with Internet / Netgear router on SBS 2003
    ... Your SBS network has a 'lan' side; your SBS should be the DHCP server for ... The router also has a 'lan' side, and it's on the same addressing as your ... You can elect to turn on the DHPC server for your router; ... Even without DHCP turned on at the router, you can still connect there, you ...
    (microsoft.public.windows.server.sbs)
  • RE: Adding WAP to Wired LAN
    ... Wired clients are fine, and the WAP ... To narrow down this issue is a hardware issue or SBS network issue, ... Enable DHCP service on your external router ... Windows Server 200x instead, enable DHCP service on the Windows Server, ...
    (microsoft.public.windows.server.sbs)
  • Re: Fragen zu Ausfall-Server
    ... DHCP, Fileserver, AD, und als SAP-Router dient. ... Damit im Falle eines Ausfalls dieses Gerätes die User im LAN wenigstens ... Mir geht es wirklich hauptsächlich darum, wie ich es realisieren kann das ich eben zwei Rechner mit einer einzigen IP-Adresse konfigurieren kann, OHNE dazu im Fehlerfall die Netzwerkkabel umzustecken. ... Dieses Vorgehen kölappt ja ganz gut, solange ich weder AD, noch Mailserverdes SBS ersetzen will. ...
    (microsoft.public.de.german.windows.server.general)
  • Re: wireless router
    ... you only need to make sure the external nic of sbs doesn't have DHCP binded ... The internal clients will be using DHCP of the internal DHCP Nic ... of sbs. ... > DSL without having to connect to the SBS2K3 network. ...
    (microsoft.public.windows.server.sbs)