RE: I need suggestions on setting up SBS 2003 Premium with wireless...
- From: "James Price" <JamesPrice@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Sun, 14 Aug 2005 12:43:02 -0700
Dave,
I would tackle it like this:
*assume 2 NICs in the SBS2K3Prem Server
1) Setup SBS per MS Best Practice for Premium w/2 NIC Configuration
a. NIC #1 External
b. NIC #2 Internal
2) Configure DNS & DHCP on SBS
a. Ensure DHCP is set to auto register A & PTR records in DNS
3) Configure ISA to allow VPN connections and use SBS as the DHCP server
a. This will allow all you VPN clients to be correctly resolved using
their VPN IP Address
4) Networking:
a. If you want the most security possible with wireless put the Linksys
on the outside using 1 of your static IPs and have anyone using wireless to
use a VPN to access the internal network (I'd recommend L2TP/IPSec) you can
use PSK to keep it simple. The problem here is what do you do about the 2
printers hanging off the wireless bridge? Depending on the exact model of
the Linksys and its firmware you can have it create a VPN that will route
traffic from the LAN ports on the bridge to the VPN, not the prettiest
solution but it would work. If the Linksys can't do the VPN then you've
pretty much got to go to 4b.
b. Put the Linksys on the inside, enable encryption (WPA/TKIP-PSK) and
configure your wireless clients appropriately. The only trick here is to
have the Linksys AP act like a router and route traffic and DHCP requests to
SBS. I’ve had mixed results with Linksys on this depending on the model,
though I’ve had to call Cisco more than once to make it work right. This
will give you a contiguous LAN segment will all clients wired & wireless with
full name resolution and you won’t need to have a lot of rules in ISA to make
things work as expected.
c. Configure ISA as a Tri-Homed Perimeter Network with the Linksys in
the Perimeter network. I would still recommend encryption for the wireless
segment and you can add custom rules in ISA to allow traffic from the
Perimeter network (wireless) to the LAN, but restrict the traffic to the
Domain Users group so even if you have guest wireless users they can access
the Internet but not you LAN resources. You will need a 3rd NIC in ISA to
make this easy, you can configure it with only 2 but it’s more difficult to
configure and even more difficult to troubleshoot later.
--
James E. Price III
Fairway Consulting Group, Inc.
O: 305-970-4902
E: jprice@xxxxxxxxxx
W: www.fcgroup.us
"dsatchell" wrote:
> I have a customer that I'm installing a server for and I can't decide the
> best way to set up the network. I'm going to list what he has and how it is
> used and I would appreciate any suggestions.
>
> 1. Most users have wireless laptops.
> 2. The laptops connect to a Linksys WRV54G wireless.
> 3. There is 1 desktop that is wired.
> 3. Ocassionaly, a user will sit at a desk by the server and the desktop and
> plug in their laptop with a wire rather than use wireless.
> 4. There is a linksys wireless bridge that is running a D-Link print server
> that has two color laser printers on the opposite side of the office that
> they can't get a physical wire to.
> 5. The internet connection is via RoadRunner with 5 static IP's.
> 6. All users either travel out of state a lot or they live out of state.
> 7. There is one desktop that is wireless downstairs.
> 8. There is one wireless All-In-One HP Printer/Scanner/etc downstairs
>
> I would prefer to not put the wireless stuff on the LAN side because of the
> security and configuration issues; but if I put it on the WAN side then
> almost all of the users will have to use VPN and I don't know what problems I
> will run into with all of the printers being connected through wireless.
>
> Please help me with some suggestions. I think I know what I'm going to do
> but I would like some quality suggestions also, especially if you've run into
> a similar situation.
>
> Thanx, Dave.
>
>
>
.
- References:
- Prev by Date: Re: upgrading sbs 2000 to sbs 2003 onto new hardware. SKU needed ?
- Next by Date: Re: SBS 2003 SP 1 on MSDN disks
- Previous by thread: Re: I need suggestions on setting up SBS 2003 Premium with wireless...
- Next by thread: Multiple Domains on an SBS server
- Index(es):
Relevant Pages
|
