ISA 2004 - How to allow Guest and Client access from wireless

Running SBS 2003 Premium SP2, SQL, Exchange, ISA 2004, WSUS 3.0, 2 NICs and
a router, dynamic IP, DDNS service through dyndns.org, Symantec Backup Exec
11d, managed switch D-Link DES 3828 (802.1Q capable), 5 Access Points -
D-Link DWL-2200AP's (802.1Q capable), and the internal NIC is also 802.1Q
capable.
========================
I'm in over my head so thought it best to ask for advice than "experiment".

Goal: Using my wireless access points (AP's), provide guests and visitors
internet ONLY access, and employees, temp. workers LAN access.

Background: Purchased and installed 5 AP's - one hard-wired to switch and it
"talks" with the other 4 in our outer buildings. Purchased and installed a
managed switch as it can do VLAN's. Created 4 VLAN's - (1) has all ports and
used for management, (2) has only Port 2 (internal NIC), for internet
access, (3), has all ports except Port 5 (which is checked "Forbidden") for
my LAN, and (4) has ports 2 and 5 for the wireless side.
The AP's are capable of using VLAN's and Multiple SSID's (up to 3 of them
for Guests). The AP's can be configured for all the usual security modes.

I have exchanged many emails and phone calls with D-Link's tech support to
learn and set up the switch and VLAN's. I was told this morning (by their
tech support) that, because I have only a single VLAN for wireless, I need
to set a rule in ISA 2004 to finalize what my goal is.

I admit to being "scared" to set or change rules in ISA without a good grasp
of SPECIFICALLY what I need to do. That's why I thought I'd ask. I don't
know, through my inexperience, how to mentally frame the problem and then
the solution, in terms I can tanslate into an ISA rule.

Has someone out there been through this before, and be willing to lend some
advice and lessons-learned?

Many thanks in advance!!
--
Mike Webb
Platte River Whooping Crane Maintenance Trust, Inc.
a 501 (c)(3) conservation non-profit organization


.

Relevant Pages

  • Re: ISA 2004 - How to allow Guest and Client access from wireless
    ... Option 3 looks good -- except I don't have a wireless router. ... ISA MVP Amy Babinchak published some information about this here: ... I have exchanged many emails and phone calls with D-Link's tech support ...
    (microsoft.public.windows.server.sbs)
  • Re: ISA 2004 - How to allow Guest and Client access from wireless
    ... since you want both allowed wireless clients to access the LAN ... ISA MVP Amy Babinchak published some information about this here: ... internet ONLY access, and employees, temp. ... I have exchanged many emails and phone calls with D-Link's tech support ...
    (microsoft.public.windows.server.sbs)
  • Re: ISA 2004 - How to allow Guest and Client access from wireless
    ... ISA MVP Amy Babinchak published some information about this here: ... Using my wireless access points, ... Purchased and installed 5 AP's - one hard-wired to switch and it ... I have exchanged many emails and phone calls with D-Link's tech support to ...
    (microsoft.public.windows.server.sbs)
  • Re: SBS 2003 Wireless Support
    ... The reason I kinda want to put in a PCI card is so I can ... >wireless in the LAN are due only to poor network ... >If using ISA, ... >- Potentially proprietary security schemes. ...
    (microsoft.public.windows.server.sbs)
  • Re: Security and server access
    ... How are you in the ISA department? ... I was actually thinking of a four NIC setup: ... servers used for demo purposes) and Wireless. ... >>What is the purpose of the VPN access to your server? ...
    (microsoft.public.windows.server.sbs)