Re: ISA 2004 - How to allow Guest and Client access from wireless
- From: "Cris Hanna [SBS-MVP]" <crisnospamhanna@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 8 Jun 2007 11:13:33 -0500
Guest access should not be from "inside" the LAN and on the same network as
your "workers".
Are these "guests" connecting from anywhere other than the main building?
In my main enterprise job...we have a secure wireless network for employees,
etc with one SSID we have a second network/SSID for Guests
--
Cris Hanna [SBS-MVP]
-------------------------------------------------
Microsoft MVPs
Independent Experts (MVPs do not work for MS)
Real World Answers
---------------------------------------------------------
Please do not contact me directly regarding issues
"Mike Webb" <Mike_Webb@xxxxxxxxxxxxxxxxx> wrote in message
news:OvsNBXeqHHA.4100@xxxxxxxxxxxxxxxxxxxxxxx
Running SBS 2003 Premium SP2, SQL, Exchange, ISA 2004, WSUS 3.0, 2 NICs
and a router, dynamic IP, DDNS service through dyndns.org, Symantec Backup
Exec 11d, managed switch D-Link DES 3828 (802.1Q capable), 5 Access
Points - D-Link DWL-2200AP's (802.1Q capable), and the internal NIC is
also 802.1Q capable.
========================
I'm in over my head so thought it best to ask for advice than
"experiment".
Goal: Using my wireless access points (AP's), provide guests and visitors
internet ONLY access, and employees, temp. workers LAN access.
Background: Purchased and installed 5 AP's - one hard-wired to switch and
it "talks" with the other 4 in our outer buildings. Purchased and
installed a managed switch as it can do VLAN's. Created 4 VLAN's - (1) has
all ports and used for management, (2) has only Port 2 (internal NIC), for
internet access, (3), has all ports except Port 5 (which is checked
"Forbidden") for my LAN, and (4) has ports 2 and 5 for the wireless side.
The AP's are capable of using VLAN's and Multiple SSID's (up to 3 of them
for Guests). The AP's can be configured for all the usual security modes.
I have exchanged many emails and phone calls with D-Link's tech support to
learn and set up the switch and VLAN's. I was told this morning (by their
tech support) that, because I have only a single VLAN for wireless, I need
to set a rule in ISA 2004 to finalize what my goal is.
I admit to being "scared" to set or change rules in ISA without a good
grasp of SPECIFICALLY what I need to do. That's why I thought I'd ask. I
don't know, through my inexperience, how to mentally frame the problem and
then the solution, in terms I can tanslate into an ISA rule.
Has someone out there been through this before, and be willing to lend
some advice and lessons-learned?
Many thanks in advance!!
--
Mike Webb
Platte River Whooping Crane Maintenance Trust, Inc.
a 501 (c)(3) conservation non-profit organization
.
- Follow-Ups:
- References:
- ISA 2004 - How to allow Guest and Client access from wireless
- From: Mike Webb
- ISA 2004 - How to allow Guest and Client access from wireless
- Prev by Date: Re: WSUS v2 Blue Shield
- Next by Date: Re: Client Deployment Component & Companyweb issues & Sharepoint???
- Previous by thread: ISA 2004 - How to allow Guest and Client access from wireless
- Next by thread: Re: ISA 2004 - How to allow Guest and Client access from wireless
- Index(es):
Relevant Pages
|
