Re: ISA 2004 - How to allow Guest and Client access from wireless

Thanks for coming aboard.

The bunkhouse has a directional antenna pointed at the main building, so
it's at the far end -- about 250-ft to the omni-directional antenna on our
roof.

The router has 4 "internal" ports; one is taken up by the cable to/from the
satellite modem and one to the external NIC.

I use SBS's DHCP, not the router - although it is capable.

Cell phones work fine, but not for data at our location. There are towers
in the area, but clear LOS is blocked by lines of trees along the creeks and
fencelines.

Mike

"Steve" <newsgroup@xxxxxxxxxx> wrote in message
news:OviyJFfqHHA.4324@xxxxxxxxxxxxxxxxxxxxxxx
How far is the bunkhouse from the location of the satellite connection to
the router? How many "internal" ports does the router have? Does it
provide DHCP service for its "internal side." I'm trying to see if there
is some alternative config that will work for you and abide by Cris' well
justified keep the guests on the "outside" of the network. Do you have
cellular service with data capability from any provider out there in your
"boonies?"

"Mike Webb" <Mike_Webb@xxxxxxxxxxxxxxxxx> wrote in message
news:%23zG4MveqHHA.4108@xxxxxxxxxxxxxxxxxxxxxxx
Landline won't work. We're 1.5 miles from the main road and another mile
or so to a place we can tap into. We've got someone who ran a T1 our
here for a wildlife webcam - costs them $2100/mo (ouch!). Our only
solution is satellite as we're not in the range or line-of-sight for
wireless ISP.

"Cris Hanna [SBS-MVP]" <crisnospamhanna@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
wrote in message news:ucLZYqeqHHA.3372@xxxxxxxxxxxxxxxxxxxxxxx
Mike
If you move it to the router then you will lose connectivity to the lan
for the true workers

Just curious...what about a separate residential DSL or Cable going to
the bunk house with a DLink wireless router there for the "guest access.

--
Cris Hanna [SBS-MVP]
-------------------------------------------------
Microsoft MVPs
Independent Experts (MVPs do not work for MS)
Real World Answers
---------------------------------------------------------
Please do not contact me directly regarding issues

"Mike Webb" <Mike_Webb@xxxxxxxxxxxxxxxxx> wrote in message
news:urF$yneqHHA.500@xxxxxxxxxxxxxxxxxxxxxxx
I'm getting the strong impression that the "only" way to achieve my
goal is to have 2 wireless networks - one connected to the router and
one as-is connected to the switch. However, money's a problem (always
is with a nonprofit).

If I move the wireless from the switch to the router (which would mean
VLAN's are out - router isn't 802.1Q capable), could I then accomplish
what I want to do? Or is there another way that, while not the best
security-wise, would go most of the way to solving my problem? If it
helps, we're 'way out in the boonies, so those who come here are by
invitation. The big caveat to that is that a bunch of them are grad
students who have down time at night with their laptops in our "bunk
house".

Mike

"Cris Hanna [SBS-MVP]"
<crisnospamhanna@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:O7s42feqHHA.4180@xxxxxxxxxxxxxxxxxxxxxxx
Guest access should not be from "inside" the LAN and on the same
network as your "workers".
Are these "guests" connecting from anywhere other than the main
building?

In my main enterprise job...we have a secure wireless network for
employees, etc with one SSID we have a second network/SSID for
Guests

--
Cris Hanna [SBS-MVP]
-------------------------------------------------
Microsoft MVPs
Independent Experts (MVPs do not work for MS)
Real World Answers
---------------------------------------------------------
Please do not contact me directly regarding issues

"Mike Webb" <Mike_Webb@xxxxxxxxxxxxxxxxx> wrote in message
news:OvsNBXeqHHA.4100@xxxxxxxxxxxxxxxxxxxxxxx
Running SBS 2003 Premium SP2, SQL, Exchange, ISA 2004, WSUS 3.0, 2
NICs and a router, dynamic IP, DDNS service through dyndns.org,
Symantec Backup Exec 11d, managed switch D-Link DES 3828 (802.1Q
capable), 5 Access Points - D-Link DWL-2200AP's (802.1Q capable), and
the internal NIC is also 802.1Q capable.
========================
I'm in over my head so thought it best to ask for advice than
"experiment".

Goal: Using my wireless access points (AP's), provide guests and
visitors internet ONLY access, and employees, temp. workers LAN
access.

Background: Purchased and installed 5 AP's - one hard-wired to switch
and it "talks" with the other 4 in our outer buildings. Purchased
and installed a managed switch as it can do VLAN's. Created 4
VLAN's - (1) has all ports and used for management, (2) has only Port
2 (internal NIC), for internet access, (3), has all ports except Port
5 (which is checked "Forbidden") for my LAN, and (4) has ports 2 and
5 for the wireless side.
The AP's are capable of using VLAN's and Multiple SSID's (up to 3 of
them for Guests). The AP's can be configured for all the usual
security modes.

I have exchanged many emails and phone calls with D-Link's tech
support to learn and set up the switch and VLAN's. I was told this
morning (by their tech support) that, because I have only a single
VLAN for wireless, I need to set a rule in ISA 2004 to finalize what
my goal is.

I admit to being "scared" to set or change rules in ISA without a
good grasp of SPECIFICALLY what I need to do. That's why I thought
I'd ask. I don't know, through my inexperience, how to mentally frame
the problem and then the solution, in terms I can tanslate into an
ISA rule.

Has someone out there been through this before, and be willing to
lend some advice and lessons-learned?

Many thanks in advance!!
--
Mike Webb
Platte River Whooping Crane Maintenance Trust, Inc.
a 501 (c)(3) conservation non-profit organization













.

Relevant Pages

  • Re: ISA 2004 - How to allow Guest and Client access from wireless
    ... complicated wireless configurations so just trying to suggest something ... That could plug into another port on the router. ... Are these "guests" connecting from anywhere other than the main ... and visitors internet ONLY access, and employees, temp. ...
    (microsoft.public.windows.server.sbs)
  • Re: 2 Network Connections - How to Force Internet Explorer to use a Specific one
    ... communicate with LinkSys router on 192.168? ... a switch using ethernet. ... The current connection to the Internet is 64k ISDN. ... The next step would be to add USB based wireless adapters to ...
    (microsoft.public.windowsxp.general)
  • Re: Connect a Wireless Router to my SBS Network
    ... What is the model number of the Airlink router? ... The switch may not even be necessary unless it serves some purpose for you. ... This should allow your wireless clients to remain outside your network ...
    (microsoft.public.windows.server.sbs)
  • Re: Port Nunber Windows Firewall
    ... An Entry Level Cable/DSL Wireless Router is a combo unit Routing Circuits and a Switch to connect few-wired computer and an access point to allow wireless computer too. ...
    (microsoft.public.windowsxp.network_web)
  • Re: ISA 2004 - How to allow Guest and Client access from wireless
    ... these Guest SSID's "programmed/preconfigured" to allow internet only access, ... (I'm a relative newbie to wireless, ... That could plug into another port on the router. ... Are these "guests" connecting from anywhere other than the main ...
    (microsoft.public.windows.server.sbs)