1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Resolved Visitor Internet access

Discussion in 'Networking (Hardware & Software)' started by drinas, 2010/02/25.

  1. 2010/02/25
    drinas

    drinas Inactive Thread Starter

    Joined:
    2009/10/20
    Messages:
    7
    Likes Received:
    0
    Does anyone know how to set up a third NIC in SBS 2003 with ISA 2004 to allow internet access to visitors with no access to the production network? I have read and tried a few ways but always wind up having problems with my network. I want to use a Wireless access point plugged into my third NIC and then configure ISA 2004 to allow access just to the internet. Is there a secure way to do this without having to change alot?

    Thanks
     
    drinas,
    #1
  2. 2010/02/25
    TonyT

    TonyT SuperGeek Staff

    Joined:
    2002/01/18
    Messages:
    9,072
    Likes Received:
    400
    What kind of Internet connection do you have? If have broadband and a router, setup the access point outside of the server LAN using a switch.

    Better yet, use a wireless router which is connected to the main router. If the main router LAN ip is 192.168.1.1 then set the wifi router WAN ip to 192.168.2.1 and its LAN ip to 192.168.2.2 and its gateway IP to 192.168.1.1 and its DHCP will hand out 192.168.2.x addresses to clients and they won't have any access to the 192.168.1.x LAN computers.
     
    TonyT,
    #2


  3. to hide this advert.

  4. 2010/02/25
    drinas

    drinas Inactive Thread Starter

    Joined:
    2009/10/20
    Messages:
    7
    Likes Received:
    0
    I have a DSL broadband connection that connects to NIC # 1 on the SBS 2003 server with external IP behind ISA 2004, then NIC #2 is LAN connection. The server is the router basically. I installed a third NIC on the server and read that I could use that NIC #3 for the wireless access point and control it through ISA 2004. I know this is a risky set up, but I just took over here and I plan on making the things safer when I can spend.

    Thanks
     
    drinas,
    #3
  5. 2010/02/26
    TonyT

    TonyT SuperGeek Staff

    Joined:
    2002/01/18
    Messages:
    9,072
    Likes Received:
    400
    I take it that NIC #2 feeds other computers on the LAN via a switch. If so, just connect the AP to the switch. But this is not too secure for the rest of the LAN unless you use heavy WPA encryption.

    But $ would be better spent investing in a wifi router rather than an AP. Standalone APs are more expensive than wifi routers.
     
    TonyT,
    #4
  6. 2010/02/26
    drinas

    drinas Inactive Thread Starter

    Joined:
    2009/10/20
    Messages:
    7
    Likes Received:
    0
    Yes, NIC #2 feeds the LAN via switch. I will get a wifi router and plug into the switch, but wouldn't I still have to configure the ISA 2004 firewall with a policy to allow the wifi router to get an address and handle DHCP for wireless clients without affecting the production network because the SBS 2003 box handles access?
     
    drinas,
    #5
  7. 2010/02/26
    TonyT

    TonyT SuperGeek Staff

    Joined:
    2002/01/18
    Messages:
    9,072
    Likes Received:
    400
    Probably, but I'm not familiar with ISA server.

    Set it up so the wifi router WAN IP is in the range used by your LAN. For example, if your LAN uses 192.168.1.x the set the wifi router with a static WAN IP of 192.168.1.x (an IP that won't be used by any other LAN clients).

    Then set the wifi router LAN IP to 192.168.2.x and its DHCP will hand out 192.168.2.x addresses to wifi clients.

    Subnet can be 255.255.255.0.

    Set the wifi router Gateway address to the IP of ISA server and set the wifi router DNS servers to your ISP's DNS servers or use opendns.

    This way, wifi clients won't have any access to your LAN computers, only access to Internet.
     
    TonyT,
    #6
  8. 2010/02/26
    drinas

    drinas Inactive Thread Starter

    Joined:
    2009/10/20
    Messages:
    7
    Likes Received:
    0
    I did exactly what you said to do and it works. I can get on the internet with a non domain laptop and I cannot see or access the network. This is perfect. Thanks for your help TonyT. Now the next time we have auditors or consultants in the office I can give them the access code to the wireless and they will be out of my hair.
    Thanks again.
     
    drinas,
    #7
  9. 2010/02/26
    TonyT

    TonyT SuperGeek Staff

    Joined:
    2002/01/18
    Messages:
    9,072
    Likes Received:
    400
    Great news!
    Be sure to hammer the system a bit and test some possible methods of security breach. Connect a client to the AP and use a network scanner to see what systems show up on the scans. Then scan using one of the domain systems to see if the wlan can be detected. But you should be pretty darn secure as it is.

    Point being there's no such thing as 100% security, just try to achieve it.
     
    TonyT,
    #8
  10. 2010/02/26
    drinas

    drinas Inactive Thread Starter

    Joined:
    2009/10/20
    Messages:
    7
    Likes Received:
    0
    Will do. I am going to run some tests just to be sure of the security and I will be sure to post.

    Thanks
     
    drinas,
    #9

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...