• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

SecureNat for wireless DMZ

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Firewall] >> DMZ >> SecureNat for wireless DMZ Page: [1]
Login
Message << Older Topic   Newer Topic >>
SecureNat for wireless DMZ - 26.Jul.2011 10:07:36 PM   
pawan525

 

Posts: 10
Joined: 16.Jun.2011
Status: offline
Hi
I am using ISA 2006 as a 3 leg perimeter.I am using DMZ network for wireless clients only.
DMZ interface of ISA is connected to linksys router, which is also DHCP server for wireless clients and i am using dns splits for wireless clients as shown in following article

http://www.isaserver.org/tutorials/2004wirelessdmzpart1.html

here is my configuration

NIC configuration of DMZ
ip - 192.168.1.1
mask- 255.255.255.0

lynksys router's config
ip - 192.168.1.2
mask - 255.255.255.0
DHCP range - 192.168.1.100 - 192.168.1.150
DNS server - 192.168.1.1


my clients gets the following config after connection

ip - 192.168.1.104 (any ip from range)
mask - 255.255.255.0
Gateway - 192.168.1.2 (router's ip)
DNS - 192.168.1.1

with this config, nslookup works fine but the can't browse internet untill i provide web proxy which is 192.168.1.1 with port 8080
my ISA rule is allow all outbound traffic from dmz to external for all users
But why it is not working as secureNat? what am i doing wrong ?
Post #: 1
RE: SecureNat for wireless DMZ - 27.Jul.2011 2:11:50 PM   
paulo.oliveira

 

Posts: 3472
Joined: 3.Jan.2008
From: Amazon, Brazil
Status: offline
Hi,

the article is using a wireless AP (Access Point) and you are using a wireless router.

You must create a network between ISA DMZ NIC and wireless router WAN port, like 172.16.0.0/30

Regards,
Paulo Oliveira.

_____________________________

Microsoft Premier Field Engineer (PFE)
Blog: http://poliveirasilva.wordpress.com/
Twitter: https://twitter.com/poliveirasilva

(in reply to pawan525)
Post #: 2
RE: SecureNat for wireless DMZ - 27.Jul.2011 9:30:53 PM   
pawan525

 

Posts: 10
Joined: 16.Jun.2011
Status: offline
Thanx Paulo,

plz be more specific. do u mean i should create a network between ISA DMZ NIC and linksys router by inserting cable into WAN internet port rather than lan port of router. do i need to change any other configuration? dmz nic and router would be on same network like mentioned in that article or not?
i need some more details plz.

(in reply to paulo.oliveira)
Post #: 3
RE: SecureNat for wireless DMZ - 28.Jul.2011 1:01:34 AM   
pawan525

 

Posts: 10
Joined: 16.Jun.2011
Status: offline
I might not explained it properly. i am using linksys E1000 router which is directly connected to ISA DMZ NIC via router's LAN port. so i think it is working as Access Point. so if i using it as a WAP because it is also on the same network on which DMZ NIC is. so in this case what could be the reason for SecureNat issue.
Any suggestion?

(in reply to paulo.oliveira)
Post #: 4
RE: SecureNat for wireless DMZ - 28.Jul.2011 10:20:05 AM   
paulo.oliveira

 

Posts: 3472
Joined: 3.Jan.2008
From: Amazon, Brazil
Status: offline
Hi,

wireless "routers" are NAT devices. You must be sure it can be configured as AP. It is not just because you connected ISA DMZ NIC on the LAN port of wireless router that it is working as an AP.

Regards,
Paulo Oliveira.

_____________________________

Microsoft Premier Field Engineer (PFE)
Blog: http://poliveirasilva.wordpress.com/
Twitter: https://twitter.com/poliveirasilva

(in reply to pawan525)
Post #: 5
RE: SecureNat for wireless DMZ - 28.Jul.2011 5:25:24 PM   
pawan525

 

Posts: 10
Joined: 16.Jun.2011
Status: offline
Hi,
Ok, Suppose i want to use it as a router. In that case DMZ NIC will be connected on WAN port. What else i need to change? Router's network?
Plz comments abt my ip settings. Can this router fulfill the purpose of AP like shown in the article?
Thanks

(in reply to paulo.oliveira)
Post #: 6
RE: SecureNat for wireless DMZ - 29.Jul.2011 10:00:51 AM   
paulo.oliveira

 

Posts: 3472
Joined: 3.Jan.2008
From: Amazon, Brazil
Status: offline
Hi,

you must configure a network between wan wireless router interface and ISA DMZ NIC, you can use 172.16.0.1/30. Then the LAN network of your wireless router could be 192.168.1.0/24

Regards,
Paulo Oliveira.

_____________________________

Microsoft Premier Field Engineer (PFE)
Blog: http://poliveirasilva.wordpress.com/
Twitter: https://twitter.com/poliveirasilva

(in reply to pawan525)
Post #: 7
RE: SecureNat for wireless DMZ - 1.Aug.2011 8:37:21 AM   
pawan525

 

Posts: 10
Joined: 16.Jun.2011
Status: offline
Thanks Paulo
Its working now. It was grt help. I really appreciate ur help. Thanks once again.

(in reply to paulo.oliveira)
Post #: 8
RE: SecureNat for wireless DMZ - 1.Aug.2011 8:51:09 AM   
paulo.oliveira

 

Posts: 3472
Joined: 3.Jan.2008
From: Amazon, Brazil
Status: offline
Hi,

thanks! Glad it worked!

Regards,
Paulo Oliveira.

_____________________________

Microsoft Premier Field Engineer (PFE)
Blog: http://poliveirasilva.wordpress.com/
Twitter: https://twitter.com/poliveirasilva

(in reply to pawan525)
Post #: 9

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Firewall] >> DMZ >> SecureNat for wireless DMZ Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts