Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
WLAN DMZ, 1 or 2 DHCP scopes needed for VPN clients
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
WLAN DMZ, 1 or 2 DHCP scopes needed for VPN clients - 16.Oct.2005 5:19:00 PM
|
|
|
t029248
Posts: 11
Joined: 14.Aug.2003
From: Holanda
Status: offline
|
Hello,
I can not find sufficient information how to complete the VPN client setup for the ISA 2004 server. We have a WLAN segment with multiple laptop clients and I want to assign them ip addresses with DHCP, but I donÆt understand some small details. The WLAN is in the 192.168.0.0/24 range and the LAN in the 10.0.0.0/24 range. The DHCP server is in the LAN.
I donÆt understand if i need to assign 2 ip addresses to the VPN clients, (One address when the clients connect to the WLAN DMZ segment, and another for the ppp adapter when they dial in using VPN)?
What happens when I use the Relay agent to assign them a ip address before the they establish the VPN connection? Will the still need an second address, or do I need to DHCP servers / Scopes for both the segments?
(at this moment they are assigned a static alternate ip address out of the 192.168.0.0/24 range and when they are establishing a VPN connection the get the DHCP address out of the LAN Range. The problem is that it takes 1 minute for the alternate address to be assigned)
[ October 16, 2005, 05:19 PM: Message edited by: Drallas ]
|
|
|
|
|
RE: WLAN DMZ, 1 or 2 DHCP scopes needed for VPN clients - 23.Oct.2005 2:09:00 AM
|
|
|
tshinder
Posts: 47490
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi D,
The WAP will assign the WLAN client a network address on the WLAN segment. The ISA firewall will assign the VPN client an IP address using either DHCP or a static address pool. The DHCP server should be located on the default Internal Network, but doesn't have to be.
HTH,
Tom
|
|
|
|
|
RE: WLAN DMZ, 1 or 2 DHCP scopes needed for VPN clients - 23.Oct.2005 8:11:00 AM
|
|
|
t029248
Posts: 11
Joined: 14.Aug.2003
From: Holanda
Status: offline
|
Hello Tom
Thanks for your reply.
Unfortunately the Access points being used are not equipped with a DHCP server.
http://www.senao.com.tw/english/product/product_wireless01_outdoor_1.asp?pgtl=Wireless&tp1id=02&tp2id=02&proid=000064
The WAPÆs have static IpÆs addresses from the 192.168.5.0/24 range 1, 2, 3 etcà and the NIC in the ISA server which is connected to the switch (vlan) with the WAPÆs the ip 192.168.5.10
There are ISA rules which allow the DHCP ip addresses assignment for the VPN clients using the DHCP server on the network (10.0.5.1) but that only works when the VPN clients have a static ip address.
To assign VPN clients with DHCP a ip from the 192.168.5.0/24 range I probably will need to allow broadcast traffic to pass from and to the WAP segment. And I will need to install a DHCP server on the ISA server which listens on 192.168.5.10 NIC for DHCP request.
I hope this is the right way to set this? IÆll try tomorrow..
|
|
|
|
|
RE: WLAN DMZ, 1 or 2 DHCP scopes needed for VPN clients - 25.Oct.2005 4:37:00 PM
|
|
|
t029248
Posts: 11
Joined: 14.Aug.2003
From: Holanda
Status: offline
|
Update: It worked out fine!
I needed 3 rules
DHCP Relay from Wireless Segment to DHCP servers
Request from Wireless Segment to Localhost
Reply from Localhost to Wireless Segment
Now the clients from the Wireless segment get A DHCP address from the correct range. No more wait for the adapter to time out and assign the alternate...the Wireless clients are only a bit slow..
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
