Hi, I have got a Fritz!Box 7170 Wireless Router. I set up an ISA server with two NIC's and connected one to the router and the other NIC to a switch with the domain controller and the clients. Now since the Router is wireless enabled I have got a problem now. IP's: External Network: 192.168.0.1 - Router 192.168.0.3 - ISA Internal Network: 192.168.178.3 - Domain Controller 192.168.178.123 - ISA I've added 192.168.0.x as a range on the list for the internal network. Since the wireless network is on 192.168.0.x clients that join the network can't connect and share files with the domain controller(192.168.178.3). Does anybody have any solution to that problem? And what would the DHCP settings be? Thanks,
From: Rhoadesville, VA
I'm not sure about your particular router but a lot of the wireless routers have thier own little firewall. It can block ports and keep your wireless network from talking to the domain controller.
Does the router have a few ethernet ports? Can you talk to the domain controller from a machine that is physically plug into one of those parts?
One of the other things that I like to do is create a rule called "Open All Ports" which I keep disabled. Create this "allow all" rule and enable it for testing purposes. This would tell you if it's the firewall causing the problem...
Hi, Thanks for your reply! I don't think it has anything to do with the router's firewall. For a computer to connect to the DC it has to go through ISA first then to a switch where the DC is connected to. Using wireless or Ethernet directly on the router I can't access the DC. http://img242.imageshack.us/my.php?image=structurerx6.png
< Message edited by khaled92 -- 7.Dec.2008 8:02:57 PM >
From: Taylorville, IL
It depends on what the wireless part of the network is there for in the first place. It is not automatically insecure just simply because it is wireless.
1. If it is a unsecured "guest" network for simple Internet access that does not access the LAN then yes,...put it on the External side or in a DMZ by itself.
2. If the purpose of it is to just simply replace some of the LAN's physical patch cables with "radio waves" then it has to go on the LAN and you use the proper security measures to determine who/what can connect to the WAP. This would typically be one of the WPA variations like WPA2/AES
Since the OP's original question was that they can't access the DC,...meaning that he does want them to,...then this indicates #2.
In either case it should be a WAP and not a "router". Although the "router" can be optional if it is on the External side if a Back-to-Back DMZ is desired that is also "wireless" at the same time.