• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Wireless Computers can't access the DC

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Firewall] >> Network Infrastructure >> Wireless Computers can't access the DC Page: [1]
Login
Message << Older Topic   Newer Topic >>
Wireless Computers can't access the DC - 7.Dec.2008 4:00:34 PM   
khaled92

 

Posts: 3
Joined: 7.Dec.2008
Status: offline
Hi,
I have got a Fritz!Box 7170 Wireless Router. I set up an ISA server with two NIC's and connected one to the router and the other NIC to a switch with the domain controller and the clients. Now since the Router is wireless enabled I have got a problem now. 
IP's:
External Network:
192.168.0.1 - Router
192.168.0.3 - ISA
Internal Network:
192.168.178.3 - Domain Controller
192.168.178.123 - ISA
I've added 192.168.0.x as a range on the list for the internal network.
Since the wireless network is on 192.168.0.x clients that join the network can't connect and share files with the domain controller(192.168.178.3).
Does anybody have any solution to that problem? And what would the DHCP settings be?
Thanks,
Post #: 1
RE: Wireless Computers can't access the DC - 7.Dec.2008 6:48:50 PM   
ptlinva

 

Posts: 21
Joined: 16.Mar.2005
From: Rhoadesville, VA
Status: offline
I'm not sure about your particular router but a lot of the wireless routers have thier own little firewall.  It can block ports and keep your wireless network from talking to the domain controller.

Does the router have a few ethernet ports?  Can you talk to the domain controller from a machine that is physically plug into one of those parts?

One of the other things that I like to do is create a rule called "Open All Ports" which I keep disabled.  Create this "allow all" rule and enable it for testing purposes.  This would tell you if it's the firewall causing the problem...

Good Luck and let us know how it goes...
-Paul


(in reply to khaled92)
Post #: 2
RE: Wireless Computers can't access the DC - 7.Dec.2008 7:50:46 PM   
khaled92

 

Posts: 3
Joined: 7.Dec.2008
Status: offline
Hi,
Thanks for your reply!
I don't think it has anything to do with the router's firewall.
For a computer to connect to the DC it has to go through ISA first then to a switch where the DC is connected to.
Using wireless or Ethernet directly on the router I can't access the DC.
http://img242.imageshack.us/my.php?image=structurerx6.png

< Message edited by khaled92 -- 7.Dec.2008 8:02:57 PM >

(in reply to ptlinva)
Post #: 3
RE: Wireless Computers can't access the DC - 9.Dec.2008 11:12:19 AM   
paulo.oliveira

 

Posts: 3472
Joined: 3.Jan.2008
From: Amazon, Brazil
Status: offline
Hi,

you should put ISA on the edge of your network and the wireless router protected by ISA IMHO.

This article can give you more tips: http://www.isaserver.org/tutorials/2004wirelessdmzpart1.html

Regards,
Paulo Oliveira.

(in reply to khaled92)
Post #: 4
RE: Wireless Computers can't access the DC - 10.Dec.2008 12:14:31 PM   
pwindell

 

Posts: 2244
Joined: 12.Apr.2004
From: Taylorville, IL
Status: offline
You just simply designed the whole thing incorrectly and on top of that you bought the worng equipment. You bought a wireless "router" when you should have bought a Wireless Access Point (WAP).

Connect the DC, the WAP, and the ISA Internal Nic all to the same switch all on the same subnet/network.



_____________________________

Phillip Windell

(in reply to khaled92)
Post #: 5
RE: Wireless Computers can't access the DC - 10.Dec.2008 1:30:23 PM   
SteveMoffat

 

Posts: 1130
Joined: 29.Jun.2001
From: Hamilton, Bermuda
Status: offline
quote:

ORIGINAL: pwindell

You just simply designed the whole thing incorrectly and on top of that you bought the worng equipment. You bought a wireless "router" when you should have bought a Wireless Access Point (WAP).

Connect the DC, the WAP, and the ISA Internal Nic all to the same switch all on the same subnet/network.




That's damn good security!!NOT

Keep the wireless in the DMZ

_____________________________

Thanks
Steve

ISA 2006 Book! - http://tinyurl.com/2gpoo8
TMG Bible - http://tinyurl.com/ykv85hr
www.isaserver.bm

The built in ISA help is likely the most comprehensive help built into an application anywhere. USE it!!! Search it!!! RTFM

(in reply to pwindell)
Post #: 6
RE: Wireless Computers can't access the DC - 10.Dec.2008 2:07:32 PM   
pwindell

 

Posts: 2244
Joined: 12.Apr.2004
From: Taylorville, IL
Status: offline
It depends on what the wireless part of the network is there for in the first place.  It is not automatically insecure just simply because it is wireless.

1. If it is a unsecured "guest" network for simple Internet access that does not access the LAN then yes,...put it on the External side or in a DMZ by itself.

2. If the purpose of it is to just simply replace some of the LAN's physical patch cables with "radio waves" then it has to go on the LAN and you use the proper security measures to determine who/what can connect to the WAP.  This would typically be one of the WPA variations like WPA2/AES

Since the OP's original question was that they can't access the DC,...meaning that he does want them to,...then this indicates #2.

In either case it should be a WAP and not a "router".  Although the "router" can be optional if it is on the External side if a Back-to-Back DMZ is desired that is also "wireless" at the same time.


_____________________________

Phillip Windell

(in reply to SteveMoffat)
Post #: 7

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Firewall] >> Network Infrastructure >> Wireless Computers can't access the DC Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts