• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Wireless access points

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 General] >> General >> Wireless access points Page: [1] 2   next >   >>
Login
Message << Older Topic   Newer Topic >>
Wireless access points - 14.Oct.2009 3:34:18 AM   
stuarta

 

Posts: 88
Joined: 4.Sep.2008
Status: offline 		I'm looking at implementing a couple of wireless access points to enable wireless access in our conference room.

Ideally the users that connect to this will be able to browse the internet, restricted by the ISA server and browse the lan as usual as if they were wired.

Is there any particular products I should be looking at and if anything needs configuring on the ISA server.

Thanks
Post #: 1
RE: Wireless access points - 14.Oct.2009 7:53:37 AM   
paulo.oliveira

 

Posts: 3472
Joined: 3.Jan.2008
From: Amazon, Brazil
Status: offline 		Hi,

check this: http://www.isaserver.org/tutorials/2004wirelessdmzpart1.html

Regards,
Paulo Oliveira.

_____________________________

Microsoft Premier Field Engineer (PFE)
Blog: http://poliveirasilva.wordpress.com/
Twitter: https://twitter.com/poliveirasilva

(in reply to stuarta)
Post #: 2
RE: Wireless access points - 14.Oct.2009 9:12:32 AM   
stuarta

 

Posts: 88
Joined: 4.Sep.2008
Status: offline 		don't think I want it to be untrusted though or in the DMZ as I want it to appear as though they are on the normal network with same IP range

(in reply to paulo.oliveira)
Post #: 3
RE: Wireless access points - 14.Oct.2009 9:27:25 AM   
paulo.oliveira

 

Posts: 3472
Joined: 3.Jan.2008
From: Amazon, Brazil
Status: offline 		Hi,

so, you should plug it on your switch and all ISA access rules will also be applied to them, since they are part of the same network.

Regards,
Paulo Oliveira.

_____________________________

Microsoft Premier Field Engineer (PFE)
Blog: http://poliveirasilva.wordpress.com/
Twitter: https://twitter.com/poliveirasilva

(in reply to stuarta)
Post #: 4
RE: Wireless access points - 14.Oct.2009 9:29:47 AM   
stuarta

 

Posts: 88
Joined: 4.Sep.2008
Status: offline 		right ok so either plug it directly into my switch, or just one of the wall sockets that are connected to the switch? therefore worrying over nothing?

(in reply to paulo.oliveira)
Post #: 5
RE: Wireless access points - 14.Oct.2009 9:31:24 AM   
paulo.oliveira

 

Posts: 3472
Joined: 3.Jan.2008
From: Amazon, Brazil
Status: offline 		Yes!

_____________________________

Microsoft Premier Field Engineer (PFE)
Blog: http://poliveirasilva.wordpress.com/
Twitter: https://twitter.com/poliveirasilva

(in reply to stuarta)
Post #: 6
RE: Wireless access points - 14.Oct.2009 9:33:30 AM   
stuarta

 

Posts: 88
Joined: 4.Sep.2008
Status: offline 		ok thanks, just wanted to check. Any particular products? Been looking at the 3com officeconnect

http://www.misco.co.uk/applications/SearchTools/item-details.asp?EdpNo=245456&CatId=283 or the Netgear ProSafe http://www.misco.co.uk/applications/SearchTools/item-details.asp?EdpNo=165688&CatId=283

(in reply to paulo.oliveira)
Post #: 7
RE: Wireless access points - 15.Oct.2009 3:35:59 AM   
Boedus

 

Posts: 195
Joined: 8.Sep.2006
Status: offline 		You need to worry a bit more about your architecture rather than where are you gonna plug this AP.

Make sure the AP you buy is powerful enough to support the number of users you have.
A 50 quid AP is probably good for 5 users top. Even though they say 30. This is just marketing. Especially 3Com, they are not very reputable for their WIFI products.
You should better go with somehting that is more powerful, more secure and that offers more features. Have a look at Ruckus Wireless products.

Also make sure your architecture includes WPA Enterprise encryption. WPA personal is not enough to deploy a WIFI infra for a company.
The WPA Enterprise encryption will allow you to authenticate your users through a Radius server and Active Directory certificates.

Your ISA will have 2 NICs too obviously.

Do not compromise on the initial design and security settings. Too many companies are getting hacked and personal data exposed...

You are working in Information Technology, not a Buy More shop...

HTH

< Message edited by Boedus -- 15.Oct.2009 3:38:49 AM >

(in reply to stuarta)
Post #: 8
RE: Wireless access points - 15.Oct.2009 9:30:49 AM   
stuarta

 

Posts: 88
Joined: 4.Sep.2008
Status: offline 		ok you have lost me now. I'm thinking the Netgear would be better than the 3Com, however the rest has gone right above me.

(in reply to Boedus)
Post #: 9
RE: Wireless access points - 16.Oct.2009 6:28:23 AM   
Boedus

 

Posts: 195
Joined: 8.Sep.2006
Status: offline
quote:

ORIGINAL: stuarta

ok you have lost me now. I'm thinking the Netgear would be better than the 3Com, however the rest has gone right above me.


Ok. I was just saying you should pay a particular attention to your architecture and security settings...
Asking where you gonna connect the RJ45 plug is no big deal, you should be more worried about radius server etc, AD Certificates etc..


(in reply to stuarta)
Post #: 10
RE: Wireless access points - 16.Oct.2009 6:32:54 AM   
stuarta

 

Posts: 88
Joined: 4.Sep.2008
Status: offline 		yep thanks, it's just the radius and certificates I'm unsure about

(in reply to Boedus)
Post #: 11
RE: Wireless access points - 19.Oct.2009 12:08:51 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline 		There are a number of guides on the Microsoft site on how to set up your WAP to use RADIUS authetication for WPA. Not too hard to set up -- I've even done it

HTH,
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to stuarta)
Post #: 12
RE: Wireless access points - 20.Oct.2009 3:19:00 AM   
stuarta

 

Posts: 88
Joined: 4.Sep.2008
Status: offline 		Would I need to configure this for the RADIUS server for what I want?

(in reply to tshinder)
Post #: 13
RE: Wireless access points - 20.Oct.2009 4:49:23 AM   
Jason Jones

 

Posts: 4663
Joined: 30.Jul.2002
From: United Kingdom
Status: offline 		Hi Stuart,

This is a good guide:

http://technet.microsoft.com/en-us/library/dd162271.aspx

or slightly more advanced:

http://technet.microsoft.com/en-us/library/cc527055.aspx

Cheers

JJ

_____________________________

Jason Jones | Forefront MVP | Silversands Ltd
My Blogs: http://blog.msedge.org.uk/ and http://blog.msfirewall.org.uk/

(in reply to stuarta)
Post #: 14
RE: Wireless access points - 27.Oct.2009 9:20:01 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline 		Good stuff.

Thanks!
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to Jason Jones)
Post #: 15
RE: Wireless access points - 27.Oct.2009 9:42:11 AM   
stuarta

 

Posts: 88
Joined: 4.Sep.2008
Status: offline 		ok just being chased for this again. It wouldn't be a case of simply plugging in the access point to a wall socket upstairs and then get instant access, secured through the ISA server?

(in reply to stuarta)
Post #: 16
RE: Wireless access points - 28.Oct.2009 10:45:59 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline 		Sure, this would work. If you don't want to isolate the users, then they'll be exposed to the same policy as other Internal Network users.

HTH,
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to stuarta)
Post #: 17
RE: Wireless access points - 28.Oct.2009 11:05:43 AM   
stuarta

 

Posts: 88
Joined: 4.Sep.2008
Status: offline 		ok so to get this clear in my head.

I could purchase something like this

http://www.misco.co.uk/applications/SearchTools/item-details.asp?EdpNo=122297&CatId=283

or

http://www.misco.co.uk/applications/SearchTools/item-details.asp?EdpNo=114657&CatId=283

plug it straight into a wall socket, and the users would have the same ip address range, have the same policies controlled through ISA as if they were hard-wired and they would come with their own security built into the access points?

(in reply to stuarta)
Post #: 18
RE: Wireless access points - 3.Nov.2009 9:01:50 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline 		Yep. The APs can be configured for 801.1x authentication too.

HTH,
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to stuarta)
Post #: 19
RE: Wireless access points - 3.Nov.2009 9:07:52 AM   
stuarta

 

Posts: 88
Joined: 4.Sep.2008
Status: offline 		I've bought the NetGear ProSafe WAG102 and plugged and gone lol

Everyone has same connection as normal, with WPA2-PSK security. Just wondering how I can advance this now

(in reply to stuarta)
Post #: 20

Page:   [1] 2   next >   >> << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 General] >> General >> Wireless access points Page: [1] 2   next >   >>
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts