OK, I know this has to be covered; but for some reason I just can not wrap my head around this. Maybe i'm just having a bad day, but this is just not working like i'm thinking it should.
I have a WAP and a few clients in my DMZ (172.31.2.x) I would like them to be able to authenticate and connect back to the internal network (through the ISA server). There will be the possibility of a few domain members in the WiFi DMZ, and I would rather not setup radius authentication (not out of the question).
I at first set ISA up and told it to use the "perimeter network" but now after reading here realized that's really for a 3 nic setup on ISA. The 172.31.2.x subnet looks external to ISA. So i've added "DMZ/WiFi - subnet 172.31.2.x) to the networks and firewall settings, but i'm most definitely missing something.
here is a graphic representation of the network.
< Message edited by amais -- 20.Apr.2010 1:46:34 PM >
unless I missed the point of that article, it really won't work for me. The "DMZ" has to be off the router, as BVI1 on the router includes an AP+4 port switch (Cisco 2821) and will eventually carry VOIP phone equipment. I could add a 3rd nic on the ISA, but don't really see the point seeing there really isn't a way to connect the Cisco AP.
There has to be a way of getting traffic from an external source to pass through to internal.
Router: Gateway of last resort is X.X.X.X to network 0.0.0.0
X.0.0.0/24 is subnetted, 1 subnets C X.X.X.0 is directly connected, GigabitEthernet0/0 172.31.0.0/27 is subnetted, 1 subnets C 172.31.2.0 is directly connected, Vlan2 10.0.0.0/30 is subnetted, 1 subnets C 10.10.10.0 is directly connected, GigabitEthernet0/1 S* 0.0.0.0/0 [254/0] via X.X.X.X