Hi friends, I configured my isa 2004 as a 3 leg perimeter.i want to use perimeter network only for wireless. so in perimeter network i have a router which is connected to the perimeter interface of isa. i am using radius authentication for wireless client wih the help of radius server which is in internal network. i am using isa to forward all the request to radius server.i am also publishing internal DNS Server on perimeter network.
Here i my network rules :
Name Relation source destination 1 Local Host route local host all network 2 VPN clients route vpn clients internal 3 perimeter NAT perimeter internal 4 internet NAT internal external perimeter vpn
so with these rule radius autentication works well but problem arise with DNS publishing. error says that there in no relation between internal and perimeter network.
But if i cahnge 3rd rule to internal to perimeter then DNS works fine but problem arise in radius authenticaion.
1 - if i set Route relation between perimeter and internal
- radius authentication works fine if use wireless access point as a radius client. - problem with dns publishing. it says publishing rule maps DNS server to internal interface successfully. But i assume it should map to perimeter network rather than internal.
2 - if i set NAT relation from perimeter to internal
- radius authentication works fine if i use my isa server as a radius client.
- problem with DNS publishing. it says there is no realtion between internal and perimeter network.
3 - if i set NAT relation from internal to perimeter
- radius authentication does not work. error says it denied due to network rule
- DNS publishing works fine and it maps the internal DNS server to my perimeter network.
so plz help me to find out right way to acheive both objectives. i would prefer to use my isa server as a radius client for radius server. I am using private addresses in both networks.
Hi Paulo i am assuming that i will create route relation between perimeter and internal network. As you advised i read the first article. 1) it says
Clients who want to access the published server when the network relationship is ROUTE need to specify the published Server IP Address as the destination because the rule in this case acts in a similar fashion to an Access rule – with the difference of the Protocols used – outbound for an access rule and inbound for a publishing rule
does it mean i need to mention published server ip address when i need to do nslookup from perimeter network, like below nslookup google.com 172.25.6.1(internal dns server) if so then it works well in my case.
2) and there is another article for this situation