Discussion about article on Configuring Wireless DMZs part 1

Discussion about article on Configuring Wireless DMZs part 1 (Full Version)

All Forums >> [ISA Server 2004 Firewall] >> DMZ

Message

tshinder -> Discussion about article on Configuring Wireless DMZs part 1 (9.Apr.2005 8:45:00 PM)
This thread is about discussion part 1 of the article series on configuring Wireless DMZs at http://isaserver.org/tutorials/2004wirelessdmzpart1.html HTH, Tom [ April 09, 2005, 08:51 PM: Message edited by: tshinder ]

janm -> RE: Discussion about article on Configuring Wireless DMZs part 1 (21.Apr.2005 4:46:00 PM)
I think there is a little error in the text. Perform the following steps to create the Forward lookup zone: 4. On the Forward or Reverse Lookup Zone page, select the Reverse lookup zone option and click Next. ...select the Reverse lookup zone... must be ...select the Forward lookup zone... i supose. J.

VinceCarrasco -> RE: Discussion about article on Configuring Wireless DMZs part 1 (8.Sep.2005 1:44:00 PM)
Another great article, thanks. My ISA Firewall is already in service. In your article you tell us to install the third NIC before installing ISA. What kind of problems will I run into if I add the third NIC now and work through the configurations you describe? Or, would it be better to start over? Thanks, Vince

t029248 -> RE: Discussion about article on Configuring Wireless DMZs part 1 (25.Oct.2005 10:17:00 AM)
I really appreciate these articles in addition to the great ISA 2004 book. TheyÆre teaching me step by step so much more about ISA / firewalls and general networking. (un)fortunately there are always questions not being answered since every environment is different. IÆm applying this setup (untrusted DMZ) to my environment, I also want to use a split DNS infrastructure because we, are publishing internal websites and the OWA server I assume on the isa server resolving the internal IP addresses for these server needs to be done. I found that: (This is the only interface that has a DNS server configured on it. The DNS server should be a DNS server on the Default Internal Network, and that DNS server should be configured to resolve Internet host names, either by performing recursion itself, or by using a Forwarder (such as your ISP). This interface does not have a default gateway.) DoesnÆt work in my situation, If I limit the DNS listener to the Wireless DMZ segment external DNS queries fail because clients and the other DNS servers use the LAN NIC on the ISA to resolve external IP addresses. Like this they only can resolve host on the Wireless DMZ segment. Since the sDSLS router is on another subnet I could make a persistent route on the router or allow the dns server on the ISA to listen on all the LAN Nic to keep resolving working IÆm not yet sure whatÆs the best solution. [ October 25, 2005, 10:18 AM: Message edited by: Drallas ]

lazyman -> RE: Discussion about article on Configuring Wireless DMZs part 1 (23.Feb.2007 3:35:55 PM)
We were having similar problem. Followed all the steps in the article minus the internal rule and the exchange / smtp directions (did not need) but could not get internet access from wireless DMZ and also could not get access to wireless router from isa on DMZ. Only change made from directions was to let internal (isa) dns (which serves DMZ and has diff subnet than internal network / dns) listen in internal interface as well as dmz interface. Now all works. Do not know if this means I have a conflict in my exisitng firewall rules (pretty complex - running SurfControl and requiring auth for most traffic, which force custom protocols and special rules for any traffic needed to be passed anonymous) or a problem with my internal (isa) dns but this works. If someone knows of a reason why I should not do this and a better solution please advise. Otherwise, we will continue in our happy little working environment. ... [;)]

Cashmo -> RE: Discussion about article on Configuring Wireless DMZs part 1 (1.Dec.2007 5:55:06 PM)
Similar problem here also. Trying to create guest wireless access with no local network access. ISA2006, member of domain WAN IP = x.x.x.x, has no dns ip LAN IP = 192.168.3.1, no gateway ip, dns = 192.168.3.12 DMZ IP = 10.10.10.1, no gateway ip, no dns ip WAP WAN IP = 10.10.10.2, gw = 10.10.10.1, dns = 10.10.10.1 LAN IP = 10.10.10.3 DHCP server to 10.10.10.11+ Win2003 Domain Controller & DNS server, IP = 192.168.3.12 Forwards to ISP's DNS servers. Internal network clients browse ok. Added DNS to ISA box, only listens to 10.10.10.1, forwarders set to ISP DNS servers, created rev/fwd lookup zones and ISA Access Rule to allow DNS from DMZ to local host along with HTTP from DMZ to External. Logging shows DNS traffic coming from DMZ trying to go to 192.168.3.12 which gets blocked giving wireless browser a timeout error. Shouldn't ISA be forwarding it to the ISP DNS servers?

Page: [1]