• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Discussion about article on Configuring Wireless DMZs part 1

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 Firewall] >> DMZ >> Discussion about article on Configuring Wireless DMZs part 1 Page: [1]
Login
Message << Older Topic   Newer Topic >>
Discussion about article on Configuring Wireless DMZs p... - 9.Apr.2005 8:45:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
This thread is about discussion part 1 of the article series on configuring Wireless DMZs at http://isaserver.org/tutorials/2004wirelessdmzpart1.html

HTH,
Tom

[ April 09, 2005, 08:51 PM: Message edited by: tshinder ]
Post #: 1
RE: Discussion about article on Configuring Wireless DM... - 21.Apr.2005 4:46:00 PM   
janm

 

Posts: 1
Joined: 21.Apr.2005
Status: offline
I think there is a little error in the text.

Perform the following steps to create the Forward lookup zone:

4. On the Forward or Reverse Lookup Zone page, select the Reverse lookup zone option and click Next.

...select the Reverse lookup zone... must be ...select the Forward lookup zone... i supose.

J.

(in reply to tshinder)
Post #: 2
RE: Discussion about article on Configuring Wireless DM... - 8.Sep.2005 1:44:00 PM   
VinceCarrasco

 

Posts: 1
Joined: 27.Feb.2005
From: California
Status: offline
Another great article, thanks.

My ISA Firewall is already in service. In your article you tell us to install the third NIC before installing ISA. What kind of problems will I run into if I add the third NIC now and work through the configurations you describe? Or, would it be better to start over?

Thanks,
Vince

(in reply to tshinder)
Post #: 3
RE: Discussion about article on Configuring Wireless DM... - 25.Oct.2005 10:17:00 AM   
t029248

 

Posts: 11
Joined: 14.Aug.2003
From: Holanda
Status: offline
I really appreciate these articles in addition to the great ISA 2004 book. TheyĂre teaching me step by step so much more about ISA / firewalls and general networking. (un)fortunately there are always questions not being answered since every environment is different.

IĂm applying this setup (untrusted DMZ) to my environment, I also want to use a split DNS infrastructure because we, are publishing internal websites and the OWA server I assume on the isa server resolving the internal IP addresses for these server needs to be done.

I found that:

(This is the only interface that has a DNS server configured on it. The DNS server should be a DNS server on the Default Internal Network, and that DNS server should be configured to resolve Internet host names, either by performing recursion itself, or by using a Forwarder (such as your ISP). This interface does not have a default gateway.)

DoesnĂt work in my situation, If I limit the DNS listener to the Wireless DMZ segment external DNS queries fail because clients and the other DNS servers use the LAN NIC on the ISA to resolve external IP addresses. Like this they only can resolve host on the Wireless DMZ segment.

Since the sDSLS router is on another subnet I could make a persistent route on the router or allow the dns server on the ISA to listen on all the LAN Nic to keep resolving working

IĂm not yet sure whatĂs the best solution.

[ October 25, 2005, 10:18 AM: Message edited by: Drallas ]

(in reply to tshinder)
Post #: 4
RE: Discussion about article on Configuring Wireless DM... - 23.Feb.2007 3:35:55 PM   
lazyman

 

Posts: 6
Joined: 4.Dec.2006
Status: offline
We were having similar problem.  Followed all the steps in the article minus the internal rule and the exchange / smtp directions (did not need) but could not get internet access from wireless DMZ and also could not get access to wireless router from isa on DMZ.  Only change made from directions was to let internal (isa) dns (which serves DMZ and has diff subnet than internal network / dns) listen in internal interface as well as dmz interface.  Now all works.  Do not know if this means I have a conflict in my exisitng firewall rules (pretty complex - running SurfControl and requiring auth for most traffic, which force custom protocols and special rules for any traffic needed to be passed anonymous) or a problem with my internal (isa) dns but this works.  If someone knows of a reason why I should not do this and a better solution please advise.  Otherwise, we will continue in our happy little working environment. ... 

(in reply to t029248)
Post #: 5
RE: Discussion about article on Configuring Wireless DM... - 1.Dec.2007 5:55:06 PM   
Cashmo

 

Posts: 14
Joined: 28.Jun.2007
Status: offline
Similar problem here also.  Trying to create guest wireless access with no local network access. 

ISA2006, member of domain
WAN IP = x.x.x.x, has no dns ip
LAN IP = 192.168.3.1, no gateway ip, dns = 192.168.3.12
DMZ IP = 10.10.10.1, no gateway ip, no dns ip

WAP
WAN IP = 10.10.10.2, gw = 10.10.10.1, dns = 10.10.10.1
LAN IP = 10.10.10.3
DHCP server to 10.10.10.11+

Win2003 Domain Controller & DNS server, IP = 192.168.3.12
Forwards to ISP's DNS servers.
Internal network clients browse ok.

Added DNS to ISA box, only listens to 10.10.10.1, forwarders set to ISP DNS servers, created rev/fwd lookup zones and ISA Access Rule to allow DNS from DMZ to local host along with HTTP from DMZ to External.

Logging shows DNS traffic coming from DMZ trying to go to 192.168.3.12 which gets blocked giving wireless browser a timeout error.  Shouldn't ISA be forwarding it to the ISP DNS servers? 

(in reply to lazyman)
Post #: 6

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 Firewall] >> DMZ >> Discussion about article on Configuring Wireless DMZs part 1 Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts