Posts: 17
Joined: 21.Oct.2005
From: BiH
Status: offline
Hi all
I hope this topic isn't dead.
I want to set up wireless DMZ with its DNS and DHCP servers. It means I dont want to use internal DNS server and I don't want to install DNS server on ISA Server. Also, I dont want do publish anything from internal network to wireless DMZ. What I must to do? What about with Forward and Revers lookup zone on my dedicated DNS Server? Which Access rules and Network rules I need and so on. I still tried some things but without success.
Anybody help me?
Camac
< Message edited by camac -- 26.Feb.2008 7:04:12 AM >
Posts: 144
Joined: 20.May2006
From: Kingdom of Bahrain
Status: offline
Hi, I think all here are agree with me, before answring your question, we require to know your Network Setup:
What is the ROLE of ISA Server in your Network? Proxy with Single Nic Proxy and Edge Firewall Back-to-back Firewall, External Nic in DMZ and Internal pointing to the corporate network. How the internet connectivity to your internal clients? are they though ISA, baypassing Isa and using the ADSL router as a DNS Server and Gateway, How the DMZ netwrokg is connected in your Network? Is it vai ISA Server?
quote:
ORIGINAL: camac
Hi all
I hope this topic isn't dead.
I want to set up wireless DMZ with its DNS and DHCP servers. It means I dont want to use internal DNS server and I don't want to install DNS server on ISA Server. Also, I dont want do publish anything from internal network to wireless DMZ. What I must to do? What about with Forward and Revers lookup zone on my dedicated DNS Server? Which Access rules and Network rules I need and so on. I still tried some things but without success.
I'm planning on setting up this scenario in the next week or so, with the only difference being the people on the wireless DMZ side won't need access to internal servers. so i don't think i'll need the split dns as described in part 1.. They'll just be securenat accessing the internet....
currently our ActiveDirectory server's DNS is set to foward any thing it can't resolve to the caching only DNS on our ISA2006 server. This DNS, which listens only on the internal interface, forwards to our ISP's dns servers to resolve.
If I were to change the ISA's DNS to to listen on the DMZ interface as well as the internal interface, will this allow the DMZ wireless to resolve DNS without compromising any security to internal network?
Posts: 11
Joined: 20.Jan.2003
From: Chandler, AZ
Status: offline
Our current system is using ISA Server 2006 with an external and internal network interface. Our domain controller (with DNS and DHCP) is on the internal network. We configured split DNS (with DNS caching server on the ISA server). We followed your article on how to configure for a split DNS. We have now added a guest interface on the ISA server for wireless uers. I see an article on how to configure DNS on the ISA server so that wireless guests can resolve hostnames with the internal DNS server. The two processes for setup of the DNS on the ISA server are different. Which one should I use?
We are also trying to get Captivate to work and I think the problem is that the users on the guest network cannot resolve internal hostnames, but they can resolve external host names.