Registered users    
MembershipMembership:
Latest New UserLatest:jenisa villarin
New TodayNew Today:13
New YesterdayNew Yesterday:9
User CountOverall:23322
Private messaging    
You must be logged in to use this module.
Top 10 posters    
NamePosts
Mariette Knap12890
Marina Roos12507
Eriq Neale2114
Stan Guinn1913
Michael Patrick1912
Robert Pearman1770
Nick Pieters1425
Stewart Brown616
william warren598
Kevin D.579
Welcome unauthorized visitor    
If you want to join us in the discussions on this forum you need to register first. Registration is free! If you are already a registered user please login to join the forum.
Small Business Server Support Forum    
Forums > Microsoft Small Business Server 2003 & 2000 > ISA Server 2004
Subject: Guest Internet Access
Prev Next
You are not authorized to post a reply.

Author Messages
Scott Clark User is Offline
Hull, England
Member since
8/25/2005

Platinum Membership
Posts: 85
10/15/2007 04:14 PM  
I am looking for a bit of advise or ifanyone has had the same problem.
 
We have setup a SBS 2003 R2 Premium Server for a local charity which as part of its business runs a community centre. The server is situated within the community centre with approx. 15 users which use SBS for Internet, File Storage Etc.
 
The Community Centre want to use the charities existing Internet connection for all companies which rent room from them on short or long term leases. The Charity want to keep their server a secure as possible.
 
I was originally going to configure the server with 3 nics and separate the guest from the main users using subnets. Giving the users full access to the server and the guest users only access to internet.
 
1. LAN (Private =192.168.100.X, 255.255.255.0)
2. Wan (Public IP)
3 Guest (Private = 172.31.0.x, 255.255.0.0)
 
The plan was to create 2 separte VLANs on there managed switch called Main and Guests. Then I could switch the access by logging into the switch remotely.
 
Issues
----------
1.) The problem with this is how do you tell DHCP to only use a specific interface for the subnets?
2.) The building is an old school and is devided into 2 for the structered cabling. The 2 switches are connected by fibre using media convertors from one switch to another. Therefor I can only VLAN Switch1. As it is a single fibre link.
 
Possible resolution.
-----------------------
1.) Setup all the main computers using static IP addresses on 192.168.100.x subnet
2.) Let guest computers get IP address from DHCP on 172.31.0.x subnet setup ISA to only allow internet access.
 
Any thought or Ideas Please?
 
Many Thanks,
Scott Clark
Senior Network Engineer
Virtual Networking Limited
robert pearman User is Offline
United Kingdom
Member since
2/23/2007

Platinum Membership
Posts: 1770
10/15/2007 05:04 PM  
sounds like a great little project.

would definatley agree with your 3 NIC configuration. but to keep the sbs server seperate - i wouldnt use DHCP on the guest network.

you can specefy a network relationship between the sbs network and the guest network, and you can block all traffic from flowing between the two, which would keep it very secure.

i guess it depends on the amount of pc's we are talking about on the guest network as to wether it is a big deal to set them up statically, or dynamically.
also bear in mind if you set them statically, you can use the ISA controls to greater effect, without lowering the security on the sbs network.
Michael Patrick User is Offline
United States
Member since
10/26/2005

Platinum Membership
Posts: 1912
10/15/2007 05:24 PM  
Problem is that SBS does not allow for a 3 nic's....

For guests, I like to keep them on the outside of the server....but you would have to have them on static IP's (since the router cannot be DHCP with SBS as well)....or you can go wireless and add an access point which will have DHCP enabled.
Michael Patrick

"Technology Interpreter Extraordinaire"
CAD, BIM & SBS
robert pearman User is Offline
United Kingdom
Member since
2/23/2007

Platinum Membership
Posts: 1770
10/15/2007 05:39 PM  
is that true? ive never seen that documented before......... well i certainly dont remember seeing it documented before......
Michael Patrick User is Offline
United States
Member since
10/26/2005

Platinum Membership
Posts: 1912
10/15/2007 05:50 PM  
I just remember M&M mentioning it before...Ahh....found the reason....you CAN have 3 nics....but the CEICW only understands 2, so it kinda breaks if 3 are active....

Check out this thread.... http://www.smallbizserver.net/Forums/tabid/53/forumid/53/tpage/1/view/topic/postid/43077/Default.aspx#45164
Amy pretty much sums it up at the end.
Michael Patrick

"Technology Interpreter Extraordinaire"
CAD, BIM & SBS
robert pearman User is Offline
United Kingdom
Member since
2/23/2007

Platinum Membership
Posts: 1770
10/15/2007 06:14 PM  
cheers mate, ill check that out...
Scott Clark User is Offline
Hull, England
Member since
8/25/2005

Platinum Membership
Posts: 85
10/16/2007 12:59 AM  
Hi Everyone thanks for the input.

I was going to configure the guest network as DHCp as the guest users will vary day to day but estimating no more than 50 computer systems.
But some may use laptops to pop in and log on.
Thats why I want to use DHCP for the guest network.

There is only 15 PCs on the internal SBS network and that will say the same so it seem like the best option to have these as static IP addresses.

Alternatively this may be a bad suggestion and tiredness setting in. But what if I create a separate scope for the internal SBS users with 15 ip address and assign reservations.

Just to throw another spanner in the works they have decided they would like all users internal and guests to use the colour photo copier.

The only way I can see if that is the case is have a LAN and WAN. Setup ISA to allow anonymous for the internet and allow everyone access to the printer.

Any other thoughts?
Scott Clark
Senior Network Engineer
Virtual Networking Limited
You are not authorized to post a reply.
Forums > Microsoft Small Business Server 2003 & 2000 > ISA Server 2004 > Guest Internet Access


ActiveForums 3.7
Forum policy    
These Discussion Forums are dedicated to the discussion of the Small Business Server and related server and client software. For the benefit of the community please observe the following posting guidelines:
  1. No Advertising. This includes promotion of commercial products and non-commercial products which are not directly related to Small Business Server and related server and client software.
  2. No Flaming or Trolling.
  3. No Profanity, Racism, or Prejudice.
  4. Site Moderators have the final word on approving/removing a thread or post or comment.
Copyright 2002-2008 Concentrix b.v.    :   Page generated in 0.4062526 seconds.   :   Terms Of Use   :   Privacy Statement