| Author |
Message |
Tim Fickes
Guest
|
 Posted:
Fri Dec 31, 2004 12:30 am Post subject:
Wireless Internet Connection for Guests |
|
|
Our office is running 2 NIC SBS2000, router, cable modem and dynamic IP
(have DNS2Go for VPN into office)...
We would like to be able to offer clients that visit office Internet access,
without having them on the LAN.
Is it simply a matter of replacing our current router with a wireless router
(with all settings the same) and then configure the wireless part and/or let
them plug into router for those laptops without wireless?
I remember that DHCP on router was disabled with this setup, so how can
wireless pc get lease?
If so, would this allow them to VPN out and not interfere with our LAN
ability to access internet? (I know that when I VPN into office from home
that I can't browse internet at them same time) |
|
| Back to top |
|
 |
Mariette Knap [SBS MVP]
Guest
|
| Posted:
Fri Dec 31, 2004 2:45 am Post subject:
Re: Wireless Internet Connection for Guests |
|
|
In news:esXg02p7EHA.1292@TK2MSFTNGP10.phx.gbl,
Tim Fickes <tim@proanalystsnospam.com> wrote:
| Quote: | Our office is running 2 NIC SBS2000, router, cable modem and dynamic
IP (have DNS2Go for VPN into office)...
We would like to be able to offer clients that visit office Internet
access, without having them on the LAN.
Is it simply a matter of replacing our current router with a wireless
router (with all settings the same) and then configure the wireless
part and/or let them plug into router for those laptops without
wireless?
I remember that DHCP on router was disabled with this setup, so how
can wireless pc get lease?
If so, would this allow them to VPN out and not interfere with our LAN
ability to access internet? (I know that when I VPN into office from
home that I can't browse internet at them same time)
|
It should not be a problem to have DHCP running on the router that is
connected to the Wan side of your SBS server as long as you have ISA
installed and block DHCP traffic and have the Wan assigned a static IP
address outside of the DHCP scope of your (wireless) router.
Allowing visitors to connect to your Wireless without any authentication
makes this wireless router available to anybody driving by your company and
using *your* Internet connection. This could cause legal problems!
I would not allow such a configuration.
--
Mariėtte Knap - MVP
http://www.smallbizserver.net
Take part in SBS forum:
http://www.smallbizserver.net/Default.aspx?tabid=154 |
|
| Back to top |
|
|
Lanwench [MVP - Exchange]
Guest
|
| Posted:
Sun Jan 02, 2005 6:21 am Post subject:
Re: Wireless Internet Connection for Guests |
|
|
Tim Fickes wrote:
| Quote: | Our office is running 2 NIC SBS2000, router, cable modem and dynamic
IP (have DNS2Go for VPN into office)...
We would like to be able to offer clients that visit office Internet
access, without having them on the LAN.
Is it simply a matter of replacing our current router with a wireless
router (with all settings the same) and then configure the wireless
part and/or let them plug into router for those laptops without
wireless?
I remember that DHCP on router was disabled with this setup, so how
can wireless pc get lease?
If so, would this allow them to VPN out and not interfere with our LAN
ability to access internet? (I know that when I VPN into office from
home that I can't browse internet at them same time)
|
In addition to Mariette's reply, I'll chime in.
Set up a separate wireless network for them that doesn't touch your LAN at
all - different IP network entirely. This might be easier if you have a
switch that can handle VLANs. You do *not* want strange PCs connecting to
your network...you don't know what they might be infected with. |
|
| Back to top |
|
|
Tim Fickes
Guest
|
| Posted:
Mon Jan 03, 2005 11:08 pm Post subject:
Re: Wireless Internet Connection for Guests |
|
|
"Mariette Knap [SBS MVP]" <mariette@smallbizserver.local> wrote in message
news:e32YFCr7EHA.1596@tk2msftngp13.phx.gbl...
| Quote: | In news:esXg02p7EHA.1292@TK2MSFTNGP10.phx.gbl,
Tim Fickes <tim@proanalystsnospam.com> wrote:
Our office is running 2 NIC SBS2000, router, cable modem and dynamic
IP (have DNS2Go for VPN into office)...
We would like to be able to offer clients that visit office Internet
access, without having them on the LAN.
Is it simply a matter of replacing our current router with a wireless
router (with all settings the same) and then configure the wireless
part and/or let them plug into router for those laptops without
wireless?
I remember that DHCP on router was disabled with this setup, so how
can wireless pc get lease?
If so, would this allow them to VPN out and not interfere with our LAN
ability to access internet? (I know that when I VPN into office from
home that I can't browse internet at them same time)
It should not be a problem to have DHCP running on the router that is
connected to the Wan side of your SBS server as long as you have ISA
installed and block DHCP traffic and have the Wan assigned a static IP
address outside of the DHCP scope of your (wireless) router.
Allowing visitors to connect to your Wireless without any authentication
makes this wireless router available to anybody driving by your company
and
using *your* Internet connection. This could cause legal problems!
I would not allow such a configuration.
--
Mariėtte Knap - MVP
http://www.smallbizserver.net
Take part in SBS forum:
http://www.smallbizserver.net/Default.aspx?tabid=154
|
I would make the wireless network secure and supply guests with credentials,
so that it wouldn't be a neighborhood hotspot. Would change daily so that
it couldn't be used by guests again.
So with my using network setup described on your site (SBS2000, 2 nics,
dynamic IP, ISA, router)...
My Router is 192.168.1.1 w/ 255.255.255.0
External Nic is 192.168.1.2
If I enable DHCP in router it should supply address of 192.168.1.3-255?!?!
I don't understand what you mean in your first paragraph, are there two
different thoughts?
"It should not be a problem to have DHCP running on the router that is
connected to the Wan side of your SBS server as long as you have ISA
installed and block DHCP traffic"
AND
"have the Wan assigned a static IP
address outside of the DHCP scope of your (wireless) router"
I do have ISA installed. I don't know what you mean in this circumstance
regarding having ISA block DHCP traffic.
The router gets it's "dynamic" IP address from the DNS servers of ISP
automatically... I don't know what you mean by having WAN assigned a static
IP outside the DHCP scope of (wireless) router. |
|
| Back to top |
|
|
Jim Behning
Guest
|
| Posted:
Tue Jan 04, 2005 5:51 am Post subject:
Re: Wireless Internet Connection for Guests |
|
|
Tim Fickes" <tim@proanalystsnospam.com> wrote:
| Quote: | "Mariette Knap [SBS MVP]" <mariette@smallbizserver.local> wrote in message
news:e32YFCr7EHA.1596@tk2msftngp13.phx.gbl...
In news:esXg02p7EHA.1292@TK2MSFTNGP10.phx.gbl,
Tim Fickes <tim@proanalystsnospam.com> wrote:
Our office is running 2 NIC SBS2000, router, cable modem and dynamic
IP (have DNS2Go for VPN into office)...
We would like to be able to offer clients that visit office Internet
access, without having them on the LAN.
Is it simply a matter of replacing our current router with a wireless
router (with all settings the same) and then configure the wireless
part and/or let them plug into router for those laptops without
wireless?
I remember that DHCP on router was disabled with this setup, so how
can wireless pc get lease?
If so, would this allow them to VPN out and not interfere with our LAN
ability to access internet? (I know that when I VPN into office from
home that I can't browse internet at them same time)
It should not be a problem to have DHCP running on the router that is
connected to the Wan side of your SBS server as long as you have ISA
installed and block DHCP traffic and have the Wan assigned a static IP
address outside of the DHCP scope of your (wireless) router.
Allowing visitors to connect to your Wireless without any authentication
makes this wireless router available to anybody driving by your company
and
using *your* Internet connection. This could cause legal problems!
I would not allow such a configuration.
--
Mariėtte Knap - MVP
http://www.smallbizserver.net
Take part in SBS forum:
http://www.smallbizserver.net/Default.aspx?tabid=154
I would make the wireless network secure and supply guests with credentials,
so that it wouldn't be a neighborhood hotspot. Would change daily so that
it couldn't be used by guests again.
So with my using network setup described on your site (SBS2000, 2 nics,
dynamic IP, ISA, router)...
My Router is 192.168.1.1 w/ 255.255.255.0
External Nic is 192.168.1.2
If I enable DHCP in router it should supply address of 192.168.1.3-255?!?!
I don't understand what you mean in your first paragraph, are there two
different thoughts?
"It should not be a problem to have DHCP running on the router that is
connected to the Wan side of your SBS server as long as you have ISA
installed and block DHCP traffic"
AND
"have the Wan assigned a static IP
address outside of the DHCP scope of your (wireless) router"
I do have ISA installed. I don't know what you mean in this circumstance
regarding having ISA block DHCP traffic.
The router gets it's "dynamic" IP address from the DNS servers of ISP
automatically... I don't know what you mean by having WAN assigned a static
IP outside the DHCP scope of (wireless) router.
The wan port to the router uses an ip provided by the isp. This can be |
dynamic or it can be static. It totally depends on what service you
bought from the isp. On the lan side of the router which is the wan
side of ISA, you can have a static ip or a dynamic ip depending on how
the router is set up. ISA in 2 nic configuration will block dhcp
traffic from the router which can mess up the lan side of SBS.
An example of sorts. SBS has an ip of 192.168.16.2 for the lan. It has
a second nic for the wan with an ip of 192.168.1.2. The router lan
side has an ip of 192.168.1.254. The router has a wan ip of
66.52.1.32. You program your router at the ip of 192.168.1.254. You
must understand that wan is a relative term. To the isp lan is the
other side of their router. To your server the lan of the router is
wan. It is outside ot the lan network of 192.168.16.x.
Maybe the point is that the lan side of the router must be unique. It
cannot be the ip network of your SBS lan and it cannot be the ip
network that your isp provides.
Jim B. SBS Community Member
remove the mvp to send email |
|
| Back to top |
|
|
|
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in