Connect WLAN to Main LAN via Win2K server with 2 nics

  • Thread starter Thread starter Eddy
  • Start date Start date
E

Eddy

Hello,

Can someone explain me how to do the following:

We have two accesspoints, they are connected to one networkcard of my
Windows 2000 server. This Windows 2000 server should act as a DHCP
server on this network card only with ip range 192.168.50.100 - 110.
The other network card of my Windows 2000 server should be connected
to our main LAN.
PDA's are connected to the WLAN Acces points and should only connect
to one server on our main LAN, let's say 10.0.92.16.

So i need to access from the PDA (192.168.50.120), only to a
webservice on server 10.0.92.16 and should not be able to connect to
other parts of our 10.0.92.0 network.

And if possible i should be able to access the WLAN access points
(192.168.50.50 and 192.168.50.51) from our lan LAN 10.0.92.0, to
maintain them.

Can someone tell me how to do this, with firewall rules or forwarding,
etc...

Thanks a lot for your help.

Regards,

Edward
 
Eddy said:
Hello,

Can someone explain me how to do the following:

We have two accesspoints, they are connected to one networkcard of my
Windows 2000 server. This Windows 2000 server should act as a DHCP
server on this network card only with ip range 192.168.50.100 - 110.
The other network card of my Windows 2000 server should be connected
to our main LAN.
PDA's are connected to the WLAN Acces points and should only connect
to one server on our main LAN, let's say 10.0.92.16.

So i need to access from the PDA (192.168.50.120), only to a
webservice on server 10.0.92.16 and should not be able to connect to
other parts of our 10.0.92.0 network.

And if possible i should be able to access the WLAN access points
(192.168.50.50 and 192.168.50.51) from our lan LAN 10.0.92.0, to
maintain them.

Can someone tell me how to do this, with firewall rules or forwarding,
etc...

Thanks a lot for your help.

Regards,

Edward
Click to expand...

you can us either NAT or Internet Connection Sharing. ICS is easier to
set up, but because you want to use your 192.168.50 subnet (ICS will
only serve DHCP addresses on 192.168.0), NAT is your ticket. You set it
up in the Routing and Remote Access (RRAS) snap-in. If you can use
192.168.0, use ICS. That will enable the PDAs to route into the 10.0.92
network (but not the other way around. You can set up port forwarding on
the ICS properties page to forward ports to your access points for web
management. They'll have to be configured to listen on independent ports.

The advantage is that no changes are required to routers (or routing
tables) anywhere else in your network. The disadvantage is one-way
connection initialization, which may be just fine in your situation.

....Kurt
 
Sticking two nics in a server doesn't make it a LAN Router.
RRAS needs to be installed and configure on the box so that it worksd as a LAN
Router. This has nothing to do with NAT, Firewalls or Proxys.
You can create ALCs in RRAS to control access but it is very tedious and not
very flexable.

You ought to just allow the PDAs access to the Main LAN and forget it. Your
"security" should come from the abilities within the Access Points (WPA, LEAP,
PEAP, etc) to allow/not allow people to connect to them in the first place.


--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft, or
anyone else associated with me, including my cats.
 
Back
Top