Re: ISA 04 and DHCP
- From: "josephk" <josephk@xxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Tue, 27 Jul 2004 21:10:25 -0700
What cha talking about Europe??? Who said you could go! <grin>
Joseph
-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
Sent: Tuesday, July 27, 2004 12:47 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: ISA 04 and DHCP
http://www.ISAserver.org
Hey guys,
This is an interesting discussion. I've wondered what equipment they use
to allow this type of access. Its clear they know what room you're
coming from, as the STSN and Wayport networks automatically identify
your room. I don't think its Mac authentication, because you can bring
another machine online and it still works (IIRC, its been a while since
I've plugged two different laptops into the same room).
It seems to be that they authorize the room for X number of hours after
the initial identification page sign in and agreement form. That makes
sense, since they really don't care what machine is in the room, they
only care about someone in that room agreeing to pay for it.
You do get an IP address when you first plug in, but you're redirected
to the sign up page. After that, you're assigned either a private
address that you NAT through, or you can choose what they call a
"non-firewalled" connection that assigns you a public address (so that
you can do VPN, from their explanation, although you can still PPTP from
a 'firewalled' address, and everyone knows that NAT is the same as a
firewall :-))
After leaving the sign up page, you can connect to the Internet. But
when the time runs out for your room, you're redirected to the sign up
page again.
So, I think you could accomplish the same thing by redirecting all users
to a sign up page first. I know they did something like this at TechEd
in Europe last month, but of course, they didn't explain how they did it
:( It's a feature a ton of people have asked about with ISA Server 2000,
and it would be a real treat if they could the method they used for the
initial authentication page to allow network access.
Tom
www.isaserver.org/shinder
Get the book!
Tom and Deb Shinder's Configuring ISA Server 2004
http://tinyurl.com/3xqb7 MVP -- ISA Firewalls
-----Original Message-----
From: Quillman Shawn (RBNA/CSA1) * [mailto:Shawn.Quillman@xxxxxxxxxxxx]
Sent: Tuesday, July 27, 2004 2:29 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: ISA 04 and DHCP
http://www.ISAserver.org
The hotel access I've seen is not DHCP authentication, it happens at a
higher level. Access restrictions other than by MAC would not be
possible until you have an address so something like application level
authentication on a DHCP server doesn't make sense. The hotel networks
I've seen allow you to get an address, but then have a proxy or
something that handles the access to resources.
-Shawn
-----
Shawn R. Quillman
Robert Bosch Corporation RBNA/CSA1
38000 Hills Tech Drive
Farmington Hills, MI 48331
(248) 553-1164 (P) (248) 848-6969 (F) shawn.quillman@xxxxxxxxxxxx
-----Original Message-----
From: Chris H [mailto:ntpro@xxxxxxxxxx]
Sent: Tuesday, July 27, 2004 9:49 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: ISA 04 and DHCP
http://www.ISAserver.org
I know dhcp is not built in to ISA but (can) be a function of RRAS
I had a thought that perhaps they might have built something into ISA or
RRAS that handled handing out IP's to VPN connections in a more elegant
fashion.
I know you can also do reservations to MACs in dhcp but I would then
have to go back and retro in about ~500 MAC addresses and I am not to
keen on doing that! :)
anyone else have a solution they use for some type of authenticating
dhcp?
Perhaps something similair to what hotels use when you log in to their
broadband? You dont get access to the net until you pay and
authenticate?
----- Original Message -----
From: "Jim Harrison" <jim@xxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Tuesday, July 27, 2004 1:20 AM
Subject: [isalist] Re: ISA 04 and DHCP
> http://www.ISAserver.org
>
> ISA not DHCP server
> ISA not authenticate DHCP requests
> ISA only firewall / proxy server
> DHCP services can use reservations
>
> Jim Harrison
> MCP(NT4, W2K), A+, Network+, PCG http://www.microsoft.com/isaserver
> http://isaserver.org/Jim_Harrison
> http://isatools.org
>
> Read the help, books and articles!
> ----- Original Message -----
> From: "Chris H" <ntpro@xxxxxxxxxx>
> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> Sent: Monday, July 26, 2004 06:45
> Subject: [isalist] ISA 04 and DHCP
>
>
> http://www.ISAserver.org
>
> does ISA server 2004 offer anything better in the way of DHCP or do
you
> have the same options as in 2000? I am looking to try to
> find a way to secure a wap off of a ISA server ... I am also trying to
> find some kind of "secure" dhcp server to only hand out IP's to MAC
> addresses or by authentication would be perfect ... like when
you
> go to a hotel and "log in" to get a dhcp and use the
> internet ...
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> World of Windows Networking: http://www.windowsnetworking.com Leading
> Network Software Directory: http://www.serverfiles.com No.1 Exchange
> Server Resource Site: http://www.msexchange.org Windows Security
> Resource Site: http://www.windowsecurity.com/ Network Security
> Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
> http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> jim@xxxxxxxxxxxx
> To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
>
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> World of Windows Networking: http://www.windowsnetworking.com Leading
> Network Software Directory: http://www.serverfiles.com No.1 Exchange
> Server Resource Site: http://www.msexchange.org Windows Security
> Resource Site: http://www.windowsecurity.com/ Network Security
> Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
> http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> ntpro@xxxxxxxxxx
> To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com No.1 Exchange
Server Resource Site: http://www.msexchange.org Windows Security
Resource Site: http://www.windowsecurity.com/ Network Security Library:
http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
shawn.quillman@xxxxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com No.1 Exchange
Server Resource Site: http://www.msexchange.org Windows Security
Resource Site: http://www.windowsecurity.com/ Network Security Library:
http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com No.1 Exchange
Server Resource Site: http://www.msexchange.org Windows Security
Resource Site: http://www.windowsecurity.com/ Network Security Library:
http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
josephk@xxxxxxxxxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Other related posts:
