I have a issue with placing a wireless access point into the DMZ. We have a fire wall with DMZ, and I want the guest clients be able to use this Access point for internet, so I put a CISCO 1200 serie in to the DMZ. the DMZ has no DHCP and LAN clients that connected to DMZ have Static IPs, so I gave the WAP (wireless Access Point) the same IP reng as DMZ, now I give to my laptop an IP in the same reng as DMZ and WAP, I can ping the WAP but I am not able to to ping the outside world or use internet. If I put the WAP in inside interface of firewall there is no problem, I can ping any where and I can use internet. ( the only diffrent between DMZ and Inside network is that DMZ has no DHCP and Inside LAN has DHCP)
My guess is that you are not getting any DNS information and that may be why you cannot ping anything. Did you ping to a name or to an IP address? Use a machine on the inside of your network to ge the IP address of say
formatting link
then use the client from the DMZ to ping the IP address that this resolved to. Other things besides IP include having the correct submask and default gateway.
What type of DMZ? There are at least 3 different types (bastion host, screened subnet, and dual firewall). In addition, there some abomination found in cheap routers that claims to be a DMZ, but really opens to the internet whatever is plugged into the DMZ, without any filtering or protection. It really depends on your unspecified model router(s) and topology. What are you using?
Of course, this is a secret model firewall or you would have supplied the maker and model number. Hint: Not all firewalls are the same.
Ok, that's one way to do it. It will work depending on your unspecified model router(s).
I don't understand. Could you re-write this one sentence description of your topology in a somewhat clearer manner? If I decode this correctly, you do NOT have a DHCP server (or DHCP relay feature) available to the DMZ. Is this correct? If so, it won't work for the random connecting client unless you manually assign IP address to each wireless client. I assume you don't want to do this, so you'll need to conjur a DHCP server or DHCP relay.
Won't work without a DHCP server available inside the DMZ.
Sure. Which exact model Cisco 1200 series access point are you using?
None of these have DHCP server built into the access point. Therefore, it has to come from the rest of your network. Depending on your inside firewall and what you are using for a DHCP server on your inside network, you can either enable the DHCP server on the DMZ size of the inside firewall, or setup the firewall to act as a relay host for a different DHCP server inside the firewall.
Another way is to simply forget about using the 1200 access point for wireless and use a wireless router. Wireless clients connect and obtain a non-routeable IP address. DHCP server is in the wireless router. NAT converts all connections to a single IP address, which can be filtered, sniffed for evilware, and secured. If the purpose is to give users internet access without also giving them access to the inside network, this arrangement is easy to configure.
If you're using a Microsoft ISA server, these articles might be useful:
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.