Solved

Split the internet access between the users of the same network segment

Posted on 2010-08-12
11
378 Views
Last Modified: 2013-12-08
We have two companies on the same network segment due to an old IP phone system using MAC as identifier.  
There are two different Windows 2003 AD domains and two internet connections: one over a Juniper firewall and the other one over an ISA 2006 firewall.  
I need to route the users of each company over their own firewall when in the office and also to allow the notebook users to use the IE “automatically detect settings” option when on the road.  
I am loading the default gateway on the logon script instead of DHCP but I have problems loading the proxy for IE
I cannot use WPAD with DHCP because they are both using the same DHCP sever, neither I can use WPAD with DNS because one of the companies has a remote branch office (and that will push these users to go over the ISA Server in the Head office).
Is there a way using GP to have the users to connect to ISA on port 8080 when in the office and to “automatically detect settings” when on the road?
0
Comment
Question by:MikeTa
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
11 Comments
 
LVL 5

Expert Comment

by:allan_jardine
ID: 33421576
is it not possible to put your servers on different vlans on your switch and allow access them from only the correct machines - that way you should be able to run seperate DHCP services for each company
0
 

Author Comment

by:MikeTa
ID: 33421660
I considered this but the guys that are taking care of the phones told me that by doing this some of the phones will not be able to talk to the phones mangement server.  As I sain it identifies the phones by their MAC address....
0
 
LVL 5

Expert Comment

by:allan_jardine
ID: 33421687
Is the phone management server one of your DHCP servers?
0
How Do You Stack Up Against Your Peers?

With today’s modern enterprise so dependent on digital infrastructures, the impact of major incidents has increased dramatically. Grab the report now to gain insight into how your organization ranks against your peers and learn best-in-class strategies to resolve incidents.

 

Author Comment

by:MikeTa
ID: 33421761
no the DHCP is on one of the Windows DC.  This is a 3COM server.  I don't even know if it is on Windows on on some Linux version.  The phones and the computers on each desk share the same ethernet cable.  It is cascaded from the computer over the phone.  Once connected, the phone server sees it and you can assign an extension to it.  There is no IP involved.  The phone server uses the MAC address as identifier. A VLAN setup will block the MAC propagation...
0
 
LVL 5

Expert Comment

by:allan_jardine
ID: 33422350
In that case you should be able to allow your computers to see each other,  the 3COM server and the appropriate Windows DC for their domain/DHCP settings using a port based VLAN. if your switch can be configured like this then you should be OK since all we are doing is preventing some phones and computers seeing a Windows DC
0
 

Author Comment

by:MikeTa
ID: 33423138
The 3COM server must see and be seen by all the phones at MAC layer level.  The phones are cascaded with the computers meaning that all the computers have to be seeing each other at MAC layer level.  That means that they all need to talk to the same DHCP server asking for IP addreses.  As result you cannot have two diffrent network segments....

This is a live environment with around 70 computers on one side and 50 in the other side and I cannot actually do to much testing and experimenting.  

That's why I think that an appropriate Group Policy setting for the Automatic Browser Configuration can do the job here.  I need an .ins script that automatically configure the browser to connect over the ISA server when in the office and straight when not.  
0
 
LVL 5

Expert Comment

by:allan_jardine
ID: 33426958
As an alternative you could try the suggestion in this article. http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/2003_Server/Q_21713341.html basically they are changing the default gateway for some of the workstations when they run their login script. No VLAN is necessary in this config.
0
 

Author Comment

by:MikeTa
ID: 33428983
This is OK and it is what I already said that tis is what I am doing: I have logon scripts containg the route add command on each domain and no default gateway with DHCP.  

My problem is that for ISA it is not enough: you need something to replace WPAD pointing Internet Explorer to the port 8080.  This should be automatically seted up so that when users are outside the internal network to be able to browse the internet.
0
 
LVL 33

Expert Comment

by:digitap
ID: 33490298
It sounds like you want something to run on the laptops to detect what network they are on.  If they detect they are on the company network, it enforces a proxy.  If on a foreign network, it allows IE to operate as normal.  I've not heard of that before...at least not automated.  Anything else could be solved with a script on the user's desktop that could disable the proxy settings in IE.

Another possibility is to have IE for company network use and Firefox for outside use.  IE configured with the proxy settings and Firefox configured as it normally is.
0
 

Accepted Solution

by:
MikeTa earned 0 total points
ID: 33500355
Here is where Microsoft describes it.  I didn't test it yet but I will.  I think this will do the job for me.  

http://technet.microsoft.com/en-us/library/dd361918.aspx 
0

Featured Post

Free eBook: Backup on AWS

Everything you need to know about backup and disaster recovery with AWS, for FREE!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A project that enables an administrator to perform actions within a user session context not just at the time of login but any time later on day(s) or week(s) later.
Here's a look at newsworthy articles and community happenings during the last month.
Shows how to create a shortcut to site-search Experts Exchange using Google in the Chrome browser. This eliminates the need to type out site:experts-exchange.com whenever you want to search the site. Launch the Search Engine Menu: In chrome, via you…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

729 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question