Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Split the internet access between the users of the same network segment

Posted on 2010-08-12
11
Medium Priority
?
391 Views
Last Modified: 2013-12-08
We have two companies on the same network segment due to an old IP phone system using MAC as identifier.  
There are two different Windows 2003 AD domains and two internet connections: one over a Juniper firewall and the other one over an ISA 2006 firewall.  
I need to route the users of each company over their own firewall when in the office and also to allow the notebook users to use the IE “automatically detect settings” option when on the road.  
I am loading the default gateway on the logon script instead of DHCP but I have problems loading the proxy for IE
I cannot use WPAD with DHCP because they are both using the same DHCP sever, neither I can use WPAD with DNS because one of the companies has a remote branch office (and that will push these users to go over the ISA Server in the Head office).
Is there a way using GP to have the users to connect to ISA on port 8080 when in the office and to “automatically detect settings” when on the road?
0
Comment
Question by:MikeTa
  • 5
  • 4
11 Comments
 
LVL 5

Expert Comment

by:allan_jardine
ID: 33421576
is it not possible to put your servers on different vlans on your switch and allow access them from only the correct machines - that way you should be able to run seperate DHCP services for each company
0
 

Author Comment

by:MikeTa
ID: 33421660
I considered this but the guys that are taking care of the phones told me that by doing this some of the phones will not be able to talk to the phones mangement server.  As I sain it identifies the phones by their MAC address....
0
 
LVL 5

Expert Comment

by:allan_jardine
ID: 33421687
Is the phone management server one of your DHCP servers?
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 

Author Comment

by:MikeTa
ID: 33421761
no the DHCP is on one of the Windows DC.  This is a 3COM server.  I don't even know if it is on Windows on on some Linux version.  The phones and the computers on each desk share the same ethernet cable.  It is cascaded from the computer over the phone.  Once connected, the phone server sees it and you can assign an extension to it.  There is no IP involved.  The phone server uses the MAC address as identifier. A VLAN setup will block the MAC propagation...
0
 
LVL 5

Expert Comment

by:allan_jardine
ID: 33422350
In that case you should be able to allow your computers to see each other,  the 3COM server and the appropriate Windows DC for their domain/DHCP settings using a port based VLAN. if your switch can be configured like this then you should be OK since all we are doing is preventing some phones and computers seeing a Windows DC
0
 

Author Comment

by:MikeTa
ID: 33423138
The 3COM server must see and be seen by all the phones at MAC layer level.  The phones are cascaded with the computers meaning that all the computers have to be seeing each other at MAC layer level.  That means that they all need to talk to the same DHCP server asking for IP addreses.  As result you cannot have two diffrent network segments....

This is a live environment with around 70 computers on one side and 50 in the other side and I cannot actually do to much testing and experimenting.  

That's why I think that an appropriate Group Policy setting for the Automatic Browser Configuration can do the job here.  I need an .ins script that automatically configure the browser to connect over the ISA server when in the office and straight when not.  
0
 
LVL 5

Expert Comment

by:allan_jardine
ID: 33426958
As an alternative you could try the suggestion in this article. http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/2003_Server/Q_21713341.html basically they are changing the default gateway for some of the workstations when they run their login script. No VLAN is necessary in this config.
0
 

Author Comment

by:MikeTa
ID: 33428983
This is OK and it is what I already said that tis is what I am doing: I have logon scripts containg the route add command on each domain and no default gateway with DHCP.  

My problem is that for ISA it is not enough: you need something to replace WPAD pointing Internet Explorer to the port 8080.  This should be automatically seted up so that when users are outside the internal network to be able to browse the internet.
0
 
LVL 33

Expert Comment

by:digitap
ID: 33490298
It sounds like you want something to run on the laptops to detect what network they are on.  If they detect they are on the company network, it enforces a proxy.  If on a foreign network, it allows IE to operate as normal.  I've not heard of that before...at least not automated.  Anything else could be solved with a script on the user's desktop that could disable the proxy settings in IE.

Another possibility is to have IE for company network use and Firefox for outside use.  IE configured with the proxy settings and Firefox configured as it normally is.
0
 

Accepted Solution

by:
MikeTa earned 0 total points
ID: 33500355
Here is where Microsoft describes it.  I didn't test it yet but I will.  I think this will do the job for me.  

http://technet.microsoft.com/en-us/library/dd361918.aspx 
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Ever visit a website where you spotted a really cool looking Font, yet couldn't figure out which font family it belonged to, or how to get a copy of it for your own use? This article explains the process of doing exactly that, as well as showing how…
Microsoft Office 365 is a subscriptions based service which includes services like Exchange Online and Skype for business Online. These services integrate with Microsoft's online version of Active Directory called Azure Active Directory.
How to create a custom search shortcut to site-search Experts Exchange using Google in the Firefox browser. This eliminates the need to type out site:experts-exchange.com whenever you want to search the site. Launch your Bookmark Menu: Press 'Ctrl +…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

916 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question