mcannet
asked on
HP 765zl MSM controller and guest VSC issue
Working with a preconfigured infrastructure. Have a HP 765zl controller in my 5406zl switch. A guest VSC was configured and set to tunnel all traffic through the controller. The controller's internet port is configured to my DMZ. Guest internet access works great. They cannot get back into my network - which is a good thing, obviously. My issue is that I have several web servers running on my internal network that I need my guest clients to be able to access. Can this be done? Looking through the gui on the MSM765zl I don't really see anywhere where I can maybe specify internal clients that the controller can pass traffic to.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Are the webservers in the same DMZ?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Guys thanks for the response. My Public SSID/VLAN is technically a different network, not a DMZ. Problem is is that the controller proxy's DNS for the Public clients to my internal DNS servers, so the public clients are trying to get back into the internal network. I have tried adding rules in the VSC and controller config to allow the traffic but am having no success. RKinsp - yes the guest VSC is configured to use GW of the controller.
What are you using as a DHCP for your guest vsc?
Hi mcannet,
The problem with HP MSM products is that once using access controll the traffic will either egress using the routing table (default and most likely internet port) or a VLAN (which is routed so no local break-out). This rule is applied for all traffic. Therefore if you want to access local resources it should be available from the network where the internet port resides and you DNS should resolve to the correct addresses.
Take a look at the guide: http://h20000.www2.hp.com/bizsupport/TechSupport/CoreRedirect.jsp?redirectReason=DocIndexPDF&prodSeriesId=3963981&targetPage=http%3A%2F%2Fbizsupport1.austin.hp.com%2Fbc%2Fdocs%2Fsupport%2FSupportManual%2Fc02704528%2Fc02704528.pdf
page 7-6 chapter Traffic flow for wireless users
I might clear things a bit.
Regards,
Steven
The problem with HP MSM products is that once using access controll the traffic will either egress using the routing table (default and most likely internet port) or a VLAN (which is routed so no local break-out). This rule is applied for all traffic. Therefore if you want to access local resources it should be available from the network where the internet port resides and you DNS should resolve to the correct addresses.
Take a look at the guide: http://h20000.www2.hp.com/bizsupport/TechSupport/CoreRedirect.jsp?redirectReason=DocIndexPDF&prodSeriesId=3963981&targetPage=http%3A%2F%2Fbizsupport1.austin.hp.com%2Fbc%2Fdocs%2Fsupport%2FSupportManual%2Fc02704528%2Fc02704528.pdf
page 7-6 chapter Traffic flow for wireless users
I might clear things a bit.
Regards,
Steven
ASKER
Sorry guys, not clearing things up for me. I guess basically... can I do this? Is it even possible to redirect traffic back inside the internal network?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Hi mcannet,
Awarding points is up to you. No one did provide a solution to your question, but then again there was no solution possible.
Greetz
Awarding points is up to you. No one did provide a solution to your question, but then again there was no solution possible.
Greetz
ASKER
Guys, I hope you are not offended by this, best way to divy up points.