01-13-2012 06:02 AM
I manage a pre-existing/pre-configured infrastructure. It's a complete HP infrastrucutre. I have an MSM765zl sitting inside a 5406zl which uplinks to my core 8212zl. I have 2 VSC's configured on the controller. One is for LAN data and the other is for guest access. The guest VSC is NOT the default VSC, it was added. It is configured to Always tunnel traffic through the controller. The guest VLAN that was setup is connected to my DMZ for internet access. I have several webservers on my internal LAN that I would like to give access to the guest users. Is this possible? What can I do? I ideally only want my guest clients to access only those specific webservers and then of course, only the internet and not access any other internal resources.
It should also be said that these webservers do have public identities and are accessible externally. My guest VSC is configured on my DMZ, as stated before. Now my internal webservers are identified 2 different ways via DNS - by my local DNS server, obviously it points to the internal IP address of the server and then on the public DNS points to the public IP address. My controller is configured with the internal DNS servers on my LAN. So I assume that when my guest requests a webpage, my internal DNS server responds with the internal IP address of my webserver. Not sure if I can create a static DNS entry inside of my guest VSC configuration - I doubt it. But if that were able to be done, I could specify the public address, maybe, and not have to allow internal traffic?
Thanks for any assistance, it is appreciated.
01-28-2012 05:20 AM
I have exactly the same problem!
Under Public Access->Attributes, I've added this ACE:
but hosts on the guest VSC still aren't able to accees this host. The browser loads until it gets a timeout.
Does anyone have a solution to this?
02-02-2012 05:02 AM
Heard nothing yet on this. I have tried ticking off the box to allow wired clients to talk to wireless tunneled clients in the guest VSC config. I even turned off the firewall as a test - still am unable to get to internal hosts.