Procurve 2824, Vlans & Proxy Servers

[Camster187]

We've been testing vlans and have managed to get them working, however we use a proxy server and have the issue of default gateways been given out to machines for them to communicate across the vlans.

In the old setup default gateways were not given out from the DHCP server and the proxy was simply used to authenticate against AD. Now that the default gateway is given out users will be able to bring clients from home and simply bypass the proxy.

Is there a way of not giving out a default gateway and still been able to talk between vlans, or some way we can make all machines have to authenticate agaisnt the proxy server? I've added a diagram to give an example of our test network.

 

[cajuntank]

Since you are using a ISA as your proxy, my first thought would be add another NIC to the ISA and point your users to it as the gateway. The current NIC in the ISA would then be on the Internet side and you would create firewall rules to allow or disallow traffic to and from the Internet. So now the ISA box is doing both authentication and firewall.

There are some variables you don't go into like what device is your layer 3 devide routing your vlans? Is there an existing firewall appliance not mentioned? These things might paint a little clearer picture on your options as some appliances can have a proxy server specified so messing with the ISA wouldn't be involved.

 

[Camster187]

We managed to figure out a way to deal with this, simply by only allowing NAT from the server address. We do have a new problem however , we use Ghost 7.5 and are struggling with getting IGMP to work on the switch.