Re: Accessing the Internet from DMZ
- From: "Constantinos Bourliaskos" <kbourlia@xxxxxxxxx>
- To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
- Date: Fri, 10 Aug 2001 12:30:45 +0300
Hello Jim,
Im asking if you got the reply i send you yesterday. If you didnt, take
a look at the following scenario based on the answer you provided.
I im using the first 128 segment of a class C. That certain class is
public and its mine and suppose its the x.x.x.0 to 128. Im using x for
the first three numbers which the are the same so please dont be
annoyed. The router has the address x.x.x.2 with subnet mask
255.255.255.128 and ip broadcast address x.x.x.1. Take a look at what i
gave the following:
-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
Sent: Thursday, August 09, 2001 7:22 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: Accessing the Internet from DMZ
http://www.ISAserver.org
Check that your setup looks something like this:
Well, it looks like this
ISA external NIC
IP = <extIP> x.x.x.3
GW = <extGW> x.x.x.2 (the address at the interface of the router)
NM = <extMask> 255.255.255.128
ISA DMZ NIC
IP = <DMZ_IP> x.x.x.5
GW = <empty> ok
NM = <subnet of extGW> 255.255.255.128
DMZ Server
IP = <DMZ_srvr_IP> x.x.x.6
GW = <ISA_DMZ__NIC> x.x.x.5
NM = <ISA_DMZ_NM> 255.255.255.128
DMZ Server IE settings
No proxy (empty the settings) ok
ISA PF Here trying to implement the following packet filter i get the
following message here
IP protocol = TCP
Direction = outbound
Local port = All ports
Remote port = Fixed, 80
local computer = "these computers (on the perimeter network)" After it
tries to find the server in the DMZ (which happens due to NETBEUI that
is installed on that DMZ WIN2k Server (please dont scream!!!)) it tells
that it cant find the ip address allocated with that server.
Remote Computer = All
Jim Harrison
MCP(2K), A+, Network+, PCG
What's the catch here? The routing and remote access service in the
WIN2K server is down. I suppose this is ok because the routing is done
by the isa server services right? If there is further need for
subnetting that class C or should I subnet in fewer addresses than the
128 block range. From the LAT everything is OK. Full access to the
Internet, implemented icmp traffic OK and the isa server itself with a
the internal network address configured as proxy setting in IE has full
access to the internet. Are there any problems with Netbeui? I dont
think thats the problem. Should the routing in the 7200 Cisco router in
the OSPF routing include in the backbone area (0) the certain class C im
talking about? I dont think thats the issue also because Im having
access through there.
Thank you for your help Jim and Im sure you'll do the best to assist me.
Constantinos Bourliaskos
MCP (For the moment...)
----- Original Message -----
From: Constantinos <mailto:kbourlia@xxxxxxxxx> Bourliaskos
To: [ISAserver.org Discussion List] <mailto:isalist@xxxxxxxxxxxxx>
Sent: Thursday, August 09, 2001 08:01
Subject: [isalist] Accessing the Internet from DMZ
http://www.ISAserver.org
I have implemented the trihomed scenario and im having problem accessing
the internet from my DMZ. Routing and pakcket filtering are enabled. Im
suspecting that it has to do something with the network configuration of
the clients or with an another rule that i havent applied. In the
browser of a DMZ host what gateway should I enter. The address of the
DMZ network card, the address of the external network card of the ISA
server or the address of the router?. Should the routing and remote
access service in the WIN2k services be up or Isa does it by itself.
Please help me im new to the ISA stuff. (It is obvious, isn't it)
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
kbourlia@xxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
Other related posts:
