RE: DMZ Subnet
- From: "John Tolmachoff \(Lists\)" <johnlist@xxxxxxxxxxxxxxxxxxx>
- To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
- Date: Mon, 8 Sep 2003 12:53:39 -0700
For Public IP in the DMZ to work, you have to subnet the IPs coming into the
ISP router.
You need at least 4 available IPs to do this after subnetting.
You can not subnet a /252, which is what he has if he has been given 2
usable public IP. (Block of 5, first not usable, second used by router, 3rd
and 4th usable, 5th not usable.)
John Tolmachoff MCSE CSSA
Engineer/Consultant
eServices For You
www.eservicesforyou.com
-----Original Message-----
From: Glenn Maks [mailto:gmaks@xxxxxxxxx]
Sent: Monday, September 08, 2003 8:41 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: DMZ Subnet
http://www.ISAserver.org
It seems to me that it will, I might be joining this thread a little late
but, if your ISP only gave you a node network, then assign one to your
Router, the other one will be assigned to your public interface on your ISA
server and any other NIC you install on your ISA just use one of the
reserved ranges.
-----Original Message-----
From: John Tolmachoff (Lists) [mailto:johnlist@xxxxxxxxxxxxxxxxxxx]
Sent: Friday, September 05, 2003 2:56 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: DMZ Subnet
http://www.ISAserver.org
It will not work.
You have to properly subnet your assigned block to have public IP in DMZ.
At a minimum, you would need a 240 block, with 16 IP assigned as follows:
.0 240 not usable
.1 240 ISP router
.2 248 ISP router internal
.3 248 External of ISA
.4 248 available
.5 248 available
.6 248 available
.7 248 not usable
.8 248 not usable
.9 248 ISA DMZ
.10-.15 248 available for DMZ
.16 248 not usable
John Tolmachoff MCSE CSSA
Engineer/Consultant
eServices For You
www.eservicesforyou.com
> -----Original Message-----
> From: Tom Mendelboim [mailto:tomerm1@xxxxxxx]
> Sent: Friday, September 05, 2003 9:57 AM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] DMZ Subnet
>
> http://www.ISAserver.org
>
>
> Hi everyone,
>
> I would like to know if what I want to do will work...
>
> I have ISA with 3 interfaces. Inside, outside and one of them is a DMZ. I
have
> received 2 IP addresses from my provider. I would like to use one IP on
the outside
> interface and one IP on the DMZ with a subnet mask of 255.255.255.255.
>
> Will that work in a sense that any packets not beloging to the DMZ will be
routed
> correctly? I have to do something like that since the ISP gives me only 2
IP
> addresses...
>
> Thank you all,
>
> Tom
>
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> Leading Network Software Directory: http://www.serverfiles.com
> No.1 Exchange Server Resource Site: http://www.msexchange.org
> Windows Security Resource Site: http://www.windowsecurity.com/
> Network Security Library: http://www.secinf.net/
> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> johnlist@xxxxxxxxxxxxxxxxxxx
> To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
gmaks@xxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
johnlist@xxxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
Other related posts:
