Heh-- I think we both asked the same question... There actually wouldn't be
an "Internet" in this scenario. Just an Internal Network and a Perimeter
Network in a route config.
t
----- Original Message -----
From: "Amy Babinchak" <amy@xxxxxxxxxxxxxxxxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Wednesday, December 07, 2005 3:26 PM
Subject: [isalist] RE: External Network Logic
http://www.ISAserver.org
Pretty twisted if you ask me. What's Nat-ing to the Internet? Pc's behind the BE ISA or the stuff in the middle of the two ISA's.
Amy
Harbor Computer Services Small Business Computer Specialists
Client Blog: http://smalltechnotes.blogspot.com/ Tech Blog: http://isainsbs.blogspot.com/ Website: http://www.harborcomputerservices.net/
-----Original Message----- From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] Sent: Wednesday, December 07, 2005 6:02 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: External Network Logic
http://www.ISAserver.org
The default External Network is defined as all addresses that defined by any other ISA firewall Network. So, there is still an external network, you just don't have any access to it, since you've created ISA firewall Networks for both the NIC (one for the default Internal Network and one for the ISA firewall Network representing the perimeter network NIC).
You can use this in a number of scenarios, like turning the DMZ between the BE and FE ISA firewall into an ISA firewall Network and creating a route Network Rule between that and the default Internal Network, but still NAT'ing to the Internet. Pretty slick, eh?
Thomas W Shinder, M.D. Site: www.isaserver.org Blog: http://spaces.msn.com/members/drisa/ Book: http://tinyurl.com/3xqb7 MVP -- ISA Firewalls **Who is John Galt?**
-----Original Message----- From: Thor (Hammer of God) [mailto:thor@xxxxxxxxxxxxxxx] Sent: Wednesday, December 07, 2005 4:57 PM To: [ISAserver.org Discussion List] Subject: [isalist] External Network Logic
http://www.ISAserver.org
So, you've got ISA with 2 NIC's. You define the Internal range on one NIC, leaving the other NIC as "External." You then add a perimeter network, and give it the IP range of what used to be the "External" NIC. What happens to the concept of the External network since you now have a trusted Internal network and a less trusted "Perimeter" network, but no real "External" network anymore. Will it just be an "empty" network set sitting there all alone in the cold, cold ground?
t
------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: amy@xxxxxxxxxxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx