Re: Internet & DMZ access from internal LAN

• From: "Luigi Grieco" <l.grieco@xxxxxxxxxxxxxx>
• To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
• Date: Wed, 15 May 2002 21:07:37 +0200

hi,
directly from www.isasever.org:

        [...] "Trihomed DMZ Must Have Public IP Addresses
        
        The fact that the DMZ segment on a Trihomed DMZ must have public
addresses       can?t be overstated. We see a lot of people who have
problems constructing   their DMZ because they try to use private
addresses on the DMZ segment. All       you accomplish by doing this is
to create two internal network interfaces or    an external network
interface that cannot access internal or external       resources.

        The DMZ must be configured as an external network interface.
External        resources are not trusted by the internal network. To
configure the DMZ       segment as an external network resource, you
must NOT put IP addresses in the        DMZ segment into the LAT. Only
the internal network IP addresses are contained         in the LAT."
[...]

you can look in the "Learning zone", they are a lot of articles very
good! (thanks www.isaserver.org!!!!!)

bye,
gg



-----Messaggio originale-----
Da: rufyo@xxxxxxxxx [mailto:rufyo@xxxxxxxxx] 
Inviato: mercoledì 15 maggio 2002 19.51
A: [ISAserver.org Discussion List]
Oggetto: [isalist] Internet & DMZ access from internal LAN


http://www.ISAserver.org


Hi there,
i've some problems to configure my lan clients to access the internet
through the internal firewall. The scenario is described below:

i've configured a first Isa Server 2000 firewall with 3 nics, two
connected with two separate internal lans and one connected with DMZ
segment (with some servers)

10.16.2.1 -->Internal NIC1 
                           192.168.10.1 DMZ NIC                    
10.16.3.1 -->Internal NIC2

on DMZ i've some servers configured with 192.168.10.x address family and
a second firewall configured with two NICs:

192.168.10.9 --> DMZ NIC   

xxx.yyy.zzz.kkk ---> Internet NIC

i've configured servers on DMZ to access the internet and published some
of them (WEB,MAIL etc.) and all works fine. But i can't get access the
internet from internal LANs. In which way i've to configure the internal
firewall to access both the internet and dmz servers? Help would be
appreciated. Thanks.



------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
l.grieco@xxxxxxxxxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')

Other related posts:

• » Internet & DMZ access from internal LAN
• » Re: Internet & DMZ access from internal LAN
• » Re: Internet & DMZ access from internal LAN

1. Home
2. isalist
3. Archive
4. 05-2002

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---