Re: Internet & DMZ access from internal LAN

  • From: "Jay" <jschwarzkopf@xxxxxxxxxx>
  • To: "[ Discussion List]" <isalist@xxxxxxxxxxxxx>
  • Date: Thu, 16 May 2002 10:47:53 -0400

Actually, Luigi, his setup is not the tri-homed DMZ scenario you are
referring to.  He's got a back-to-back implementation, and public addresses
are not required.

I would first make sure that the internal firewall's default gateway is
pointing to the external firewall's internal nic (
If you can get access to the DMZ servers, than the internal firewall's LAT
is probably okay.  If not, remove from it.

----- Original Message -----
From: "Luigi Grieco" <l.grieco@xxxxxxxxxxxxxx>
To: "[ Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Wednesday, May 15, 2002 3:07 PM
Subject: [isalist] Re: Internet & DMZ access from internal LAN

directly from

[...] "Trihomed DMZ Must Have Public IP Addresses

The fact that the DMZ segment on a Trihomed DMZ must have public
addresses can't be overstated. We see a lot of people who have
problems constructing their DMZ because they try to use private
addresses on the DMZ segment. All you accomplish by doing this is
to create two internal network interfaces or an external network
interface that cannot access internal or external resources.

The DMZ must be configured as an external network interface.
External resources are not trusted by the internal network. To
configure the DMZ segment as an external network resource, you
must NOT put IP addresses in the DMZ segment into the LAT. Only
the internal network IP addresses are contained in the LAT."

you can look in the "Learning zone", they are a lot of articles very
good! (thanks!!!!!)


-----Messaggio originale-----
Da: rufyo@xxxxxxxxx [mailto:rufyo@xxxxxxxxx]
Inviato: mercoledì 15 maggio 2002 19.51
A: [ Discussion List]
Oggetto: [isalist] Internet & DMZ access from internal LAN

Hi there,
i've some problems to configure my lan clients to access the internet
through the internal firewall. The scenario is described below:

i've configured a first Isa Server 2000 firewall with 3 nics, two
connected with two separate internal lans and one connected with DMZ
segment (with some servers) -->Internal NIC1
                  DMZ NIC -->Internal NIC2

on DMZ i've some servers configured with 192.168.10.x address family and
a second firewall configured with two NICs: --> DMZ NIC

xxx.yyy.zzz.kkk ---> Internet NIC

i've configured servers on DMZ to access the internet and published some
of them (WEB,MAIL etc.) and all works fine. But i can't get access the
internet from internal LANs. In which way i've to configure the internal
firewall to access both the internet and dmz servers? Help would be
appreciated. Thanks.

You are currently subscribed to this Discussion List as:
l.grieco@xxxxxxxxxxxxxx To unsubscribe send a blank email to

You are currently subscribed to this Discussion List as:
To unsubscribe send a blank email to $subst('Email.Unsub')

Other related posts: