Re: Problems publishing on a perimeter
- From: "John Tolmachoff" <isalist@xxxxxxxxxxxx>
- To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
- Date: Fri, 17 May 2002 17:29:56 -0700
You're right. I was thinking of 3-homed.
John Tolmachoff
IT Manager, Network Engineer
RelianceSoft, Inc.
Fullerton, CA 92835
www.reliancesoft.com
-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
Sent: Wednesday, May 15, 2002 7:56 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: Problems publishing on a perimeter
http://www.ISAserver.org
You can't "publish" with protocol rules; you may be thinking of packet
filters for a third-leg DMZ.
Troy has drawn a back-back DMZ, in which publishing is the correct
method.
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/authors/harrison/
Read the books!
----- Original Message -----
From: John Tolmachoff <mailto:isalist@xxxxxxxxxxxx>
To: [ISAserver.org <mailto:isalist@xxxxxxxxxxxxx> Discussion List]
Sent: Wednesday, May 15, 2002 5:56 PM
Subject: [isalist] Re: Problems publishing on a perimeter
http://www.ISAserver.org
Also, unless I am wrong, you can not "publish" from the DMZ. You have to
create protocol rules.
John Tolmachoff
IT Manager, Network Engineer
RelianceSoft, Inc.
Fullerton, CA 92835
www.reliancesoft.com
-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
Sent: Wednesday, May 15, 2002 4:23 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: Problems publishing on a perimeter
http://www.ISAserver.org
You need to add the rest of your address space to ISA1 if you want it to
use them.
If you use web publishing, you only need one IP..
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/authors/harrison/
Read the books!
----- Original Message -----
From: Troy Jerkins <mailto:tjerkins@xxxxxxxxxx>
To: [ISAserver.org <mailto:isalist@xxxxxxxxxxxxx> Discussion List]
Sent: Wednesday, May 15, 2002 2:12 PM
Subject: [isalist] Problems publishing on a perimeter
http://www.ISAserver.org
I'm in desperate need of a solution to the following. The issue is that
I need to be able to publish multiple web servers on my DMZ.
Configuration: Back-to-back Perimeter
ISP<--Router<--ISA1<--DMZ<--ISA2<--LAN.
I have 6 public addresses for use from the ISP. I'll use 66.X.X.209 to
66.X.X.214 mask = 225.225.225.248
I have 2 addresses allocated. One on the back end of the router and one
on the external NIC of ISA1.
The DMZ is configured with private addresses.
I can publish 1 (one) web server on the DMZ and that's it. I can't seem
to publish or set up any filters to allow any other servers to be
published.
I've tried to assign more than one IP to the external NIC in ISA1, but
the Primary address always blocks access to anything I try to allow
through on the secondary address which I can see it in the logs.
Given my configuration, what would be the best way solve this situation.
Any help would be GREATLY appreciated. I've been fighting this for some
time now
-Troy
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
isalist@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
isalist@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
Other related posts:
