RE: Publishing SMTP Mail Server in ISA Backend DMZ to ADSL Router
- From: "Surago Jones" <surago@xxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Wed, 12 May 2004 03:21:30 +1200
Hi John,
Firstly, Thanks for the input. :)
Secondly, just to confirm something, if i configure the router to full bridge
mode, will this basically make it act as a dumb/transparent network device that
wouldn't have an IP as such, and allow the static external IP to be passed to
the ISA Server's external interface.
If this is the case, i take it that i would be unable to have any other
machines connected to the router (It has an inbuilt 4 port hub.) as we only
have 1 static IP address.
At this stage, this may not be a problem, but in the future i guess a private
ip dmz setup would be beneficial, in which case i guess i would have to
configure NAT/NAPT differently.
Cheers
Surago Jones
-----Original Message-----
From: John Tolmachoff (Lists) [mailto:johnlist@xxxxxxxxxxxxxxxxxxx]
Sent: Wednesday, 12 May 2004 03:15
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Publishing SMTP Mail Server in ISA Backend DMZ to
ADSL Router
http://www.ISAserver.org
You are doing double NAT and the ADSL router is not configured to pass
inbound traffic.
1. Have the ISP change mode of the router to full bridge mode assigning a
static IP to the external NIC of ISA.
2. Have the ISP configure the router for one to one NAT and allow to pass
all traffic.
3. Take control of the router and reconfigure for one to one NAT and allow
all traffic to pass.
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
> -----Original Message-----
> From: Surago Jones [mailto:surago@xxxxxxxxxxxx]
> Sent: Tuesday, May 11, 2004 7:55 AM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] Publishing SMTP Mail Server in ISA Backend DMZ to ADSL
Router
>
> http://www.ISAserver.org
>
> Hi All,
>
> I have a client with that wants to implement an ISA firewall to protect
> their network. Currently they are using an ADSL Router (Nokia M1122),
which
> includes a hub to allow workstations to connect directly to the ADSL
Router.
> The ISP provides a static IP which is assigned to the external interface
of
> the ADSL router.
>
> We would like to continue to use the ADSL router, and configure an ISA
> Server (With 2 nics) between the internal network and the ADSL router, and
> also publish a Mail (SMTP) server (Sendmail/Redhat 8) that would be on the
> internal network.
>
> Configuration is as follows..
>
> ADSL Router External IP: xxx.xxx.xxx.xxx (Statically assigned ISP)
> ADSL Router Internal IP: 192.168.10.1 (Static)
>
> ISA External IP: 192.168.10.2 (Static)
> ISA Internal IP: 192.168.1.2 (Static)
>
> Mail Server IP: 192.168.1.254 (Static)
>
> Internal Clients: 192.168.1.0/24
>
> With this configuration I am able to browse the web, and connect to
external
> (ISP) email servers from internal clients, however our Mail server does
not
> receive email from the outside world.
>
> I used the Secure Mail Server wizard to create server a publishing rule to
> publish the mail servers ip 192.168.1.254, to the ISA servers external ip
> 192.168.10.2.
>
> Checking the Packet Filter logs I notice that all attempts to connect to
> 192.168.1.254 on port 25 are blocked.
>
> I have made sure that the LAT only contains 192.168.1.0.
>
> However I am at a loss as to why the mail isn't getting thru, as the
> publishing rule exists.
>
> Any advice or suggestions would be much appreciated. Granted an ADSL
Dialup
> Modem in the ISA Machine itself is easy enough to setup, however I would
> like if possible to use the ADSL Router, as that way, we can put (If need
> be) servers outside the ISA Firewall.
>
> Cheers
>
> Surago Jones
>
>
>
>
>
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> Leading Network Software Directory: http://www.serverfiles.com
> No.1 Exchange Server Resource Site: http://www.msexchange.org
> Windows Security Resource Site: http://www.windowsecurity.com/
> Network Security Library: http://www.secinf.net/
> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> johnlist@xxxxxxxxxxxxxxxxxxx
> To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
surago@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
Other related posts:
