RES: Re: RES: Re: RES: Re: LAN accessing DMZ

  • From: "Alex Decarli" <decarli@xxxxxxxxxxxxx>
  • To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
  • Date: Wed, 14 Aug 2002 10:44:53 -0300

the "0"is only to indentificate the subnet.
DHCP Server isn't installed on ISA Computer.
But, I've VPN support enabled in ISA. I think the RRAS provide DHCP 
Funcionatily.
 
Also, OWA with SSL.(could it be the problem ?). 
 
My external ip address is 200.206.32.10 , mask 255.255.255.192 (only web card 
in ISA).
In my DNS Server , I've a "A" record that appoint to isa Server, like 
www.mysite.com 
 
Isa server has a DMZ card, 192.168.0.1 , mask 255.255.255.0.
 
Web Server has 192.168.0.10 , mask 255.255.255.0. ISA ping the web Server.
 
 
 
Alex Decarli

 

-----Mensagem original-----
De: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
Enviada em: quarta-feira, 14 de agosto de 2002 10:34
Para: [ISAserver.org Discussion List]
Assunto: [isalist] Re: RES: Re: RES: Re: LAN accessing DMZ


http://www.ISAserver.org


No, I said "DHCP Server", not DHCP filter.  You have the DHCP server service 
running on the ISA.
Unless ISA is providing DHCP services to the internal network, remove it.
No address ending in "0" is a valid host IP, but since you didn't provide your 
external IP and Netmask, I can't tell if 192.168.0.x is a subnet of your 
external network.
 
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/authors/harrison
http://jalojash.org/isatools
Read the books!


----- Original Message ----- 
From: Alex  <mailto:decarli@xxxxxxxxxxxxx> Decarli 
To: [ISAserver.org Discussion List] <mailto:isalist@xxxxxxxxxxxxx>  
Sent: Wednesday, August 14, 2002 4:15 AM
Subject: [isalist] RES: Re: RES: Re: LAN accessing DMZ

http://www.ISAserver.org


no, only LAT nic (10.1.1.0) reference is in LAT.
DHCP filter has deleted.
 
192.168.0.0 isn't a valid external address. maybe is it ?

-----Mensagem original-----
De: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
Enviada em: terça-feira, 13 de agosto de 2002 18:51
Para: [ISAserver.org Discussion List]
Assunto: [isalist] Re: RES: Re: LAN accessing DMZ


http://www.ISAserver.org


That entry has nothng to do with the error you're seeing; it's the DHCP server 
service on the ISA trying to detect "rogue" DHCP servers.
Is the DMZ range in the LAT?
Third-leg DMZ must be a subnet of the ISA external IP.  It doesn't look as if 
that's the case.
 
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/authors/harrison
http://jalojash.org/isatools
Read the books!


----- Original Message ----- 
From: Alex  <mailto:decarli@xxxxxxxxxxxxx> Decarli 
To: [ISAserver.org Discussion List] <mailto:isalist@xxxxxxxxxxxxx>  
Sent: Tuesday, August 13, 2002 2:31 PM
Subject: [isalist] RES: Re: LAN accessing DMZ

http://www.ISAserver.org


ISA std, sp1 , 3 nics, 
 
DMZ nic: 192.168.0.1
WEB nic: xxx.xxx.xxx
LAT nic: 10.1.1.4
 
Web server that wil be published is 192.168.0.10 (isa ping ok), defaut gateway 
of Web server is 192.168.0.1 (ISA DMZ nic)
 
 

After to do the steps in Q313562 article (How to: Publish a Web Server on a 
Perimeter Network) and I can't to access my Web Server from Internet.
The Web Browser shows "403 - Forbidden. Isa server denies ... "
 
I opened IPxxxlog.txt and saw the following events:
 
 
Time     IP Source   Mask                   Protocol Source Port  target Port 
Action 
 
(time)    127.0.0.1   255.255.255.255      Udp        68                  67    
    BLOCKED
 
 
all steps in article is ok. 
 
 
Thank you JIM (again) 
 
Alex Decarli
 
 

-----Mensagem original-----
De: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
Enviada em: terça-feira, 13 de agosto de 2002 17:47
Para: [ISAserver.org Discussion List]
Assunto: [isalist] Re: LAN accessing DMZ


http://www.ISAserver.org


ISA rules should apply to DMZ requests as well.
What is your configuration?
 
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/authors/harrison
http://jalojash.org/isatools
Read the books!


----- Original Message ----- 
From: Alex Decarli <mailto:decarli@xxxxxxxxxxxxx>  
To: [ISAserver.org Discussion  <mailto:isalist@xxxxxxxxxxxxx> List] 
Sent: Tuesday, August 13, 2002 6:57 AM
Subject: [isalist] LAN accessing DMZ

http://www.ISAserver.org


How can I to allow machines in LAT to access DMZ environment ?
ISA Server's denied my requisitions.
 
Thanks

Alex Decarli

 
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as: 
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub') 
<mailto:$subst('Email.Unsub')>  

------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as: 
decarli@xxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub') 

------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as: 
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub') 

------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as: 
decarli@xxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub') 

------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as: 
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub') 

------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as: 
decarli@xxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

Other related posts:

  1. Home
  2. isalist
  3. Archive
  4. 08-2002