RE: Setup of Tri-Homed DMZ

  • From: "Thomas W Shinder" <tshinder@xxxxxxxxxxxxxxxxxx>
  • To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
  • Date: Tue, 19 Aug 2003 19:58:20 -0500

Hi Andrey,
 
The trihomed DMZ is a directly connected segment that receives ROUTED
packets from the Internet. That means you need public addresses for that
segment. Its a poor setup from a security standpoint, but some people
are forced to put hosts on a public segment like this for technical or
psychological reasons.
 
HTH,
Tom
Thomas W Shinder 
www.isaserver.org/shinder 
ISA Server and Beyond: http://tinyurl.com/1jq1 
Configuring ISA Server: http://tinyurl.com/1llp 
        -----Original Message-----
        From: Andrey Silkin [mailto:silkin@xxxxxx] 
        Sent: Tuesday, August 19, 2003 5:55 AM
        To: [ISAserver.org Discussion List]
        Subject: [isalist] RE: Setup of Tri-Homed DMZ
        
        
        http://www.ISAserver.org
        
        
        Hi Pranesh ! You had wrote about configuration and installation
        a tri-homed DMZ. This title is very interesting to me , so can
        you send me a links or an articles about this ? I tried to make
        tri-homed DMZ but not successfully. (my servers in the DMZ don't
see ISA-Server ,for example ).
         
         
         
        Best Regards
        Andrey Silkin  
         
        -----Original Message-----
        From: Pranesh.K [mailto:cmspanu@xxxxxxxxx] 
        Sent: Tuesday, August 19, 2003 1:42 PM
        To: [ISAserver.org Discussion List]
        Subject: [isalist] Setup of Tri-Homed DMZ
         
        http://www.ISAserver.org
         
         
        1. We have configured a tri-homed ISA firewall as per the steps
given in
        the Microsoft help and documentation. But we are not succeeded
the same.
        ISA (std. edition)is installed on windows 2000 server with
latest service
        pack. Pls go through the following  and advice me the solution
for the
        same.
         
        &#61623; One network adapter connected to the corporate
network's internal
        clients.
        &#61623; The second network adapter connects to the corporate
network's
        servers, which are located in the perimeter network.
        &#61623; The third network adapter connects to the Internet. 
         
        &#61623; Configured the LAT to include all the addresses on the
corporate
        network. (internal: 192.168.1.1 and external address :
202.140.129.49)
        &#61623; Enabled packet filtering. 
        &#61623; Enabled IP routing. 
        &#61623; Created IP packet filters for the  mail servers in the
perimeter
        network. Each IP packet filter should have the following
parameters:
        &#61623; Filter type selected  -  custom (any Ip and both
direction)
        &#61623; Local computer  IP address of the perimeter network
server-
        202.140.129.210/29
        &#61623; Remote computer should be Any Computer (or a specific
computer,
        if access is limited to specific computers).

Other related posts:

  1. Home
  2. isalist
  3. Archive
  4. 08-2003