RE: Upstream router and DMZ configuration...confused~~!!

  • From: "Jim Harrison" <Jim@xxxxxxxxxxxx>
  • To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
  • Date: Fri, 24 Jun 2005 06:54:18 -0700

That's because those were written by the Exch folks.
We work as closely as possible with them, but the fact is, most Exch
admins are not the ISA admins in Enterprise environments.

-----Original Message-----
From: MarvinC [mailto:marvinc@xxxxxxxxx] 
Sent: Friday, June 24, 2005 6:48 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Upstream router and DMZ
configuration...confused~~!!

http://www.ISAserver.org

I've yet to come across anything written that covers having a
front-end back-end exchange solution using ISA2K4 without the
front-end being on a seperate DMZ. The other reason for the DMZ is to
publish other servers to include DNS, web, FTP, and maybe even an
Apache web server, if possible.
Most of the articles I've read on DMZ configuration with ISA2K4 leaves
out configuring the DMZ interface and/or using a private IP. I'm a
true novice to DMZ configurations and when you throw in stumbling to
learn learning ISA2K4 you have one often confused person.


On 6/24/05, Jim Harrison <Jim@xxxxxxxxxxxx> wrote:
> http://www.ISAserver.org
> 
> 
> The other question is "why do you feel the need to place that in a
DMZ?"
> ISA can protect it on the internal net without all that noise...
> 
> -----Original Message-----
> From: MarvinC [mailto:marvinc@xxxxxxxxx]
> Sent: Thursday, June 23, 2005 6:20 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: Upstream router and DMZ
> configuration...confused~~!!
> 
> http://www.ISAserver.org
> 
> One W2K3 server that I plan to install Exchange 2003 on and use as an
> OWA front-end server. I may opt to add my web server later on.
> 
> On 6/23/05, Thomas W Shinder <tshinder@xxxxxxxxxxx> wrote:
> > http://www.ISAserver.org
> >
> > Hi Marvin,
> > What resources do you have in the DMZ?
> > Thanks!
> >
> > Tom
> > www.isaserver.org/shinder
> > Tom and Deb Shinder's Configuring ISA Server 2004
> > http://tinyurl.com/3xqb7
> > MVP -- ISA Firewalls
> >
> >
> >
> > > -----Original Message-----
> > > From: MarvinC [mailto:marvinc@xxxxxxxxx]
> > > Sent: Thursday, June 23, 2005 1:13 AM
> > > To: [ISAserver.org Discussion List]
> > > Subject: [isalist] RE: Upstream router and DMZ
> > > configuration...confused~~!!
> > >
> > > http://www.ISAserver.org
> > >
> > > Ok so this leaves me with the following:
> > >
> > > Internal:
> > > IP: 10.0.0.x
> > > Subnet: 255.0.0.x
> > > GW:
> > > DNS: IP of internal DNS server.
> > >
> > > DMZ:
> > > IP: 172.16.0.x
> > > Subnet: 255.0.0.x
> > > GW:
> > >
> > > External: ISP Static IP
> > > IP: 70.148.240.122
> > > Subnet: 255.255.255.248
> > > GW: 70.148.240.121
> > >
> > > Dial Up: BellSouth Connection
> > >
> > > Now comes the newbie questions:
> > >
> > > 1. Do I need to create any records or zones for the DMZ on the
> > > internal DNS server?
> > >
> > >
> > > On 6/23/05, Jim Harrison <Jim@xxxxxxxxxxxx> wrote:
> > > > http://www.ISAserver.org
> > > >
> > > > Hi Marvin,
> > > >
> > > > You dun a bad ting.
> > > > 1. Ditch the GW on the DMZ interface - it's non-functional.
> > > > 2. Unless you plan to lose lots of hair, you've failed to meet
the
> > > > "public address" part of the DMZ network
> > > > 3. The static route Tom refers to is at the router, not the
> > > ISA.  ISA in
> > > > effect becomes "another hop in the chain" between the ISP router
> and
> > > > your DMZ.
> > > > 4. Based on your IP setting, you don't have enough IPs to create
a
> > > > public DMZ.  Your /29 address space only provides 6 usable
> > > addresses;
> > > > not enough to subnet off for a DMZ.
> > > >
> > > > -----Original Message-----
> > > > From: MarvinC [mailto:marvinc@xxxxxxxxx]
> > > > Sent: Wednesday, June 22, 2005 9:51 PM
> > > > To: [ISAserver.org Discussion List]
> > > > Subject: [isalist] Upstream router and DMZ
> > > configuration...confused~~!!
> > > >
> > > > http://www.ISAserver.org
> > > >
> > > > I've asked this question before but it was under different
> > > > circumstances so I need to try again for further clarification.
> > > > This may seem like a "dumb question" but it's one I have to ask
so
> > > > please accept my apologizes in advance if anyone's bothered by
it.
> > > > I have the Configuring ISA 2004 book and I'm reading an article
in
> > > > Chapter 7 entitled "Creating and configuring a public address
> > > > tri-homed DMZ Network". I have on my ISA2K box three (3) network
> > > > adapters with the following settings in the following order:
> > > >
> > > > Internal:
> > > > IP: 10.0.0.x
> > > > Subnet: 255.0.0.x
> > > > GW:
> > > > DNS: IP of internal DNS server.
> > > >
> > > > DMZ:
> > > > IP: 172.16.0.x
> > > > Subnet: 255.0.0.x
> > > > GW: 172.16.0.1
> > > > DNS: 172.16.0.1
> > > >
> > > > External: ISP Static IP
> > > > IP: 70.148.240.122
> > > > Subnet: 255.255.255.248
> > > > GW: 70.148.122.121
> > > >
> > > > There is mention in the book on creating static routes to
> > > the upstream
> > > > router to ensure communication between the networks. I'm
> > > not sure what
> > > > the upstream router is and need clarification. Is this a
> > > seperate unit
> > > > functioning as a router or is this the ISA server? Where do I
> enter
> > > > this command and is this the correct syntax for the command:
> > > >
> > > > router add 172.16.0.0 add 172.16.0.0 0 mask 255.255.0.0
> 192.168.1.20
> > > >
> > > > Would anyone have any links or articles that cover static routes
> as
> > > > they relate to ISA2K4? I'm also trying to determine if the
> external
> > > > interface consititutes as a public address?
> > > > ANY responses are greatly appreciated. ANY!!!
> > > >
> > > > ------------------------------------------------------
> > > > List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > ISA Server Newsletter:
> http://www.isaserver.org/pages/newsletter.asp
> > > > ISA Server FAQ:
> http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > > ------------------------------------------------------
> > > > Other Internet Software Marketing Sites:
> > > > World of Windows Networking: http://www.windowsnetworking.com
> > > > Leading Network Software Directory: http://www.serverfiles.com
> > > > No.1 Exchange Server Resource Site: http://www.msexchange.org
> > > > Windows Security Resource Site: http://www.windowsecurity.com/
> > > > Network Security Library: http://www.secinf.net/
> > > > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> > > > ------------------------------------------------------
> > > > You are currently subscribed to this ISAserver.org
> > > Discussion List as:
> > > > jim@xxxxxxxxxxxx
> > > > To unsubscribe visit
> > > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > Report abuse to listadmin@xxxxxxxxxxxxx
> > > >
> > > > All mail to and from this domain is GFI-scanned.
> > > >
> > > >
> > > > ------------------------------------------------------
> > > > List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > ISA Server Newsletter:
> http://www.isaserver.org/pages/newsletter.asp
> > > > ISA Server FAQ:
> http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > > ------------------------------------------------------
> > > > Other Internet Software Marketing Sites:
> > > > World of Windows Networking: http://www.windowsnetworking.com
> > > > Leading Network Software Directory: http://www.serverfiles.com
> > > > No.1 Exchange Server Resource Site: http://www.msexchange.org
> > > > Windows Security Resource Site: http://www.windowsecurity.com/
> > > > Network Security Library: http://www.secinf.net/
> > > > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> > > > ------------------------------------------------------
> > > > You are currently subscribed to this ISAserver.org
> > > Discussion List as: marvinc@xxxxxxxxx
> > > > To unsubscribe visit
> > > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > Report abuse to listadmin@xxxxxxxxxxxxx
> > > >
> > >
> > > ------------------------------------------------------
> > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
> > > ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > ------------------------------------------------------
> > > Other Internet Software Marketing Sites:
> > > World of Windows Networking: http://www.windowsnetworking.com
> > > Leading Network Software Directory: http://www.serverfiles.com
> > > No.1 Exchange Server Resource Site: http://www.msexchange.org
> > > Windows Security Resource Site: http://www.windowsecurity.com/
> > > Network Security Library: http://www.secinf.net/
> > > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> > > ------------------------------------------------------
> > > You are currently subscribed to this ISAserver.org Discussion
> > > List as: tshinder@xxxxxxxxxxxxxxxxxx
> > > To unsubscribe visit
> > > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > Report abuse to listadmin@xxxxxxxxxxxxx
> > >
> > >
> >
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Other Internet Software Marketing Sites:
> > World of Windows Networking: http://www.windowsnetworking.com
> > Leading Network Software Directory: http://www.serverfiles.com
> > No.1 Exchange Server Resource Site: http://www.msexchange.org
> > Windows Security Resource Site: http://www.windowsecurity.com/
> > Network Security Library: http://www.secinf.net/
> > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org Discussion List
as:
> marvinc@xxxxxxxxx
> > To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > Report abuse to listadmin@xxxxxxxxxxxxx
> >
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> World of Windows Networking: http://www.windowsnetworking.com
> Leading Network Software Directory: http://www.serverfiles.com
> No.1 Exchange Server Resource Site: http://www.msexchange.org
> Windows Security Resource Site: http://www.windowsecurity.com/
> Network Security Library: http://www.secinf.net/
> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> jim@xxxxxxxxxxxx
> To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
> 
> All mail to and from this domain is GFI-scanned.
> 
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> World of Windows Networking: http://www.windowsnetworking.com
> Leading Network Software Directory: http://www.serverfiles.com
> No.1 Exchange Server Resource Site: http://www.msexchange.org
> Windows Security Resource Site: http://www.windowsecurity.com/
> Network Security Library: http://www.secinf.net/
> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
marvinc@xxxxxxxxx
> To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
>

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

All mail to and from this domain is GFI-scanned.

Other related posts:

  1. Home
  2. isalist
  3. Archive
  4. 06-2005