DMZ ADRESSING

  • From: Мостовой Максим <maxim@xxxxxxxxxxxx>
  • To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
  • Date: Fri, 25 Jan 2002 12:45:07 +0300

I make new configuration IP adressing (as wroute Jim Harrison) but DMZ still 
not work.

WAN NIC A.B.C.7 
MASK   255.255.255.224
GW A.B.C.1

DMZ NIC A.B.C.9
MASK     255.255.255.248
GW  A.B.C.1

DMZ COMPUTER  A.B.C.10
MASK 255.255.255.248
GW A.B.C.9

    SCHEME
    |CISCO ROUTER |
            |
            |
            |
    |ISA WAN NIC|
     |    ISA           |
     | COMPUTER |
     |                    |
    INT NIC        DMZ NIC
     |                    |
    HUB            HUB
     |                    |
    INTERNAL     DMZ Zone
    net


 In cisco router iam added :
ip route A.B.C.8 255.255.255.248 A.B.C.7
(DMZ subnet throught WAN ISA NIC)
In ISA i added Packet filter ANY BOTH This computers on perimetr network 
A.B.C.8 Mask 255.255.255.248
Packet filtering and routing enabling.
In route table in ISA i am added route -p add A.B.C.8 255.255.248 A.B.C.9 
(for dmz subnet on this interface)

And i can ping only DMZ isa interface from DMZ computer =(((((((.
In isa logs i see (trying to ping ISA WAN interface from DMZ computer):
2002-01-25 09:36:05 195.34.45.10 195.34.45.7 ICMP 8 0 ALLOWED 195.34.45.9
2002-01-25 09:36:09 195.34.45.10 195.34.45.7 ICMP 8 0 ALLOWED 195.34.45.9
2002-01-25 09:36:14 195.34.45.10 195.34.45.7 ICMP 8 0 ALLOWED 195.34.45.9
2002-01-25 09:36:17 195.34.45.10 195.34.45.7 ICMP 8 0 ALLOWED 195.34.45.9
there is no response from WAN interface as you can see.

here normal ping log - from DMZ computer to DMZ interface of ISA
2002-01-25 09:35:57 195.34.45.10 195.34.45.9 ICMP 8 0 ALLOWED 195.34.45.9
2002-01-25 09:35:57 195.34.45.9 195.34.45.10 ICMP 0 0 ALLOWED 195.34.45.9

HAVE SOMEBODY IDEAS ? PLZ HELP !

Other related posts: