Re: DMZ ADRESSING
- From: "Jim Harrison" <jim@xxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Mon, 28 Jan 2002 08:57:27 -0800
There is a bug in the Packet Filtering service that causes an "all IP" filter
to fail for a DMZ. Create your packet filters individually for now.
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/authors/harrison/
Read the books!
----- Original Message -----
From: Мостовой Максим
To: [ISAserver.org Discussion List]
Sent: Monday, January 28, 2002 03:21
Subject: [isalist] Re: DMZ ADRESSING
http://www.ISAserver.org
Hello !
Im still have a problem in routing on ISA server
My DMZ NIC does not have gateway.
IP routing enabled.
in IP packet filters Allow rule Any protocol Both direction on DMZ subnet.
And i can ping only DMZ isa interface from DMZ computer =(((((((.
In logs of ISA I do not see any responses on PING to external computers.
If i stopped Microsoft Firewall in services - all works fine !
Hm its strange .
----- Original Message -----
From: Jim Harrison
To: [ISAserver.org Discussion List]
Sent: Friday, January 25, 2002 9:26 PM
Subject: [isalist] Re: DMZ ADRESSING
http://www.ISAserver.org
You should read up on IP subnetting
http://support.microsoft.com/support/kb/articles/Q164/0/15.asp.
Also take a look at Tom's article on DMZ
http://www.isaserver.org/shinder/tutorials/dmz_scenarios.htm
Your DMZ NIC should not have a default gateway.
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/authors/harrison/
Read the books!
----- Original Message -----
From: Мостовой Максим
To: [ISAserver.org Discussion List]
Sent: Friday, January 25, 2002 01:45
Subject: [isalist] DMZ ADRESSING
http://www.ISAserver.org
I make new configuration IP adressing (as wroute Jim Harrison) but DMZ
still not work.
WAN NIC A.B.C.7
MASK 255.255.255.224
GW A.B.C.1
DMZ NIC A.B.C.9
MASK 255.255.255.248
GW A.B.C.1
DMZ COMPUTER A.B.C.10
MASK 255.255.255.248
GW A.B.C.9
SCHEME
|CISCO ROUTER |
|
|
|
|ISA WAN NIC|
| ISA |
| COMPUTER |
| |
INT NIC DMZ NIC
| |
HUB HUB
| |
INTERNAL DMZ Zone
net
In cisco router iam added :
ip route A.B.C.8 255.255.255.248 A.B.C.7
(DMZ subnet throught WAN ISA NIC)
In ISA i added Packet filter ANY BOTH This computers on perimetr network
A.B.C.8 Mask 255.255.255.248
Packet filtering and routing enabling.
In route table in ISA i am added route -p add A.B.C.8 255.255.248 A.B.C.9
(for dmz subnet on this interface)
And i can ping only DMZ isa interface from DMZ computer =(((((((.
In isa logs i see (trying to ping ISA WAN interface from DMZ computer):
2002-01-25 09:36:05 195.34.45.10 195.34.45.7 ICMP 8 0 ALLOWED 195.34.45.9
2002-01-25 09:36:09 195.34.45.10 195.34.45.7 ICMP 8 0 ALLOWED 195.34.45.9
2002-01-25 09:36:14 195.34.45.10 195.34.45.7 ICMP 8 0 ALLOWED 195.34.45.9
2002-01-25 09:36:17 195.34.45.10 195.34.45.7 ICMP 8 0 ALLOWED 195.34.45.9
there is no response from WAN interface as you can see.
here normal ping log - from DMZ computer to DMZ interface of ISA
2002-01-25 09:35:57 195.34.45.10 195.34.45.9 ICMP 8 0 ALLOWED 195.34.45.9
2002-01-25 09:35:57 195.34.45.9 195.34.45.10 ICMP 0 0 ALLOWED 195.34.45.9
HAVE SOMEBODY IDEAS ? PLZ HELP !
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
maxim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
Other related posts:
