RE: DMZ with private IP adresses behind router
- From: "Stefaan Pouseele" <stefaan.pouseele@xxxxxxx>
- To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
- Date: Sat, 12 Jan 2002 18:01:54 +0100
Hi David,
it's correct that in realworld life situations the external and dmz
interfaces have usual public routable addresses. However nothing prevents
you to use private addresses for test purposes. You'll have only to pay
attention on the creating of the LAT.
However, I assume that the router is doing NAT. If you want to test
IPSEC/ESP from outside (through the router) this will not work due to the
IPSEC problems with NAT. So, you will be limited to test IPSEC/ESP from the
Router inside segment.
Hope this helps,
Stefaan
-----Original Message-----
From: David Elmquist [mailto:david@xxxxxxxxxx]
Sent: zaterdag 12 januari 2002 14:43
To: [ISAserver.org Discussion List]
Subject: [isalist] DMZ with private IP adresses behind router
http://www.ISAserver.org
Hello list
I would like to create a DMZ net on my ISA, which is behind a router.
The config would be something like this:
Router outside: xxx.xxx.xxx.xxx routable IP address
Router inside: 192.168.1.1/ 255.255.255.128
ISA external: 192.168.1.2 255.255.255.128
ISA DMZ: 192.168.1.129 255.255.255.128
ISA internal: 192.168.2.1 255.255.255.0
Would this be all right ? I realize, that in a standard setup, ISA would
Have to use routable addresses on both external and DMZ networks. But in
This setup, the DMZ addresses, would actually be routable to the gateway
on
192.168.6.1
I need this setup, to test routing ESP protocol 50 traffic between
outside
And DMZ. Any comments on that will be appreciated.
Regards,
David Elmquist
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
stefaan.pouseele@xxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
Other related posts:
