RE: DMZ with private IP adresses behind router
- From: "David Elmquist" <david@xxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Sun, 13 Jan 2002 17:49:48 +0100
Hi Stefaan,
I went ahead and configured the DMZ as I described.
The outside router is doing NAT, as you suspected, but I
Only need to provide at tunnel between the outside router
And one located on the DMZ - so there will be no NAT between
The 2 routers. Got standard packet filters for ICMP and telnet working
And will test ESP shortly.
Thanks for your input.
Regards,
David Elmuist
-----Original Message-----
From: Stefaan Pouseele [mailto:stefaan.pouseele@xxxxxxx]
Sent: 12. januar 2002 18:02
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: DMZ with private IP adresses behind router
Hi David,
it's correct that in realworld life situations the external and dmz
interfaces have usual public routable addresses. However nothing
prevents you to use private addresses for test purposes. You'll have
only to pay attention on the creating of the LAT.
However, I assume that the router is doing NAT. If you want to test
IPSEC/ESP from outside (through the router) this will not work due to
the IPSEC problems with NAT. So, you will be limited to test IPSEC/ESP
from the Router inside segment.
Hope this helps,
Stefaan
-----Original Message-----
From: David Elmquist [mailto:david@xxxxxxxxxx]
Sent: zaterdag 12 januari 2002 14:43
To: [ISAserver.org Discussion List]
Subject: [isalist] DMZ with private IP adresses behind router
http://www.ISAserver.org
Hello list
I would like to create a DMZ net on my ISA, which is behind a router.
The config would be something like this:
Router outside: xxx.xxx.xxx.xxx routable IP address
Router inside: 192.168.1.1/ 255.255.255.128
ISA external: 192.168.1.2 255.255.255.128
ISA DMZ: 192.168.1.129 255.255.255.128
ISA internal: 192.168.2.1 255.255.255.0
Would this be all right ? I realize, that in a standard setup, ISA would
Have to use routable addresses on both external and DMZ networks. But in
This setup, the DMZ addresses, would actually be routable to the gateway
on
192.168.6.1
I need this setup, to test routing ESP protocol 50 traffic between
outside
And DMZ. Any comments on that will be appreciated.
Regards,
David Elmquist
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
stefaan.pouseele@xxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
Other related posts:
