RE: Exchange DMZ IP mayhem.
- From: Glenn Maks <gmaks@xxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Fri, 23 Aug 2002 12:52:47 -0400
What you could use is a router that sits on the same IP segment that your
ISA's external NIC is plugged into, use the router to do IP redirects for
any published services
you offer to the Internet, have your router redirect these services,
including SMTP to your ISA's External NIC, then setup a service redirect on
your ISA to forward the
request to your internal server that serves up what ever service you offer,
including SMTP. The router gives you the flexibility of using the Public IP
range your ISP
assigned you rather than publish all public services using your External
ISA's IP address. Services must have a public IP address if you want them
available to the
Internet, rather than always use your ISA's External IP address you can
select an IP from the range your ISP gave you and have the router redirect
this IP to your
ISA server, thought I would explain again what I was trying to say.
-----Original Message-----
From: Steven Fitzgerald [mailto:Steven.Fitzgerald@xxxxxxxxxxxxxxxxxx]
Sent: Friday, August 23, 2002 11:55 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Exchange DMZ IP mayhem.
http://www.ISAserver.org
Thanks John,
When you say that I should publish the server as being on a second internal
LAN, what exactly do you mean?
Regards,
<mailto:steven.fitzgerald@xxxxxxxxxxxxxxxxxx> Steven Fitzgerald
<http://www.microsoft.com/trainingandservices/default.asp?PageID=mcp&PageCal
l=mcp&SubSite=cert/mcp&AnnMenu=mcp> MCP
Technical Support
<http://www.xitec-software.com/> Xitec Software
-----Original Message-----
From: John Tolmachoff [mailto:isalist@xxxxxxxxxxxx]
Sent: 23 August 2002 15:40
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Exchange DMZ IP mayhem.
http://www.ISAserver.org
A DMZ zone must be a subnet of the public IP address subnet of the external
interface of ISA.
Therefore, your scenario will not work, as the ISP is assigning you private
IP addresses, which are not routable via the internet.
Either get a public IP subnet from your ISP, or publish the server as being
on a second internal LAN.
John Tolmachoff
IT Manager, Network Engineer
RelianceSoft, Inc.
Fullerton, CA 92835
www.reliancesoft.com
-----Original Message-----
From: Steven Fitzgerald [mailto:Steven.Fitzgerald@xxxxxxxxxxxxxxxxxx]
Sent: Friday, August 23, 2002 5:07 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] Exchange DMZ IP mayhem.
http://www.ISAserver.org
Hi Everyone,
I'm currently pulling my hair out, as some people here kindly helped me set
up my Exchange 2000 Server test environment behind ISA server before, and it
all worked.
I now find myself in the position of setting it all up again, with a new ISP
and a whole new set of rules.
What I want to do, is set up my Exchange server in a DMZ behind the ISA
server, however, the ISP can only forward mail to a certain IP subnet
(10.0.3.x).
My ISA server is on 10.0.3.1, and my Exchange server, as recommended by a
Microsoft article, is on a different subnet 10.0.2.2.
The ISP can't forward SMTP traffic to 10.0.2.2, but they can send it to the
ISA server.
My question is, should the ISA server, with the correct Protocol filter set
up, automatically know to send SMTP mail to 10.0.2.2? Or will I have to set
up another IP address on the Exchange server, (i.e. 10.0.3.3) and get the
ISP to forward SMTP mail to that IP, thus bypassing the firewall?
If I do apply the above, will that mean that the Exchange server is open to
hackers?
Many thanks for your help.
Steven Fitzgerald MCP
Technical Support
Xitec Software
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
isalist@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
steven.fitzgerald@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
gmaks@xxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
Other related posts:
