RE: External Network Logic

From: "Thor \(Hammer of God\)" <thor@xxxxxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Date: Wed, 7 Dec 2005 15:38:34 -0800

One thing though, just so I understand-- How would I NAT to the Internet? There *is no* "Internet" per se in a 2 NIC config with both defined as ISA Firewall Networks, right? There would be route relationship from the Internal to the DMZ Perimeter. The Internet would only exist if an Interface was added and not defined elsewhere, correct? t

----- Original Message ----- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Wednesday, December 07, 2005 3:01 PM Subject: [isalist] RE: External Network Logic


http://www.ISAserver.org

The default External Network is defined as all addresses that defined by
any other ISA firewall Network. So, there is still an external network,
you just don't have any access to it, since you've created ISA firewall
Networks for both the NIC (one for the default Internal Network and one
for the ISA firewall Network representing the perimeter network NIC).

You can use this in a number of scenarios, like turning the DMZ between
the BE and FE ISA firewall into an ISA firewall Network and creating a
route Network Rule between that and the default Internal Network, but
still NAT'ing to the Internet. Pretty slick, eh?

Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://spaces.msn.com/members/drisa/
Book: http://tinyurl.com/3xqb7
MVP -- ISA Firewalls
**Who is John Galt?**

-----Original Message-----
From: Thor (Hammer of God) [mailto:thor@xxxxxxxxxxxxxxx]
Sent: Wednesday, December 07, 2005 4:57 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] External Network Logic

http://www.ISAserver.org

So, you've got ISA with 2 NIC's.  You define the Internal
range on one NIC,
leaving the other NIC as "External."  You then add a
perimeter network, and
give it the IP range of what used to be the "External" NIC.
What happens to
the concept of the External network since you now have a
trusted Internal
network and a less trusted "Perimeter" network, but no real
"External"
network anymore.  Will it just be an "empty" network set
sitting there all
alone in the cold, cold ground?


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion
List as: tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: thor@xxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx

RE: External Network Logic

Other related posts: