RE: Howto setup a LAT DMZ
- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Tue, 1 Apr 2003 18:38:21 -0600
Hi KK,
Your DMZ interface needs to be a subnet of your public block. Use
private addresses on the internal network, since all LAT to non-LAT
communcations are translated, so why waste good public addresses? Create
packet filters to control access between the external network and the
DMZ.
HTH,
Tom
Thomas W Shinder
www.isaserver.org/shinder
ISA Server and Beyond: http://tinyurl.com/1jq1
Configuring ISA Server: http://tinyurl.com/1llp
-----Original Message-----
From: kurzundknapp@xxxxxx [mailto:kurzundknapp@xxxxxx]
Sent: Monday, March 31, 2003 7:40 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] Howto setup a LAT DMZ
http://www.ISAserver.org
Hi all...
Our security concept is implemented with a PIX firewall. The device has
three interfaces named "external", "DMZ" and "internal". Since we have a
whole
B-class, all adresses within our registered range are in my LAT. Works
pretty
well for my web proxy clients to use the web proxy service.
Well, I want to use some more features of our ISA server than just the
web
proxy service. I already installed integrated mode and physically have
two
NICs on the machine. As I have been testing and clicking around I
noticed that
some features (e.g. server publishing) requires "internal" and
"external"
addresses. Since our DMZ is implemented via routing (its a whole subnet
of our
B-class) ISA server does not let me publish any servers because all NICs
are
on the same subnet (the DMZ subnet).
Is it possible to configure ISA server to recognize our DMZ subnet as
external?
Yours,
KK
Other related posts:
