Re: IP Addresses on DMZ
- From: "Guinn Unger" <mlists@xxxxxxxxxxxxx>
- To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
- Date: Mon, 30 Jul 2001 16:50:07 -0500
Jim,
Thanks for the help. I'm afraid that we are still pretty lost!
(We are software developers, not network engineers.) Anyway, I
am going to explain our situation in some more detail. I realize
this may be getting beyond the point where we can expect free
assistance from this list. If so, I would probably be willing to
pay someone to help us with this. Here goes:
We have an ISA server with 4 NICs. One goes to the T-1 line and
has an IP address of 66.64.10.xxx. Another goes to our internal
network and has an IP address of 192.168.0.15. A third goes to
another company downstairs (to split the cost of the T-1) and it
has 192.168.1.1. The fourth was intended for use with the DMZ
and currently doesn't have anything!
We currently have access to the internet from both internal
networks. That's working!!
Our ISP gave us a set of 6 IP addresses from 66.64.11.249 to
66.64.11.254. (66.64.11.248/29)
As a first step we would like to publish one web server to the
internet. Are we going about this the right way? Should the
web server be connected to the 4th NIC outlined above? Or should
it just remain on our local network? And how do we set up other
web (or Exchange or whatever) servers later?
I suspect from what we have seen that we are going to have a bunch
of other issues here. It's not at all clear to me how to set up
ISA server once we get everything connected properly either! I'm
not sure how we get the public IP addresses assigned to the
correct servers through ISA Server.
Any light that anyone can shed on this would be appreciated.
Thanks.
Guinn Unger
-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
Sent: Friday, July 27, 2001 6:48 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: IP Addresses on DMZ
http://www.ISAserver.org
The IP assignment for the three-homed DMZ is a subset of the external IP
range. For instance, if your ISA owns a 30-IP range of 123.123.123.33 - .62
with a mask of 255.255.255.224, you could assign IP's 33-47 to the external
interface and assign IPs 49 to 62 with a mask of 255.255.255.240 to the DMZ
and use 123.123.123.49 for the ISA DMZ NIC. 123.123.123.49 would become the
default gateway for any DMZ-based server. The ISA settings would then look
like:
External -
IP = 123.123.123.33
Mask = 255.255.255.224
DG = 123.123.123.xxx (router, or ISP-supplied)
DNS = <empty>
DMZ -
IP = 123.123.123.49
Mask = 255.255.255.240
DG = <empty>
DNS = <empty>
Internal -
IP = 192.168.0.1
Mask = 255.255.255.0
DG = <empty>
DNS = <depends on your config>
Jim Harrison
MCP(2K), A+, Network+, PCG
----- Original Message -----
From: "Guinn Unger" <mlists@xxxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Friday, July 27, 2001 11:20 AM
Subject: [isalist] IP Addresses on DMZ
http://www.ISAserver.org
We are trying to set up a DMZ scenario with a web server. We have three
NICs in the ISA server. One to the T1, one to the internal network, and one
to the DMZ. My question concerns the IP addresses on the DMZ. I assume
that one of the public IP addresses needs to be assigned to the NIC in the
web server. But what IP address can be used on the NIC in the ISA machine
that goes to the DMZ? Is there some additional information about this
somewhere?
Thanks.
Guinn Unger
Unger Technologies, Inc.
Microsoft Certified Partner
Compaq Solutions Alliance Partner
geunger@xxxxxxxxxxxxx
www.ungertech.com
281-367-2477
Hard work spotlights the character of people: some turn up their sleeves,
some turn up their noses, and some don't turn up at all. - Sam Ewig
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
mlists@xxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
Other related posts:
