Re: IP Addresses on DMZ
- From: "Jim Harrison" <jim@xxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Mon, 30 Jul 2001 17:39:38 -0700
One problem you have is that with 6 IP's, any further subnetting is limited
to two functional DMZ IPs; one for the ISA DMZ NIC and one for the DMZ
server.
There is some general ISA deployment reading you should do before plunging
headlong into the abyss that is ISA :-)...
http://www.isaserver.org/shinder/tips/getting_started.htm
http://www.isaserver.org/shinder/tutorials/secure_nat_client.htm
http://www.isaserver.org/shinder/tutorials/designing_an_isa_server_solution_
on_a%20_simple_network.htm
http://www.isaserver.org/pages/tutorials/isanetworks.htm
http://www.isaserver.org/shinder/tutorials/dmz_scenarios.htm
..and many more in the "Learning Zone"...
Jim Harrison
MCP(2K), A+, Network+, PCG
----- Original Message -----
From: "Guinn Unger" <mlists@xxxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Monday, July 30, 2001 2:50 PM
Subject: [isalist] Re: IP Addresses on DMZ
> http://www.ISAserver.org
>
>
> Jim,
>
> Thanks for the help. I'm afraid that we are still pretty lost!
> (We are software developers, not network engineers.) Anyway, I
> am going to explain our situation in some more detail. I realize
> this may be getting beyond the point where we can expect free
> assistance from this list. If so, I would probably be willing to
> pay someone to help us with this. Here goes:
>
> We have an ISA server with 4 NICs. One goes to the T-1 line and
> has an IP address of 66.64.10.xxx. Another goes to our internal
> network and has an IP address of 192.168.0.15. A third goes to
> another company downstairs (to split the cost of the T-1) and it
> has 192.168.1.1. The fourth was intended for use with the DMZ
> and currently doesn't have anything!
>
> We currently have access to the internet from both internal
> networks. That's working!!
>
> Our ISP gave us a set of 6 IP addresses from 66.64.11.249 to
> 66.64.11.254. (66.64.11.248/29)
>
> As a first step we would like to publish one web server to the
> internet. Are we going about this the right way? Should the
> web server be connected to the 4th NIC outlined above? Or should
> it just remain on our local network? And how do we set up other
> web (or Exchange or whatever) servers later?
>
> I suspect from what we have seen that we are going to have a bunch
> of other issues here. It's not at all clear to me how to set up
> ISA server once we get everything connected properly either! I'm
> not sure how we get the public IP addresses assigned to the
> correct servers through ISA Server.
>
> Any light that anyone can shed on this would be appreciated.
>
> Thanks.
>
> Guinn Unger
>
> -----Original Message-----
> From: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
> Sent: Friday, July 27, 2001 6:48 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] Re: IP Addresses on DMZ
>
>
> http://www.ISAserver.org
>
>
> The IP assignment for the three-homed DMZ is a subset of the external IP
> range. For instance, if your ISA owns a 30-IP range of 123.123.123.33 -
.62
> with a mask of 255.255.255.224, you could assign IP's 33-47 to the
external
> interface and assign IPs 49 to 62 with a mask of 255.255.255.240 to the
DMZ
> and use 123.123.123.49 for the ISA DMZ NIC. 123.123.123.49 would become
the
> default gateway for any DMZ-based server. The ISA settings would then
look
> like:
>
> External -
> IP = 123.123.123.33
> Mask = 255.255.255.224
> DG = 123.123.123.xxx (router, or ISP-supplied)
> DNS = <empty>
>
>
> DMZ -
> IP = 123.123.123.49
> Mask = 255.255.255.240
> DG = <empty>
> DNS = <empty>
>
>
> Internal -
> IP = 192.168.0.1
> Mask = 255.255.255.0
> DG = <empty>
> DNS = <depends on your config>
>
> Jim Harrison
> MCP(2K), A+, Network+, PCG
>
> ----- Original Message -----
> From: "Guinn Unger" <mlists@xxxxxxxxxxxxx>
> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> Sent: Friday, July 27, 2001 11:20 AM
> Subject: [isalist] IP Addresses on DMZ
>
>
> http://www.ISAserver.org
>
>
> We are trying to set up a DMZ scenario with a web server. We have three
> NICs in the ISA server. One to the T1, one to the internal network, and
one
> to the DMZ. My question concerns the IP addresses on the DMZ. I assume
> that one of the public IP addresses needs to be assigned to the NIC in the
> web server. But what IP address can be used on the NIC in the ISA machine
> that goes to the DMZ? Is there some additional information about this
> somewhere?
>
> Thanks.
>
> Guinn Unger
> Unger Technologies, Inc.
> Microsoft Certified Partner
> Compaq Solutions Alliance Partner
> geunger@xxxxxxxxxxxxx
> www.ungertech.com
> 281-367-2477
>
> Hard work spotlights the character of people: some turn up their sleeves,
> some turn up their noses, and some don't turn up at all. - Sam Ewig
>
>
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> jim@xxxxxxxxxxxx
> To unsubscribe send a blank email to $subst('Email.Unsub')
>
>
>
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> mlists@xxxxxxxxxxxxx
> To unsubscribe send a blank email to $subst('Email.Unsub')
>
>
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
> To unsubscribe send a blank email to $subst('Email.Unsub')
>
Other related posts:
