RE: Need help with unusual configuration

• From: "Thomas W Shinder" <tshinder@xxxxxxxxxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Thu, 6 Nov 2003 08:22:37 -0600

Hi Dan,
 
I haven't read this whole thread, but it sounds like you want to
configure a LAT-based DMZ. Right?
 
Thanks!
Tom

  _____  

From: Dan Bartley [mailto:bartleyd@xxxxxxxxxxxxxxxxxxx] 
Sent: Thursday, November 06, 2003 5:31 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Need help with unusual configuration


http://www.ISAserver.org


Thanks. I'll experiment with what you have below. To answer the
question, the serverLAN will have free access to the woekstationLAN, but
not the other way around. Neither LAN will use the ISA as a direct
Internet gateway, the PIX will still fulfill that function. So far, the
ISA server has ground to halt without the serverlan in the LAT, or more
specifically the domain controllers in the LAT.

 

Best Regards, 

Dan Bartley

  _____  

From: John Tolmachoff (Lists) [mailto:johnlist@xxxxxxxxxxxxxxxxxxx] 
Sent: Thursday, November 06, 2003 01:03
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Need help with unusual configuration

 

http://www.ISAserver.org

Who do you want to let the servers communication freely with, the
workstationLAN, the Internet, or what?

 

The external interface would connect to the PIX. (Why not get rid of the
PIX?)

 

The serverLAN NIC would connect to all the servers. That subnet would be
not be in the LAT. (Tom or Jim or someone can correct me on this.) It
would be a virtual DMZ using Private IP address.

 

The workstation LAN NIC would connect to all the workstations. That
subnet would be in the LAT.

 

You can then create publishing rules for the servers in the DNZ and
other rules using groups to allow and/or restrict access from the
workstationLAN to the serverLAN.

 

You can create the needed rules to allow/restrict access between the
serverLAN and the Internet.

 

You can create the needed rules to allow/restrict access between the
workstatonLAN and the Internet.

 

The only thing I am hazy about is if the serverLAN subnet would go into
the LAT. If I have time, I will get out the good doctor's book and
reread that section.

 

John Tolmachoff

Engineer/Consultant/Owner

eServices For You

 

----

Other related posts:

• » Need help with unusual configuration
• » RE: Need help with unusual configuration
• » RE: Need help with unusual configuration
• » RE: Need help with unusual configuration
• » RE: Need help with unusual configuration
• » RE: Need help with unusual configuration
• » RE: Need help with unusual configuration
• » RE: Need help with unusual configuration

1. Home
2. isalist
3. Archive
4. 11-2003

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---