Re: RES: Re: RES: Re: RES: Re: LAN accessing DMZ
- From: "Jim Harrison" <jim@xxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Wed, 14 Aug 2002 07:01:30 -0700
That's true; RRAS will provide "basic" DHCP services if not configured
otherwise.
Your DMZ has to be a subnet of the external interface, and those IP's just
don't fit the bill.
Take a look at: http://isaserver.org/pages/articles.asp?art=37 for details.
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/authors/harrison
http://jalojash.org/isatools
Read the books!
----- Original Message -----
From: Alex Decarli
To: [ISAserver.org Discussion List]
Sent: Wednesday, August 14, 2002 6:44 AM
Subject: [isalist] RES: Re: RES: Re: RES: Re: LAN accessing DMZ
http://www.ISAserver.org
the "0"is only to indentificate the subnet.
DHCP Server isn't installed on ISA Computer.
But, I've VPN support enabled in ISA. I think the RRAS provide DHCP
Funcionatily.
Also, OWA with SSL.(could it be the problem ?).
My external ip address is 200.206.32.10 , mask 255.255.255.192 (only web card
in ISA).
In my DNS Server , I've a "A" record that appoint to isa Server, like
www.mysite.com
Isa server has a DMZ card, 192.168.0.1 , mask 255.255.255.0.
Web Server has 192.168.0.10 , mask 255.255.255.0. ISA ping the web Server.
Alex Decarli
-----Mensagem original-----
De: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
Enviada em: quarta-feira, 14 de agosto de 2002 10:34
Para: [ISAserver.org Discussion List]
Assunto: [isalist] Re: RES: Re: RES: Re: LAN accessing DMZ
http://www.ISAserver.org
No, I said "DHCP Server", not DHCP filter. You have the DHCP server
service running on the ISA.
Unless ISA is providing DHCP services to the internal network, remove it.
No address ending in "0" is a valid host IP, but since you didn't provide
your external IP and Netmask, I can't tell if 192.168.0.x is a subnet of your
external network.
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/authors/harrison
http://jalojash.org/isatools
Read the books!
----- Original Message -----
From: Alex Decarli
To: [ISAserver.org Discussion List]
Sent: Wednesday, August 14, 2002 4:15 AM
Subject: [isalist] RES: Re: RES: Re: LAN accessing DMZ
http://www.ISAserver.org
no, only LAT nic (10.1.1.0) reference is in LAT.
DHCP filter has deleted.
192.168.0.0 isn't a valid external address. maybe is it ?
-----Mensagem original-----
De: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
Enviada em: terça-feira, 13 de agosto de 2002 18:51
Para: [ISAserver.org Discussion List]
Assunto: [isalist] Re: RES: Re: LAN accessing DMZ
http://www.ISAserver.org
That entry has nothng to do with the error you're seeing; it's the DHCP
server service on the ISA trying to detect "rogue" DHCP servers.
Is the DMZ range in the LAT?
Third-leg DMZ must be a subnet of the ISA external IP. It doesn't look
as if that's the case.
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/authors/harrison
http://jalojash.org/isatools
Read the books!
----- Original Message -----
From: Alex Decarli
To: [ISAserver.org Discussion List]
Sent: Tuesday, August 13, 2002 2:31 PM
Subject: [isalist] RES: Re: LAN accessing DMZ
http://www.ISAserver.org
ISA std, sp1 , 3 nics,
DMZ nic: 192.168.0.1
WEB nic: xxx.xxx.xxx
LAT nic: 10.1.1.4
Web server that wil be published is 192.168.0.10 (isa ping ok),
defaut gateway of Web server is 192.168.0.1 (ISA DMZ nic)
After to do the steps in Q313562 article (How to: Publish a Web
Server on a Perimeter Network) and I can't to access my Web Server from
Internet.
The Web Browser shows "403 - Forbidden. Isa server denies ... "
I opened IPxxxlog.txt and saw the following events:
Time IP Source Mask Protocol Source Port
target Port Action
(time) 127.0.0.1 255.255.255.255 Udp 68
67 BLOCKED
all steps in article is ok.
Thank you JIM (again)
Alex Decarli
-----Mensagem original-----
De: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
Enviada em: terça-feira, 13 de agosto de 2002 17:47
Para: [ISAserver.org Discussion List]
Assunto: [isalist] Re: LAN accessing DMZ
http://www.ISAserver.org
ISA rules should apply to DMZ requests as well.
What is your configuration?
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/authors/harrison
http://jalojash.org/isatools
Read the books!
----- Original Message -----
From: Alex Decarli
To: [ISAserver.org Discussion List]
Sent: Tuesday, August 13, 2002 6:57 AM
Subject: [isalist] LAN accessing DMZ
http://www.ISAserver.org
How can I to allow machines in LAT to access DMZ environment ?
ISA Server's denied my requisitions.
Thanks
Alex Decarli
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion
List as: jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List
as: decarli@xxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List
as: jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
decarli@xxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
decarli@xxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
Other related posts:
