RE: Three-homed DMZ

  • From: "Jim Harrison" <jim@xxxxxxxxxxxx>
  • To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
  • Date: Thu, 29 Nov 2001 12:44:24 -0800

If you're running a three-homed DMZ, you must:
1. use public IPs in the DMZ.  This includes the DMZ NIC.
2. make the DMZ subnet a subset of the external segment
3. use the DMZ IP as the default gateway for all DMZ hosts

Internet : 123.123.123.201
Subnet   : 255.255.255.248

Local    : 10.10.10.1
Subnet   : 255.255.255.0

DMZ      : 123.123.123.207
Subnet   : 255.255.255.252



Jim Harrison
MCP(NT4, 2K), A+, Network+, PCG
http://isaserver.org/authors/harrison/

----- Original Message -----
From: "Muqeem Syed" <Syed.Muqeem@xxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Thursday, November 29, 2001 03:21
Subject: [isalist] RE: Three-homed DMZ


http://www.ISAserver.org


Hi MIchele,
You dont have to use public IP's on the DMZ interfaces... they can be
set to use the NAT on the outside interface of the ISA.

-----Original Message-----
From: Michele Taverna [mailto:michele.taverna@xxxxxxxxxxxxx]
Sent: Thursday, November 29, 2001 1:16 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Three-homed DMZ


http://www.ISAserver.org


Hi all,

I've a simple question about ISA Server NICs configuration on
three-homed
DMZ.
I understood I've to use public IP on DMZ segment, ok. But the nic which
connect my ISA Server machine to DMZ network, must have public IP too?

For example, take a look at this ISA Server's interface IP config...

Internet : 123.123.123.200
Subnet   : 255.255.255.248

Local    : 10.10.10.1
Subnet   : 255.255.255.0

DMZ      : 123.123.123.201
Subnet   : 255.255.255.248

So, I've to use 2 public IP address on my ISA Server machine?
Are there alternatives?

Thank you.

Michele Taverna - Italy


------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
syed.muqeem@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')




Other related posts: