Tri-home ISA DMZ troubles...
- From: "Clive Crocker" <CliveC@xxxxxxxxxx>
- To: isalist@xxxxxxxxxxxxx
- Date: Thu, 2 May 2002 05:04:39 -0600
Hello
I read with great interest your article on "ISA Server DMZ Scenario" and
am attempting the first listed. I wonder if I am missing something
regarding the routing. (FYI private NIC access is working perfectly).
I have a public NIC with IP xx.xx.xx.130/28 (range 128-143, ISP router
129)
I have DMZ NIC with IP xx.xx.xx.137/29 (range 136-143).
Web server is xx.xx.xx.140 and I have created an allow packet filter for
HTTP (port 80). Local computer is "this computer in perimiter =
xx.xx.xx.140. Remote computer is any.
But it doesnt work...
Do I need to create any static routes on the ISA machine to ensure ISA
public NIC routes the traffic it sees n xx.xx.xx.130 but which has
addresses xx.xx.xx.137-142?
Similarly do I need to create filters to allow the DMZ server to 'send'
the responses? The article appears to indicate not, but perhaps I have
misunderstood.
Do I need to add any additional IP addresses on the public NIC (e.g. an IP
address which is in the DMZ (for example adding xx.xx.xx.138 to the public
address)?
I have spoken already with some other people and they have concluded that
they were unable to set up the DMZ in trihomed manner - but I can't
believe that is so!
I can't find articles relating to subnet/supernet on ISASERVER.ORG -
perhaps that is what I require.
Thank you in advance for any assistance you may be able to provide.
Regards
Clive Crocker
CMC Communication Systems Ltd
Other related posts:
