Re: URGENT, need DMZ help

  • From: "Jim Harrison" <jim@xxxxxxxxxxxx>
  • To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
  • Date: Fri, 11 Jan 2002 06:46:50 -0800

OK, that's a different kettle of colored horsefish...

If you use the back-back DMZ, you get the benefit of web and server
publishing for both the DMZ and the LAT.
The only things you need to "double-publish" are those LAT servers that are
meant to be reached from the Internet.
The DMZ servers are published to the Internet, but "protocol-ruled" to the
LAT.

Does that help?
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/authors/harrison/
Read the books!

----- Original Message -----
From: "cismic" <cismic@xxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Thursday, January 10, 2002 21:45
Subject: [isalist] Re: URGENT, need DMZ help


http://www.ISAserver.org


Just theoretical. And also a question to see if it would be a good idea
to have publishing rules against each ISA server.
I don't think it's a good idea, but still had the question.

Joseph
-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
Sent: Thursday, January 10, 2002 9:16 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: URGENT, need DMZ help


http://www.ISAserver.org


Hi Joseph,

    That drawing conflicts with the description we began this
conversation with...

You described this:
Internet
    |
ISA -- DMZ
    |
LAT

..but you drew this:
Internet
    |
ISA
    | -- DMZ
ISA
    |
LAT

..those are two entirely different scenarios...  Which one are we
talking about, or is it comparatively theoretical?

Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/authors/harrison/
Read the books!

----- Original Message -----
From: "cismic" <cismic@xxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Thursday, January 10, 2002 20:32
Subject: [isalist] Re: URGENT, need DMZ help


http://www.ISAserver.org


Would you also need to publish each server that contains the isa
information for each server surrounding the dmz?

Isa - dmz - isa
Joseph

-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
Sent: Thursday, January 10, 2002 12:45 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: URGENT, need DMZ help


http://www.ISAserver.org


All traffic between the LAT and any other non-LAT network require server
or web publishing rules or protocol rules. The only difference is for
outbound PPTP, which uses a packet filter.

Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/authors/harrison/
Read the books!

----- Original Message -----
From: "Magnus Werner" <magnus.werner@xxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Thursday, January 10, 2002 07:43
Subject: [isalist] URGENT, need DMZ help


http://www.ISAserver.org



This is a multi-part message in MIME format.



------------------------------------------------------------------------
----
----



Hi,

I have ISA with 3 NICs... one external, one to DMZ and one to NAT. I
simply want to allow ALL traffic between the DMZ and the NAT, how do I
do that? Those packet filters do nothing when it comes to NAT.

Need answers soon, please also reply by e-mail.

Mvh Magnus W



------------------------------------------------------------------------
----
----


------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')



------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
cismic@xxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')


------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')



------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
cismic@xxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')


------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')




Other related posts: