RE: Upstream router and DMZ configuration...confused~~!!

• From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Fri, 24 Jun 2005 08:58:12 -0500

Hi Marvin,

Also, go to the Syngress Web site and register your book. There is an
appendix on the basics of networking and TCP/IP that will help you
understand the networking issues involved with addressing and routing.

Tom
www.isaserver.org/shinder
Tom and Deb Shinder's Configuring ISA Server 2004
http://tinyurl.com/3xqb7
MVP -- ISA Firewalls

 

> -----Original Message-----
> From: MarvinC [mailto:marvinc@xxxxxxxxx] 
> Sent: Friday, June 24, 2005 8:48 AM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: Upstream router and DMZ 
> configuration...confused~~!!
> 
> http://www.ISAserver.org
> 
> I've yet to come across anything written that covers having a
> front-end back-end exchange solution using ISA2K4 without the
> front-end being on a seperate DMZ. The other reason for the DMZ is to
> publish other servers to include DNS, web, FTP, and maybe even an
> Apache web server, if possible.
> Most of the articles I've read on DMZ configuration with ISA2K4 leaves
> out configuring the DMZ interface and/or using a private IP. I'm a
> true novice to DMZ configurations and when you throw in stumbling to
> learn learning ISA2K4 you have one often confused person.
> 
> 
> On 6/24/05, Jim Harrison <Jim@xxxxxxxxxxxx> wrote:
> > http://www.ISAserver.org
> > 
> > 
> > The other question is "why do you feel the need to place 
> that in a DMZ?"
> > ISA can protect it on the internal net without all that noise...
> > 
> > -----Original Message-----
> > From: MarvinC [mailto:marvinc@xxxxxxxxx]
> > Sent: Thursday, June 23, 2005 6:20 PM
> > To: [ISAserver.org Discussion List]
> > Subject: [isalist] RE: Upstream router and DMZ
> > configuration...confused~~!!
> > 
> > http://www.ISAserver.org
> > 
> > One W2K3 server that I plan to install Exchange 2003 on and 
> use as an
> > OWA front-end server. I may opt to add my web server later on.
> > 
> > On 6/23/05, Thomas W Shinder <tshinder@xxxxxxxxxxx> wrote:
> > > http://www.ISAserver.org
> > >
> > > Hi Marvin,
> > > What resources do you have in the DMZ?
> > > Thanks!
> > >
> > > Tom
> > > www.isaserver.org/shinder
> > > Tom and Deb Shinder's Configuring ISA Server 2004
> > > http://tinyurl.com/3xqb7
> > > MVP -- ISA Firewalls
> > >
> > >
> > >
> > > > -----Original Message-----
> > > > From: MarvinC [mailto:marvinc@xxxxxxxxx]
> > > > Sent: Thursday, June 23, 2005 1:13 AM
> > > > To: [ISAserver.org Discussion List]
> > > > Subject: [isalist] RE: Upstream router and DMZ
> > > > configuration...confused~~!!
> > > >
> > > > http://www.ISAserver.org
> > > >
> > > > Ok so this leaves me with the following:
> > > >
> > > > Internal:
> > > > IP: 10.0.0.x
> > > > Subnet: 255.0.0.x
> > > > GW:
> > > > DNS: IP of internal DNS server.
> > > >
> > > > DMZ:
> > > > IP: 172.16.0.x
> > > > Subnet: 255.0.0.x
> > > > GW:
> > > >
> > > > External: ISP Static IP
> > > > IP: 70.148.240.122
> > > > Subnet: 255.255.255.248
> > > > GW: 70.148.240.121
> > > >
> > > > Dial Up: BellSouth Connection
> > > >
> > > > Now comes the newbie questions:
> > > >
> > > > 1. Do I need to create any records or zones for the DMZ on the
> > > > internal DNS server?
> > > >
> > > >
> > > > On 6/23/05, Jim Harrison <Jim@xxxxxxxxxxxx> wrote:
> > > > > http://www.ISAserver.org
> > > > >
> > > > > Hi Marvin,
> > > > >
> > > > > You dun a bad ting.
> > > > > 1. Ditch the GW on the DMZ interface - it's non-functional.
> > > > > 2. Unless you plan to lose lots of hair, you've 
> failed to meet the
> > > > > "public address" part of the DMZ network
> > > > > 3. The static route Tom refers to is at the router, not the
> > > > ISA.  ISA in
> > > > > effect becomes "another hop in the chain" between the 
> ISP router
> > and
> > > > > your DMZ.
> > > > > 4. Based on your IP setting, you don't have enough 
> IPs to create a
> > > > > public DMZ.  Your /29 address space only provides 6 usable
> > > > addresses;
> > > > > not enough to subnet off for a DMZ.
> > > > >
> > > > > -----Original Message-----
> > > > > From: MarvinC [mailto:marvinc@xxxxxxxxx]
> > > > > Sent: Wednesday, June 22, 2005 9:51 PM
> > > > > To: [ISAserver.org Discussion List]
> > > > > Subject: [isalist] Upstream router and DMZ
> > > > configuration...confused~~!!
> > > > >
> > > > > http://www.ISAserver.org
> > > > >
> > > > > I've asked this question before but it was under different
> > > > > circumstances so I need to try again for further 
> clarification.
> > > > > This may seem like a "dumb question" but it's one I 
> have to ask so
> > > > > please accept my apologizes in advance if anyone's 
> bothered by it.
> > > > > I have the Configuring ISA 2004 book and I'm reading 
> an article in
> > > > > Chapter 7 entitled "Creating and configuring a public address
> > > > > tri-homed DMZ Network". I have on my ISA2K box three 
> (3) network
> > > > > adapters with the following settings in the following order:
> > > > >
> > > > > Internal:
> > > > > IP: 10.0.0.x
> > > > > Subnet: 255.0.0.x
> > > > > GW:
> > > > > DNS: IP of internal DNS server.
> > > > >
> > > > > DMZ:
> > > > > IP: 172.16.0.x
> > > > > Subnet: 255.0.0.x
> > > > > GW: 172.16.0.1
> > > > > DNS: 172.16.0.1
> > > > >
> > > > > External: ISP Static IP
> > > > > IP: 70.148.240.122
> > > > > Subnet: 255.255.255.248
> > > > > GW: 70.148.122.121
> > > > >
> > > > > There is mention in the book on creating static routes to
> > > > the upstream
> > > > > router to ensure communication between the networks. I'm
> > > > not sure what
> > > > > the upstream router is and need clarification. Is this a
> > > > seperate unit
> > > > > functioning as a router or is this the ISA server? Where do I
> > enter
> > > > > this command and is this the correct syntax for the command:
> > > > >
> > > > > router add 172.16.0.0 add 172.16.0.0 0 mask 255.255.0.0
> > 192.168.1.20
> > > > >
> > > > > Would anyone have any links or articles that cover 
> static routes
> > as
> > > > > they relate to ISA2K4? I'm also trying to determine if the
> > external
> > > > > interface consititutes as a public address?
> > > > > ANY responses are greatly appreciated. ANY!!!
> > > > >
> > > > > ------------------------------------------------------
> > > > > List Archives: 
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > > ISA Server Newsletter:
> > http://www.isaserver.org/pages/newsletter.asp
> > > > > ISA Server FAQ:
> > http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > > > ------------------------------------------------------
> > > > > Other Internet Software Marketing Sites:
> > > > > World of Windows Networking: http://www.windowsnetworking.com
> > > > > Leading Network Software Directory: http://www.serverfiles.com
> > > > > No.1 Exchange Server Resource Site: http://www.msexchange.org
> > > > > Windows Security Resource Site: http://www.windowsecurity.com/
> > > > > Network Security Library: http://www.secinf.net/
> > > > > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> > > > > ------------------------------------------------------
> > > > > You are currently subscribed to this ISAserver.org
> > > > Discussion List as:
> > > > > jim@xxxxxxxxxxxx
> > > > > To unsubscribe visit
> > > > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > > Report abuse to listadmin@xxxxxxxxxxxxx
> > > > >
> > > > > All mail to and from this domain is GFI-scanned.
> > > > >
> > > > >
> > > > > ------------------------------------------------------
> > > > > List Archives: 
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > > ISA Server Newsletter:
> > http://www.isaserver.org/pages/newsletter.asp
> > > > > ISA Server FAQ:
> > http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > > > ------------------------------------------------------
> > > > > Other Internet Software Marketing Sites:
> > > > > World of Windows Networking: http://www.windowsnetworking.com
> > > > > Leading Network Software Directory: http://www.serverfiles.com
> > > > > No.1 Exchange Server Resource Site: http://www.msexchange.org
> > > > > Windows Security Resource Site: http://www.windowsecurity.com/
> > > > > Network Security Library: http://www.secinf.net/
> > > > > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> > > > > ------------------------------------------------------
> > > > > You are currently subscribed to this ISAserver.org
> > > > Discussion List as: marvinc@xxxxxxxxx
> > > > > To unsubscribe visit
> > > > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > > Report abuse to listadmin@xxxxxxxxxxxxx
> > > > >
> > > >
> > > > ------------------------------------------------------
> > > > List Archives: 
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > ISA Server Newsletter: 
> http://www.isaserver.org/pages/newsletter.asp
> > > > ISA Server FAQ: 
> http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > > ------------------------------------------------------
> > > > Other Internet Software Marketing Sites:
> > > > World of Windows Networking: http://www.windowsnetworking.com
> > > > Leading Network Software Directory: http://www.serverfiles.com
> > > > No.1 Exchange Server Resource Site: http://www.msexchange.org
> > > > Windows Security Resource Site: http://www.windowsecurity.com/
> > > > Network Security Library: http://www.secinf.net/
> > > > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> > > > ------------------------------------------------------
> > > > You are currently subscribed to this ISAserver.org Discussion
> > > > List as: tshinder@xxxxxxxxxxxxxxxxxx
> > > > To unsubscribe visit
> > > > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > Report abuse to listadmin@xxxxxxxxxxxxx
> > > >
> > > >
> > >
> > > ------------------------------------------------------
> > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > ISA Server Newsletter: 
> http://www.isaserver.org/pages/newsletter.asp
> > > ISA Server FAQ: 
> http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > ------------------------------------------------------
> > > Other Internet Software Marketing Sites:
> > > World of Windows Networking: http://www.windowsnetworking.com
> > > Leading Network Software Directory: http://www.serverfiles.com
> > > No.1 Exchange Server Resource Site: http://www.msexchange.org
> > > Windows Security Resource Site: http://www.windowsecurity.com/
> > > Network Security Library: http://www.secinf.net/
> > > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> > > ------------------------------------------------------
> > > You are currently subscribed to this ISAserver.org 
> Discussion List as:
> > marvinc@xxxxxxxxx
> > > To unsubscribe visit
> > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > Report abuse to listadmin@xxxxxxxxxxxxx
> > >
> > 
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Other Internet Software Marketing Sites:
> > World of Windows Networking: http://www.windowsnetworking.com
> > Leading Network Software Directory: http://www.serverfiles.com
> > No.1 Exchange Server Resource Site: http://www.msexchange.org
> > Windows Security Resource Site: http://www.windowsecurity.com/
> > Network Security Library: http://www.secinf.net/
> > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org 
> Discussion List as:
> > jim@xxxxxxxxxxxx
> > To unsubscribe visit 
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > Report abuse to listadmin@xxxxxxxxxxxxx
> > 
> > All mail to and from this domain is GFI-scanned.
> > 
> > 
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Other Internet Software Marketing Sites:
> > World of Windows Networking: http://www.windowsnetworking.com
> > Leading Network Software Directory: http://www.serverfiles.com
> > No.1 Exchange Server Resource Site: http://www.msexchange.org
> > Windows Security Resource Site: http://www.windowsecurity.com/
> > Network Security Library: http://www.secinf.net/
> > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org 
> Discussion List as: marvinc@xxxxxxxxx
> > To unsubscribe visit 
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > Report abuse to listadmin@xxxxxxxxxxxxx
> >
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> World of Windows Networking: http://www.windowsnetworking.com
> Leading Network Software Directory: http://www.serverfiles.com
> No.1 Exchange Server Resource Site: http://www.msexchange.org
> Windows Security Resource Site: http://www.windowsecurity.com/
> Network Security Library: http://www.secinf.net/
> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion 
> List as: tshinder@xxxxxxxxxxxxxxxxxx
> To unsubscribe visit 
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
> 

Other related posts:

• » Upstream router and DMZ configuration...confused~~!!
• » RE: Upstream router and DMZ configuration...confused~~!!
• » RE: Upstream router and DMZ configuration...confused~~!!
• » RE: Upstream router and DMZ configuration...confused~~!!
• » RE: Upstream router and DMZ configuration...confused~~!!
• » RE: Upstream router and DMZ configuration...confused~~!!
• » RE: Upstream router and DMZ configuration...confused~~!!
• » RE: Upstream router and DMZ configuration...confused~~!!
• » RE: Upstream router and DMZ configuration...confused~~!!
• » RE: Upstream router and DMZ configuration...confused~~!!
• » RE: Upstream router and DMZ configuration...confused~~!!
• » RE: Upstream router and DMZ configuration...confused~~!!
• » RE: Upstream router and DMZ configuration...confused~~!!
• » RE: Upstream router and DMZ configuration...confused~~!!
• » RE: Upstream router and DMZ configuration...confused~~!!
• » RE: Upstream router and DMZ configuration...confused~~!!
• » RE: Upstream router and DMZ configuration...confused~~!!
• » RE: Upstream router and DMZ configuration...confused~~!!
• » RE: Upstream router and DMZ configuration...confused~~!!

1. Home
2. isalist
3. Archive
4. 06-2005

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---