Hi Marvin, Also, go to the Syngress Web site and register your book. There is an appendix on the basics of networking and TCP/IP that will help you understand the networking issues involved with addressing and routing. Tom www.isaserver.org/shinder Tom and Deb Shinder's Configuring ISA Server 2004 http://tinyurl.com/3xqb7 MVP -- ISA Firewalls > -----Original Message----- > From: MarvinC [mailto:marvinc@xxxxxxxxx] > Sent: Friday, June 24, 2005 8:48 AM > To: [ISAserver.org Discussion List] > Subject: [isalist] RE: Upstream router and DMZ > configuration...confused~~!! > > http://www.ISAserver.org > > I've yet to come across anything written that covers having a > front-end back-end exchange solution using ISA2K4 without the > front-end being on a seperate DMZ. The other reason for the DMZ is to > publish other servers to include DNS, web, FTP, and maybe even an > Apache web server, if possible. > Most of the articles I've read on DMZ configuration with ISA2K4 leaves > out configuring the DMZ interface and/or using a private IP. I'm a > true novice to DMZ configurations and when you throw in stumbling to > learn learning ISA2K4 you have one often confused person. > > > On 6/24/05, Jim Harrison <Jim@xxxxxxxxxxxx> wrote: > > http://www.ISAserver.org > > > > > > The other question is "why do you feel the need to place > that in a DMZ?" > > ISA can protect it on the internal net without all that noise... > > > > -----Original Message----- > > From: MarvinC [mailto:marvinc@xxxxxxxxx] > > Sent: Thursday, June 23, 2005 6:20 PM > > To: [ISAserver.org Discussion List] > > Subject: [isalist] RE: Upstream router and DMZ > > configuration...confused~~!! > > > > http://www.ISAserver.org > > > > One W2K3 server that I plan to install Exchange 2003 on and > use as an > > OWA front-end server. I may opt to add my web server later on. > > > > On 6/23/05, Thomas W Shinder <tshinder@xxxxxxxxxxx> wrote: > > > http://www.ISAserver.org > > > > > > Hi Marvin, > > > What resources do you have in the DMZ? > > > Thanks! > > > > > > Tom > > > www.isaserver.org/shinder > > > Tom and Deb Shinder's Configuring ISA Server 2004 > > > http://tinyurl.com/3xqb7 > > > MVP -- ISA Firewalls > > > > > > > > > > > > > -----Original Message----- > > > > From: MarvinC [mailto:marvinc@xxxxxxxxx] > > > > Sent: Thursday, June 23, 2005 1:13 AM > > > > To: [ISAserver.org Discussion List] > > > > Subject: [isalist] RE: Upstream router and DMZ > > > > configuration...confused~~!! > > > > > > > > http://www.ISAserver.org > > > > > > > > Ok so this leaves me with the following: > > > > > > > > Internal: > > > > IP: 10.0.0.x > > > > Subnet: 255.0.0.x > > > > GW: > > > > DNS: IP of internal DNS server. > > > > > > > > DMZ: > > > > IP: 172.16.0.x > > > > Subnet: 255.0.0.x > > > > GW: > > > > > > > > External: ISP Static IP > > > > IP: 70.148.240.122 > > > > Subnet: 255.255.255.248 > > > > GW: 70.148.240.121 > > > > > > > > Dial Up: BellSouth Connection > > > > > > > > Now comes the newbie questions: > > > > > > > > 1. Do I need to create any records or zones for the DMZ on the > > > > internal DNS server? > > > > > > > > > > > > On 6/23/05, Jim Harrison <Jim@xxxxxxxxxxxx> wrote: > > > > > http://www.ISAserver.org > > > > > > > > > > Hi Marvin, > > > > > > > > > > You dun a bad ting. > > > > > 1. Ditch the GW on the DMZ interface - it's non-functional. > > > > > 2. Unless you plan to lose lots of hair, you've > failed to meet the > > > > > "public address" part of the DMZ network > > > > > 3. The static route Tom refers to is at the router, not the > > > > ISA. ISA in > > > > > effect becomes "another hop in the chain" between the > ISP router > > and > > > > > your DMZ. > > > > > 4. Based on your IP setting, you don't have enough > IPs to create a > > > > > public DMZ. Your /29 address space only provides 6 usable > > > > addresses; > > > > > not enough to subnet off for a DMZ. > > > > > > > > > > -----Original Message----- > > > > > From: MarvinC [mailto:marvinc@xxxxxxxxx] > > > > > Sent: Wednesday, June 22, 2005 9:51 PM > > > > > To: [ISAserver.org Discussion List] > > > > > Subject: [isalist] Upstream router and DMZ > > > > configuration...confused~~!! > > > > > > > > > > http://www.ISAserver.org > > > > > > > > > > I've asked this question before but it was under different > > > > > circumstances so I need to try again for further > clarification. > > > > > This may seem like a "dumb question" but it's one I > have to ask so > > > > > please accept my apologizes in advance if anyone's > bothered by it. > > > > > I have the Configuring ISA 2004 book and I'm reading > an article in > > > > > Chapter 7 entitled "Creating and configuring a public address > > > > > tri-homed DMZ Network". I have on my ISA2K box three > (3) network > > > > > adapters with the following settings in the following order: > > > > > > > > > > Internal: > > > > > IP: 10.0.0.x > > > > > Subnet: 255.0.0.x > > > > > GW: > > > > > DNS: IP of internal DNS server. > > > > > > > > > > DMZ: > > > > > IP: 172.16.0.x > > > > > Subnet: 255.0.0.x > > > > > GW: 172.16.0.1 > > > > > DNS: 172.16.0.1 > > > > > > > > > > External: ISP Static IP > > > > > IP: 70.148.240.122 > > > > > Subnet: 255.255.255.248 > > > > > GW: 70.148.122.121 > > > > > > > > > > There is mention in the book on creating static routes to > > > > the upstream > > > > > router to ensure communication between the networks. I'm > > > > not sure what > > > > > the upstream router is and need clarification. Is this a > > > > seperate unit > > > > > functioning as a router or is this the ISA server? Where do I > > enter > > > > > this command and is this the correct syntax for the command: > > > > > > > > > > router add 172.16.0.0 add 172.16.0.0 0 mask 255.255.0.0 > > 192.168.1.20 > > > > > > > > > > Would anyone have any links or articles that cover > static routes > > as > > > > > they relate to ISA2K4? I'm also trying to determine if the > > external > > > > > interface consititutes as a public address? > > > > > ANY responses are greatly appreciated. ANY!!! > > > > > > > > > > ------------------------------------------------------ > > > > > List Archives: > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > > > > ISA Server Newsletter: > > http://www.isaserver.org/pages/newsletter.asp > > > > > ISA Server FAQ: > > http://www.isaserver.org/pages/larticle.asp?type=FAQ > > > > > ------------------------------------------------------ > > > > > Other Internet Software Marketing Sites: > > > > > World of Windows Networking: http://www.windowsnetworking.com > > > > > Leading Network Software Directory: http://www.serverfiles.com > > > > > No.1 Exchange Server Resource Site: http://www.msexchange.org > > > > > Windows Security Resource Site: http://www.windowsecurity.com/ > > > > > Network Security Library: http://www.secinf.net/ > > > > > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com > > > > > ------------------------------------------------------ > > > > > You are currently subscribed to this ISAserver.org > > > > Discussion List as: > > > > > jim@xxxxxxxxxxxx > > > > > To unsubscribe visit > > > > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > > > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > > > > > > > All mail to and from this domain is GFI-scanned. > > > > > > > > > > > > > > > ------------------------------------------------------ > > > > > List Archives: > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > > > > ISA Server Newsletter: > > http://www.isaserver.org/pages/newsletter.asp > > > > > ISA Server FAQ: > > http://www.isaserver.org/pages/larticle.asp?type=FAQ > > > > > ------------------------------------------------------ > > > > > Other Internet Software Marketing Sites: > > > > > World of Windows Networking: http://www.windowsnetworking.com > > > > > Leading Network Software Directory: http://www.serverfiles.com > > > > > No.1 Exchange Server Resource Site: http://www.msexchange.org > > > > > Windows Security Resource Site: http://www.windowsecurity.com/ > > > > > Network Security Library: http://www.secinf.net/ > > > > > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com > > > > > ------------------------------------------------------ > > > > > You are currently subscribed to this ISAserver.org > > > > Discussion List as: marvinc@xxxxxxxxx > > > > > To unsubscribe visit > > > > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > > > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > > > > > > > > > > ------------------------------------------------------ > > > > List Archives: > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > > > ISA Server Newsletter: > http://www.isaserver.org/pages/newsletter.asp > > > > ISA Server FAQ: > http://www.isaserver.org/pages/larticle.asp?type=FAQ > > > > ------------------------------------------------------ > > > > Other Internet Software Marketing Sites: > > > > World of Windows Networking: http://www.windowsnetworking.com > > > > Leading Network Software Directory: http://www.serverfiles.com > > > > No.1 Exchange Server Resource Site: http://www.msexchange.org > > > > Windows Security Resource Site: http://www.windowsecurity.com/ > > > > Network Security Library: http://www.secinf.net/ > > > > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com > > > > ------------------------------------------------------ > > > > You are currently subscribed to this ISAserver.org Discussion > > > > List as: tshinder@xxxxxxxxxxxxxxxxxx > > > > To unsubscribe visit > > > > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > > > > > > > > > > > ------------------------------------------------------ > > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > > > ISA Server Newsletter: > http://www.isaserver.org/pages/newsletter.asp > > > ISA Server FAQ: > http://www.isaserver.org/pages/larticle.asp?type=FAQ > > > ------------------------------------------------------ > > > Other Internet Software Marketing Sites: > > > World of Windows Networking: http://www.windowsnetworking.com > > > Leading Network Software Directory: http://www.serverfiles.com > > > No.1 Exchange Server Resource Site: http://www.msexchange.org > > > Windows Security Resource Site: http://www.windowsecurity.com/ > > > Network Security Library: http://www.secinf.net/ > > > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com > > > ------------------------------------------------------ > > > You are currently subscribed to this ISAserver.org > Discussion List as: > > marvinc@xxxxxxxxx > > > To unsubscribe visit > > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > > > > ------------------------------------------------------ > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > > ------------------------------------------------------ > > Other Internet Software Marketing Sites: > > World of Windows Networking: http://www.windowsnetworking.com > > Leading Network Software Directory: http://www.serverfiles.com > > No.1 Exchange Server Resource Site: http://www.msexchange.org > > Windows Security Resource Site: http://www.windowsecurity.com/ > > Network Security Library: http://www.secinf.net/ > > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com > > ------------------------------------------------------ > > You are currently subscribed to this ISAserver.org > Discussion List as: > > jim@xxxxxxxxxxxx > > To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > All mail to and from this domain is GFI-scanned. > > > > > > ------------------------------------------------------ > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > > ------------------------------------------------------ > > Other Internet Software Marketing Sites: > > World of Windows Networking: http://www.windowsnetworking.com > > Leading Network Software Directory: http://www.serverfiles.com > > No.1 Exchange Server Resource Site: http://www.msexchange.org > > Windows Security Resource Site: http://www.windowsecurity.com/ > > Network Security Library: http://www.secinf.net/ > > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com > > ------------------------------------------------------ > > You are currently subscribed to this ISAserver.org > Discussion List as: marvinc@xxxxxxxxx > > To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Other Internet Software Marketing Sites: > World of Windows Networking: http://www.windowsnetworking.com > Leading Network Software Directory: http://www.serverfiles.com > No.1 Exchange Server Resource Site: http://www.msexchange.org > Windows Security Resource Site: http://www.windowsecurity.com/ > Network Security Library: http://www.secinf.net/ > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion > List as: tshinder@xxxxxxxxxxxxxxxxxx > To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx >