RE: Upstream router and DMZ configuration...confused~~!!

  • From: MarvinC <marvinc@xxxxxxxxx>
  • To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
  • Date: Thu, 23 Jun 2005 01:31:08 -0400

Correct but doesn't the same rules apply when connecting DMZ networks?
If not is there an article discussing this? I'm not grasping the
concept behind configuring the interfaces for the DMZ with a static
IP.

On 6/23/05, Thomas W Shinder <tshinder@xxxxxxxxxxx> wrote:
> http://www.ISAserver.org
> 
> Hi Marvin,
> 
> OK, got it. But you're not using a public address DMZ.
> 
> Tom
> www.isaserver.org/shinder
> Tom and Deb Shinder's Configuring ISA Server 2004
> http://tinyurl.com/3xqb7
> MVP -- ISA Firewalls
> 
> 
> 
> > -----Original Message-----
> > From: MarvinC [mailto:marvinc@xxxxxxxxx]
> > Sent: Thursday, June 23, 2005 12:09 AM
> > To: [ISAserver.org Discussion List]
> > Subject: [isalist] RE: Upstream router and DMZ
> > configuration...confused~~!!
> >
> > http://www.ISAserver.org
> >
> > Page 592 and 593 discuss the public address DMZ segment and it has an
> > IP listed on this interface in both the route and NAT relationships.
> >
> > On 6/23/05, Thomas W Shinder <tshinder@xxxxxxxxxxx> wrote:
> > > http://www.ISAserver.org
> > >
> > > Hi Martin,
> > >
> > > There's nothing in the config you show here that would
> > require a static
> > > route. Can you point me to the page number in question and
> > I'll try to
> > > clarify.
> > >
> > > Also, why do you have a DNS server address on the DMZ interface?
> > >
> > > Thanks!
> > >
> > > Tom
> > > www.isaserver.org/shinder
> > > Tom and Deb Shinder's Configuring ISA Server 2004
> > > http://tinyurl.com/3xqb7
> > > MVP -- ISA Firewalls
> > >
> > >
> > >
> > > > -----Original Message-----
> > > > From: MarvinC [mailto:marvinc@xxxxxxxxx]
> > > > Sent: Wednesday, June 22, 2005 11:51 PM
> > > > To: [ISAserver.org Discussion List]
> > > > Subject: [isalist] Upstream router and DMZ
> > > > configuration...confused~~!!
> > > >
> > > > http://www.ISAserver.org
> > > >
> > > > I've asked this question before but it was under different
> > > > circumstances so I need to try again for further clarification.
> > > > This may seem like a "dumb question" but it's one I have to ask so
> > > > please accept my apologizes in advance if anyone's bothered by it.
> > > > I have the Configuring ISA 2004 book and I'm reading an article in
> > > > Chapter 7 entitled "Creating and configuring a public address
> > > > tri-homed DMZ Network". I have on my ISA2K box three (3) network
> > > > adapters with the following settings in the following order:
> > > >
> > > > Internal:
> > > > IP: 10.0.0.x
> > > > Subnet: 255.0.0.x
> > > > GW:
> > > > DNS: IP of internal DNS server.
> > > >
> > > > DMZ:
> > > > IP: 172.16.0.x
> > > > Subnet: 255.0.0.x
> > > > GW: 172.16.0.1
> > > > DNS: 172.16.0.1
> > > >
> > > > External: ISP Static IP
> > > > IP: 70.148.240.122
> > > > Subnet: 255.255.255.248
> > > > GW: 70.148.122.121
> > > >
> > > > There is mention in the book on creating static routes to
> > the upstream
> > > > router to ensure communication between the networks. I'm
> > not sure what
> > > > the upstream router is and need clarification. Is this a
> > seperate unit
> > > > functioning as a router or is this the ISA server? Where
> > do I enter
> > > > this command and is this the correct syntax for the command:
> > > >
> > > > router add 172.16.0.0 add 172.16.0.0 0 mask 255.255.0.0
> > 192.168.1.20
> > > >
> > > > Would anyone have any links or articles that cover static
> > routes as
> > > > they relate to ISA2K4? I'm also trying to determine if
> > the external
> > > > interface consititutes as a public address?
> > > > ANY responses are greatly appreciated. ANY!!!
> > > >
> > > > ------------------------------------------------------
> > > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > ISA Server Newsletter:
> > http://www.isaserver.org/pages/newsletter.asp
> > > > ISA Server FAQ:
> > http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > > ------------------------------------------------------
> > > > Other Internet Software Marketing Sites:
> > > > World of Windows Networking: http://www.windowsnetworking.com
> > > > Leading Network Software Directory: http://www.serverfiles.com
> > > > No.1 Exchange Server Resource Site: http://www.msexchange.org
> > > > Windows Security Resource Site: http://www.windowsecurity.com/
> > > > Network Security Library: http://www.secinf.net/
> > > > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> > > > ------------------------------------------------------
> > > > You are currently subscribed to this ISAserver.org Discussion
> > > > List as: tshinder@xxxxxxxxxxxxxxxxxx
> > > > To unsubscribe visit
> > > > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > Report abuse to listadmin@xxxxxxxxxxxxx
> > > >
> > > >
> > >
> > > ------------------------------------------------------
> > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > ------------------------------------------------------
> > > Other Internet Software Marketing Sites:
> > > World of Windows Networking: http://www.windowsnetworking.com
> > > Leading Network Software Directory: http://www.serverfiles.com
> > > No.1 Exchange Server Resource Site: http://www.msexchange.org
> > > Windows Security Resource Site: http://www.windowsecurity.com/
> > > Network Security Library: http://www.secinf.net/
> > > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> > > ------------------------------------------------------
> > > You are currently subscribed to this ISAserver.org
> > Discussion List as: marvinc@xxxxxxxxx
> > > To unsubscribe visit
> > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > Report abuse to listadmin@xxxxxxxxxxxxx
> > >
> >
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Other Internet Software Marketing Sites:
> > World of Windows Networking: http://www.windowsnetworking.com
> > Leading Network Software Directory: http://www.serverfiles.com
> > No.1 Exchange Server Resource Site: http://www.msexchange.org
> > Windows Security Resource Site: http://www.windowsecurity.com/
> > Network Security Library: http://www.secinf.net/
> > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org Discussion
> > List as: tshinder@xxxxxxxxxxxxxxxxxx
> > To unsubscribe visit
> > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > Report abuse to listadmin@xxxxxxxxxxxxx
> >
> >
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> World of Windows Networking: http://www.windowsnetworking.com
> Leading Network Software Directory: http://www.serverfiles.com
> No.1 Exchange Server Resource Site: http://www.msexchange.org
> Windows Security Resource Site: http://www.windowsecurity.com/
> Network Security Library: http://www.secinf.net/
> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as: 
> marvinc@xxxxxxxxx
> To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
>

Other related posts:

  1. Home
  2. isalist
  3. Archive
  4. 06-2005