RE: Upstream router and DMZ configuration...confused~~!!
- From: "Jim Harrison" <Jim@xxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Wed, 22 Jun 2005 23:02:16 -0700
Hi Marvin,
You dun a bad ting.
1. Ditch the GW on the DMZ interface - it's non-functional.
2. Unless you plan to lose lots of hair, you've failed to meet the
"public address" part of the DMZ network
3. The static route Tom refers to is at the router, not the ISA. ISA in
effect becomes "another hop in the chain" between the ISP router and
your DMZ.
4. Based on your IP setting, you don't have enough IPs to create a
public DMZ. Your /29 address space only provides 6 usable addresses;
not enough to subnet off for a DMZ.
-----Original Message-----
From: MarvinC [mailto:marvinc@xxxxxxxxx]
Sent: Wednesday, June 22, 2005 9:51 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Upstream router and DMZ configuration...confused~~!!
http://www.ISAserver.org
I've asked this question before but it was under different
circumstances so I need to try again for further clarification.
This may seem like a "dumb question" but it's one I have to ask so
please accept my apologizes in advance if anyone's bothered by it.
I have the Configuring ISA 2004 book and I'm reading an article in
Chapter 7 entitled "Creating and configuring a public address
tri-homed DMZ Network". I have on my ISA2K box three (3) network
adapters with the following settings in the following order:
Internal:
IP: 10.0.0.x
Subnet: 255.0.0.x
GW:
DNS: IP of internal DNS server.
DMZ:
IP: 172.16.0.x
Subnet: 255.0.0.x
GW: 172.16.0.1
DNS: 172.16.0.1
External: ISP Static IP
IP: 70.148.240.122
Subnet: 255.255.255.248
GW: 70.148.122.121
There is mention in the book on creating static routes to the upstream
router to ensure communication between the networks. I'm not sure what
the upstream router is and need clarification. Is this a seperate unit
functioning as a router or is this the ISA server? Where do I enter
this command and is this the correct syntax for the command:
router add 172.16.0.0 add 172.16.0.0 0 mask 255.255.0.0 192.168.1.20
Would anyone have any links or articles that cover static routes as
they relate to ISA2K4? I'm also trying to determine if the external
interface consititutes as a public address?
ANY responses are greatly appreciated. ANY!!!
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
All mail to and from this domain is GFI-scanned.
Other related posts:
