RE: Upstream router and DMZ configuration...confused~~!!

  • From: MarvinC <marvinc@xxxxxxxxx>
  • To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
  • Date: Thu, 23 Jun 2005 02:12:39 -0400

Ok so this leaves me with the following: 

Internal:
IP: 10.0.0.x
Subnet: 255.0.0.x
GW:
DNS: IP of internal DNS server.

DMZ:
IP: 172.16.0.x
Subnet: 255.0.0.x
GW: 

External: ISP Static IP
IP: 70.148.240.122
Subnet: 255.255.255.248
GW: 70.148.240.121

Dial Up: BellSouth Connection

Now comes the newbie questions: 

1. Do I need to create any records or zones for the DMZ on the
internal DNS server?


On 6/23/05, Jim Harrison <Jim@xxxxxxxxxxxx> wrote:
> http://www.ISAserver.org
> 
> Hi Marvin,
> 
> You dun a bad ting.
> 1. Ditch the GW on the DMZ interface - it's non-functional.
> 2. Unless you plan to lose lots of hair, you've failed to meet the
> "public address" part of the DMZ network
> 3. The static route Tom refers to is at the router, not the ISA.  ISA in
> effect becomes "another hop in the chain" between the ISP router and
> your DMZ.
> 4. Based on your IP setting, you don't have enough IPs to create a
> public DMZ.  Your /29 address space only provides 6 usable addresses;
> not enough to subnet off for a DMZ.
> 
> -----Original Message-----
> From: MarvinC [mailto:marvinc@xxxxxxxxx]
> Sent: Wednesday, June 22, 2005 9:51 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] Upstream router and DMZ configuration...confused~~!!
> 
> http://www.ISAserver.org
> 
> I've asked this question before but it was under different
> circumstances so I need to try again for further clarification.
> This may seem like a "dumb question" but it's one I have to ask so
> please accept my apologizes in advance if anyone's bothered by it.
> I have the Configuring ISA 2004 book and I'm reading an article in
> Chapter 7 entitled "Creating and configuring a public address
> tri-homed DMZ Network". I have on my ISA2K box three (3) network
> adapters with the following settings in the following order:
> 
> Internal:
> IP: 10.0.0.x
> Subnet: 255.0.0.x
> GW:
> DNS: IP of internal DNS server.
> 
> DMZ:
> IP: 172.16.0.x
> Subnet: 255.0.0.x
> GW: 172.16.0.1
> DNS: 172.16.0.1
> 
> External: ISP Static IP
> IP: 70.148.240.122
> Subnet: 255.255.255.248
> GW: 70.148.122.121
> 
> There is mention in the book on creating static routes to the upstream
> router to ensure communication between the networks. I'm not sure what
> the upstream router is and need clarification. Is this a seperate unit
> functioning as a router or is this the ISA server? Where do I enter
> this command and is this the correct syntax for the command:
> 
> router add 172.16.0.0 add 172.16.0.0 0 mask 255.255.0.0 192.168.1.20
> 
> Would anyone have any links or articles that cover static routes as
> they relate to ISA2K4? I'm also trying to determine if the external
> interface consititutes as a public address?
> ANY responses are greatly appreciated. ANY!!!
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> World of Windows Networking: http://www.windowsnetworking.com
> Leading Network Software Directory: http://www.serverfiles.com
> No.1 Exchange Server Resource Site: http://www.msexchange.org
> Windows Security Resource Site: http://www.windowsecurity.com/
> Network Security Library: http://www.secinf.net/
> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> jim@xxxxxxxxxxxx
> To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
> 
> All mail to and from this domain is GFI-scanned.
> 
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> World of Windows Networking: http://www.windowsnetworking.com
> Leading Network Software Directory: http://www.serverfiles.com
> No.1 Exchange Server Resource Site: http://www.msexchange.org
> Windows Security Resource Site: http://www.windowsecurity.com/
> Network Security Library: http://www.secinf.net/
> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as: 
> marvinc@xxxxxxxxx
> To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
>

Other related posts:

  1. Home
  2. isalist
  3. Archive
  4. 06-2005