[isapros] Re: External an Internal IP Address tied to same NIC
- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
- To: <isapros@xxxxxxxxxxxxx>
- Date: Mon, 25 Jun 2007 10:59:31 -0500
Sounds like it's in hork mode anyhow, so it's not providing any real
security, so I can't say that there are any security implications to
this config.
Thomas W Shinder, M.D.
Site: www.isaserver.org <http://www.isaserver.org/>
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7>
MVP -- Microsoft Firewalls (ISA)
________________________________
From: isapros-bounce@xxxxxxxxxxxxx
[mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Gerald G. Young
Sent: Monday, June 25, 2007 10:53 AM
To: isapros@xxxxxxxxxxxxx
Subject: [isapros] External an Internal IP Address tied to same
NIC
Guys,
Aside from the creepy factor, are there any major gotchas when
you have a NIC that has both internal and external IP addresses on them?
Someone set up an ISA server that simply has a web publishing
rule that allows connectivity to a back end box (HTTP/HTTPS); that's all
it's being used for.
Unfortunately, the people here decided it made sense to specify
an internal IP range on a NIC and then add an external VIP on it, too.
So, we have essentially a NIC with internal IP addressing as
192.168.10.120/24/.1 and a VIP of 10.10.209.120/16.
It does, however, look like an additional access rule was set up
that allows all networks to talk with the backend box.
So, the argument I get is that because this setup is working,
what is wrong with the way it is setup. This screams all wrong to me
but I can't articulate why. Any help?
Cordially yours,
Jerry G. Young II
Application Engineer
Platform Engineering and Architecture
NTT America, an NTT Communications Company
22451 Shaw Rd.
Sterling, VA 20166
Office: 571-434-1319
Fax: 703-333-6749
Email: g.young@xxxxxxxx <mailto:g.young@xxxxxxxx>
Other related posts:
