Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

3rd leg DMZ with real IPs

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 Firewall] >> DMZ >> 3rd leg DMZ with real IPs Page: [1]
Login
Message << Older Topic   Newer Topic >>
3rd leg DMZ with real IPs - 1.Dec.2004 2:41:00 PM   
Guest
 Hey, gurus!

Could anyone explain me how to configure ISA2004 network interfaces if I want to achieve the following scenario:
I have got to different (different addresses, masks and gateways) IP address blocks allocated from my ISP.
I want to allocate one address block to the external ISA interface, and another address block to the 3rd leg DMZ network, while my internal network will be configured with private adresses.
There are no any problem with internal to external internet access, but I cannot get access from the DMZ hosts to the external network.
I have created "Perimeter" network object and established route relations between perimeter and external neworks. Finally I have added access rule
allowed all outbound IP traffic from the perimeter to the external network.

"Route print" output from the ISA2004 server follows:
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 YYY.69.199.185 YYY.69.199.190 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.0.0 255.255.255.0 192.168.0.1 192.168.0.1 20
192.168.0.1 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.0.255 255.255.255.255 192.168.0.1 192.168.0.1 20
XXX.48.39.240 255.255.255.240 XXX.48.39.241 XXX.48.39.241 30
XXX.48.39.241 255.255.255.255 127.0.0.1 127.0.0.1 30
XXX.48.39.255 255.255.255.255 XXX.48.39.241 XXX.48.39.241 30
YYY.69.199.184 255.255.255.248 YYY.69.199.190 YYY.69.199.190 20
YYY.69.199.190 255.255.255.255 127.0.0.1 127.0.0.1 20
YYY.69.199.255 255.255.255.255 YYY.69.199.190 YYY.69.199.190 20
224.0.0.0 240.0.0.0 192.168.0.1 192.168.0.1 20
224.0.0.0 240.0.0.0 XXX.48.39.241 XXX.48.39.241 30
224.0.0.0 240.0.0.0 YYY.69.199.190 YYY.69.199.190 20
255.255.255.255 255.255.255.255 192.168.0.1 192.168.0.1 1
255.255.255.255 255.255.255.255 XXX.48.39.241 XXX.48.39.241 1
255.255.255.255 255.255.255.255 YYY.69.199.190 YYY.69.199.190 1
Default Gateway: YYY.69.199.185
===========================================================================
Persistent Routes:
None

"YYY" is the address block I assigned to the external network
"XXX" is the address block I assigned to the DMZ network
"192" is the private address block for the internal network

Thanks anyone in advance for the input!

Regards,
Andrew
  Post #: 1
RE: 3rd leg DMZ with real IPs - 2.Dec.2004 4:22:00 AM   
tshinder

 

Posts: 47663
Joined: 10.Jan.2001
From: Texas
Status: offline 		Hi Andrew,

Have you created a Network Rule to set a Route relationship between the DMZ and the External Network?

Thanks!
Tom

(in reply to Guest)
Post #: 2
RE: 3rd leg DMZ with real IPs - 2.Dec.2004 8:55:00 AM   
Guest
 Thanks Tom for your reply. As I said at my original post I have created network rule to route between DMZ and external networks.
But the problem was I forgot to configure the upstream router to properly route requests to the DMZ.
Now I have another question - do I have to create to-way access rules DMZ->External and External->DMZ to allow all internet traffic between DMZ and the Internet?

Regards,
Andrew

(in reply to Guest)
  Post #: 3

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 Firewall] >> DMZ >> 3rd leg DMZ with real IPs Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts