Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Am I hosed?
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
Am I hosed? - 29.Aug.2008 5:12:15 PM
|
|
|
sketchy00
Posts: 17
Joined: 8.Aug.2008
From: Bellevue, WA
Status: offline
|
Hello,
Will ISA2006 allow a routed/bi-directional connection from a DMZ segment that uses non-registered IP addresses (e.g. 172.16.x.x) to an internal LAN segment that uses unauthorized, or registered IP addresses?
Unfortunately I inhereted a network where the internal side was assigned a netblock that doesn't fall under IANA's rules for private addressing. We've been able to get away with this because of how NAT'ing worked on this old firewall (Watchguard Firebox = much different than ISA). It's been only a slight thorn in my side because I knew it was technically wrong, but has reared its ugly head when I'm attempting to establish communication between my test DMZ network and my test LAN network. I can only get a Network Rule of NAT working between the two segments, and it's just one-way. If I create a 2nd rule for the other direction, one will take precedence over the other.
If I'm unable to do this, well then, I guess I have to hunker down and do the inevitable; change up my whole IP addressing on the inside of my network. Just don't know how AD, DNS, DHCP, Exchange, SQL, CRM, etc will like that very much.
Thoughts?
_____________________________
- sketchy
|
|
|
|
|
RE: Am I hosed? - 29.Aug.2008 5:23:48 PM
|
|
|
gbarnas
Posts: 147
Joined: 27.Apr.2005
From: New Jersey
Status: offline
|
I did this for a client who accidentally defined their network as a "B-C" class - 172.168.0.0. ;) The way we went about it was to dual-IP the servers, and create new A records & a new reverse domain in DNS, and a new DHCP scope (disabled) one weekend, and the following weekend we cut over to the new B-class 172.16.x.x range. Cut over DNS and DHCP, rebooted all the workstations, and then removed the original IPs from the servers. Most of the work was in the preparation, but aside from one or two hard-coded IP settings in the network that the admin didn't remember to mention, it went fairly smoothly.
Glenn
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
