Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

DMZ Setup Issues

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Firewall] >> DMZ >> DMZ Setup Issues Page: [1]
Login
Message << Older Topic   Newer Topic >>
DMZ Setup Issues - 28.Sep.2006 2:52:33 AM   
jckelley

 

Posts: 3
Joined: 28.Sep.2006
Status: offline 		I am trying to setup a tri-homed DMZ with public IPs on the DMZ segment, I have a public 16 address IP space that I have partitioned into 2 parts. The setup I have tried to use is...

Router:
IP:72.216.252.142
MK: 255.255.255.240

Routes:
72.216.252.128/255.255.255.248,72.216.252.141
72.216.252.136/255.255.255.248,72.216.252.142

ISA Server: (ISA not yet installed, trying to get the routing to work right first)
Public IF:
IP: 72.216.252.141
GW: 72.216.252.142
MK: 255.255.255.248

DMZ IF:
IP: 72.216.252.134
GW: <NULL>
MK: 255.255.255.248

MailServer:
MailServer IF:
IP: 72.216.252.132
GW: 72.216.252.134
MK: 255.255.255.248

Now I can ping from the Internet to the ISA DMZ nic, but no further. On the mailserver I can ping to the ISA Public IF but no further. So i know that i am missing a critical step on the ISA server routing (routing table?) but i do not know what it is.

Any assistance would be greatly appreciated.
Post #: 1
RE: DMZ Setup Issues - 28.Sep.2006 5:09:47 PM   
tshinder

 

Posts: 47420
Joined: 10.Jan.2001
From: Texas
Status: offline 		Hi J,

The ISA Firewall's routing table isn't an issue here. The router needs a route entry for the DMZ.

HTH,
Tom

_____________________________

Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/

GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8

(in reply to jckelley)
Post #: 2
RE: DMZ Setup Issues - 29.Sep.2006 3:47:53 AM   
jckelley

 

Posts: 3
Joined: 28.Sep.2006
Status: offline 		There are 2 points where routing is occuring, i think, which is on the router and the (future) isa server. From the internet I can ping the DMZ card so i feel comfortable that the router is routing correctly.

I just cant ping past the DMZ card. As for the other direction i can ping from the DMZ to the Public Card but i can not ping past it (wether it be the router or the internet itself).

Am i missing something? I have been racking my brain on this for about a week now.


These are the routes currently setup on the router...

Routes:
72.216.252.128/255.255.255.248,72.216.252.141
72.216.252.136/255.255.255.248,72.216.252.142

Are these right? Or is their a route that i am missing?

Thank you for the help.

JCK

(in reply to tshinder)
Post #: 3
RE: DMZ Setup Issues - 12.Dec.2006 7:40:03 PM   
mcox

 

Posts: 4
Joined: 11.Dec.2006
Status: offline 		My friend, check the ISA documentation properly. I think pinging is turned off by default. Also, check the system policies too.

Thanks
MC.

(in reply to jckelley)
Post #: 4
RE: DMZ Setup Issues - 13.Dec.2006 12:05:12 PM   
jckelley

 

Posts: 3
Joined: 28.Sep.2006
Status: offline 		ISA Server is not yet installed. I am trying to get the tri-homed working first and then install ISA server. The thought being that with one less factor to fight it may make the process easier. So far though it has been far from.

At this point I am looking at doing a dual firewall configuration with ISA as my inside firewall and a Cisco ASA for the outside firewall. But if you have suggestions, I am all ears.

Thank You for the Help.

JCKelley

(in reply to mcox)
Post #: 5

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Firewall] >> DMZ >> DMZ Setup Issues Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts