Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
DMZ config
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
DMZ config - 7.Feb.2004 12:07:00 PM
|
|
|
pzs
Posts: 1
Joined: 7.Feb.2004
Status: offline
|
hi,all
i want to establish a 3-leg perimeter,my server has three nics,one for external public internet(we have 30 public ip addresses),one for internal network(192.0.0.x) and the last one for DMZ.must the ip addr for servers in DMZ be public ip address? i want my clients use the public ip address when they visit the servers located in my DMZ.my config:
external to DMZ: route
external to internal : NAT
external to DMZ : route
pl give me some advises.thanks!
|
|
|
|
|
RE: DMZ config - 8.Feb.2004 5:47:00 PM
|
|
|
tshinder
Posts: 47420
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi zhansheng,
You no longer need to use public addresses in your DMZ. You can use private addresses and create a routing or NAT relationship between that network and other networks.
HTH,
Tom
|
|
|
|
|
RE: DMZ config - 9.Feb.2004 12:39:00 PM
|
|
|
cko
Posts: 52
Joined: 4.Aug.2003
Status: offline
|
hm.. but "not need" does not mean iots not possible right? i'd be interested in setup a 3homed dmz with public ip's also ;-)
|
|
|
|
|
RE: DMZ config - 9.Feb.2004 3:31:00 PM
|
|
|
tshinder
Posts: 47420
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi Cko,
You can use public or private addresses, no problem! Just configure the "Networks" and then configure the "Network Rules". You have complete control now and can apply firewall policy between any two networks (even more, if you create network groups).
HTH,
Tom
|
|
|
|
RE: DMZ config - 10.Feb.2004 3:38:00 AM
|
|
|
ntnghia
Posts: 15
Joined: 18.Jun.2003
From: vietnam
Status: offline
|
That great,
But I want to clear somethings.
When i use public IP on DMZ network at that time do i need to use publing rule to public my server to outside(ex:my web server,..)
and can i do at this way
External to DMZ : Route (both use public IP)
Internal to External: NAT
internal to DMZ : Route (DMZ use Public IP) is that work
I want to use that because some of my server use some special service.
thanks so much
thanks
|
|
|
|
|
RE: DMZ config - 10.Feb.2004 5:20:00 AM
|
|
|
tshinder
Posts: 47420
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi NT,
Yes, you should be able to do that, if the public address DMZ and the private networks know the route to one another. You could routed from the private network to the Internet, since the Internet hosts wouldn't have have a route to the private address, but since the ISA2004 firewall *does* have a route to your private network addresses, it would work. Just make sure those private addresses aren't embedded in any applications that Internet hosts use.
HTH<
Tom
|
|
|
|
|
RE: DMZ config - 14.Feb.2004 4:08:00 AM
|
|
|
tdeerinck
Posts: 9
Joined: 6.Mar.2003
Status: offline
|
Tom,
Just a quick question on / off topic. ISA2k was a pain when using a DMZ and a Private Network because it created two islands. The DMZ and Private net could not communicate! Has this been done away with?
~T.J.
|
|
|
|
|
RE: DMZ config - 15.Feb.2004 6:17:00 PM
|
|
|
tshinder
Posts: 47420
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi TJ,
ISA 2004 make it much much easier to setup a DMZ that uses either public or private addresses. Just create the "Network" objects and create ARs that control how traffic moves between the two.
HTH,
Tom
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
