Welcome to ISAserver.org

Deployment Scenario (2)

Users viewing this topic: none

Logged in as: Guest

Printable Version

All Forums >> [ISA Server 2004 Misc.] >> Tom's ISA Firewall Blog Discussion >> Deployment Scenario (2)

Page: [1]

Message

<< Older Topic Newer Topic >>

Deployment Scenario (2) - 25.Jan.2008 11:19:39 AM

kateh

Posts: 16
Joined: 21.Nov.2007
Status: offline

Hi Tom,

Further to my deployment question, can I ask whether it is feasible to connect to isa dmz's together via the internal/external ports?

i.e. ISA1 External points to ISA 2 Internal.

Many thanks
Kate

Post #: 1

Featured Links*

RE: Deployment Scenario (2) - 26.Jan.2008 1:54:30 PM

tshinder

Posts: 46971
Joined: 10.Jan.2001
From: Texas
Status: offline

Hi Kate,

That sounds like a back to back DMZ -- is that what you want to create?

Thanks!
Tom

_____________________________

Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/

GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8

(in reply to kateh)

Post #: 2

RE: Deployment Scenario (2) - 30.Jan.2008 5:01:38 AM

kateh

Posts: 16
Joined: 21.Nov.2007
Status: offline

Hi Tom,

Thanks for coming back to me.

I've looked at the back-to-back DMZ scenario however, it appears that the web server and apps server are on the same dmz. I would like to split the web server and app server up - is this possible?

Many thanks
Kate

(in reply to tshinder)

Post #: 3

RE: Deployment Scenario (2) - 30.Jan.2008 12:49:08 PM

tshinder

Posts: 46971
Joined: 10.Jan.2001
From: Texas
Status: offline

Which server is directly accessible from the Internet/

Thanks!
Tom

_____________________________

Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/

GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8

(in reply to kateh)

Post #: 4

RE: Deployment Scenario (2) - 31.Jan.2008 3:56:29 AM

kateh

Posts: 16
Joined: 21.Nov.2007
Status: offline

Hi Tom,

The web server is directly accessed from the internet. Then we have our ISA between the web server and the internal network.

Thanks
Kate

(in reply to tshinder)

Post #: 5

RE: Deployment Scenario (2) - 31.Jan.2008 11:23:18 AM

tshinder

Posts: 46971
Joined: 10.Jan.2001
From: Texas
Status: offline

Hi Kate,

OK, so the application server is on the Internal Network? What would the second ISA Firewall do in this scenario?

Thanks!
Tom

_____________________________

Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/

GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8

(in reply to kateh)

Post #: 6

RE: Deployment Scenario (2) - 31.Jan.2008 11:51:16 AM

kateh

Posts: 16
Joined: 21.Nov.2007
Status: offline

Hi Tom,

Well at present we have a trihomed dmz. Would the 2nd ISA sit on the edge?

I'm sorry, I'm really new at this!

Regards
Kate

(in reply to tshinder)

Post #: 7

RE: Deployment Scenario (2) - 1.Feb.2008 6:59:50 AM

kateh

Posts: 16
Joined: 21.Nov.2007
Status: offline

Hi Tom,

I'm going to setup a back to back dmz configuration with the app server and web server on the dmz segment.

As we already have the web server with a 1.49.xx.xx address on the trihomed dmz, we don't want to change to private addresses. Can I just connect the app server to the network?

Thanks
Kate

(in reply to kateh)

Post #: 8

RE: Deployment Scenario (2) - 2.Feb.2008 1:28:25 PM

tshinder

Posts: 46971
Joined: 10.Jan.2001
From: Texas
Status: offline

Hi Kate,

You actually have two DMZs -- the one between the ISA Firewalls and the trihomed DMZ on the back end ISA firewall.

You can place the Web server in one DMZ and the app server in the other DMZ.

HTH,
Tom

_____________________________

Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/

GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8

(in reply to kateh)

Post #: 9