• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

HELP! Can't Get DMZ To Work!!

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Firewall] >> DMZ >> HELP! Can't Get DMZ To Work!! Page: [1]
Login
Message << Older Topic   Newer Topic >>
HELP! Can't Get DMZ To Work!! - 15.Jun.2010 8:02:58 PM   
mdbradsh

 

Posts: 38
Joined: 22.Jul.2006
From: Indianapolis
Status: offline
Hello! I need some serious professional ISAserver/IT help here!! I have a small SOHO network consisting of the following:

Internal Network = file server also performing internal DNS and Active Directory, Exchange 2003 Server, ISAserver 2004 SP3 and 4 client desktops.

DMZ= Webserver which also performs public DNS.

All servers are Windows Server 2003 OS, and clients are all Windows XP.

My ISP is Cable Co. and I used to have dynamic IP. I use DynIP on my ISAserver to track my IP and make things work, which it did.

I recently upgraded to business class service and received 5 static IPs. They are 173.xxx.x.xx/29.
I've searched through this forum, and others,about how to set up ISAserver with static IPs, but I have been unsucesssful in getting my DMZ to display my website to the internet and/or my public DNS to work. I can get it to work for my internal clients, but not to the internet. I'm pretty sure it's a DNS problem, but no matter what combination of NIC, static IP and ISAserver rule/publishing configuration I've tried, it has not worked. I've tried upgrading to ISAserver 2006 and get the same results.

I'm trying to move away from using DynIP and go with my static addresses. I tried going to my domain host(GoDaddy)and pointing to my name servers, which are set up in my public DNS, but they are not recognized by GoDaddy?

My ISP set me up with the SMC8014 router. I've tried both using and disabling DHCP, DMZ and so forth, getting differnet results, but no matter how I set it up, the DMZ isn't visible to the internet?

I would really greatly appreciate someone in the know giving me some step-by-step information on how to set up my SMC router and my 3 NICs on my ISAserver with my static IPs. After weeks of struggling with this, I am totally lost and admit defeat!

Thank you very much in advance. I anxiously await your help.

Mike
Post #: 1
RE: HELP! Can't Get DMZ To Work!! - 17.Oct.2010 11:04:22 AM   
pwindell

 

Posts: 2244
Joined: 12.Apr.2004
From: Taylorville, IL
Status: offline
It does matter what marketing they brand it with,...CableTV and DSL internet connections are still "home user" technology.  Just because the Sales Managers wake up one morning and ask, "How can we fool 'em to day?" and the answer is, "Why,..we can call it Business Class and give 'em a few more address that don't change" does not change the inherent design of the technology.

The only reasonable way to use the multiple IP#s is to assign all of them to the external Nic of the ISA and make use of them via Publishing.  This assumes that there is no other IP Device between the ISA and the TV Cable's Layer2 "modem". 

Comcast's SMC box (your using Comcast, correct?) can be configured to operate correctly but Comcast may have to double check it's config.  Comcast is rather oddball in their technology,...and if I remember correctly of the hand full of them we have around here,...actually puts two different addresses ranges at your location and tunnels one inside the other.  It is really "whacked".  You will need to work together with Comcast to get this to work correctly.  

If you are not using Comcast then the presents of the SMC box indicates your provider may still use the same technology design.

As far as your external DNS I would dump that in a heartbeat.  If the Public Names are registered by Godaddy then I would make Godaddy be the authrotiative DNS for that.

_____________________________

Phillip Windell

(in reply to mdbradsh)
Post #: 2
RE: HELP! Can't Get DMZ To Work!! - 20.Oct.2010 4:40:35 PM   
mdbradsh

 

Posts: 38
Joined: 22.Jul.2006
From: Indianapolis
Status: offline
Wow! 4+ months later!

Well...I got everything working (back in June when I originally posted) by abandoning the 3 nic/DMZ configuration and just going with two nics(internal/external) and setting it up similarly as you describe below

quote:

The only reasonable way to use the multiple IP#s is to assign all of them to the external Nic of the ISA and make use of them via Publishing.  This assumes that there is no other IP Device between the ISA and the TV Cable's Layer2 "modem".


Yes... with Comcast Business Class... it is whacked trying to get this to work. Also not having two public nameservers to point too poses problems, as it is a must for GoDaddy. I got around this, sort of, by creating two different host records, NS1 & NS2 using two of my static IPs. It's working...but admittedly I do have occasional DNS problems, but of a minor sort. My website is up and visible to the internet and my email is coming and going just fine. I was able to dump the DynIP service, which saves me quite a bit of $$$.

Comcast also does not really offer much help in setting up your network or Firewalls like ISA Server. They deliver the equipment, get it up and going, offer you some features like Outlook and that's about it. It's up to you to configure your own network and get it working.

quote:

As far as your external DNS I would dump that in a heartbeat.  If the Public Names are registered by Godaddy then I would make Godaddy be the authrotiative DNS for that.


The problem I have with the above advice is that I understand GoDaddy charges for that service. Unless you can turn me on to a free public DNS service, I'm not up for dumping my own DNS.

Thanks for replying, late as it was, as it was your advice in another post by someone else at the time that got me up and going. Hopefully, next time I post a problem here... it won't take 4 months to get help.

< Message edited by mdbradsh -- 20.Oct.2010 4:57:03 PM >

(in reply to pwindell)
Post #: 3
RE: HELP! Can't Get DMZ To Work!! - 21.Oct.2010 9:08:16 AM   
pwindell

 

Posts: 2244
Joined: 12.Apr.2004
From: Taylorville, IL
Status: offline
I just look for posts with either no answer or an insufficient one and I don't usually look at how old it is,...so I had no idea it was 4 months old. 

Free DNS Hosting usually comes from the ISP (Comcast in your case).  We used to have one Name registered via GoDaddy but the Authoritative DNS was our ISP.  Several other names are via Network Solutions,...but the ISP still hosts the DNS.  We now no longer have GoDaddy.

Our main connection is a DS3 over a fiber (45mbps both ways). But I have 3 or 4 Comcast connections as well for special purposes,..and then I believe one DSL for some weather equipment..

_____________________________

Phillip Windell

(in reply to mdbradsh)
Post #: 4

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Firewall] >> DMZ >> HELP! Can't Get DMZ To Work!! Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts