I'm trying to setup an ISA2006 server with 3 network cards. 1 - Internal 1 - External 1 - Perimeter/inbound only
It's running nicely now with the internal and external, but I'm having problems adding the 3rd leg (I've configured the 3 leg template) basically the 3rd leg I want as inbound services only i.e. SMTP inbound traffic, but whatever I do the ISA just doesn't like to play. I'm testing with an ADSL line connected to a Draytek 2800 Router that's routing port 25 to the ISA IP address. I've added the Draytek IP range to the Perimeter Network config, and set the network rules to allow the perimeter to a test mail server (computer) relation Route. and Internal network to perimeter network relation NAT.
I'm sure I've made some big mistakes here somewhere, but can someone point me in the right direction?
From: Taylorville, IL
"Inbound service" does not really mean anything. That does not clearly describe what you are trying to do and how [exactly] you are trying to do it. ISA is very complex,...details of a problem have to be specific.
You already have a DMZ between the Draytek and the ISA,...there is no point in having a nearly worthless Tri-Homed DMZ on top of that that does nothing more than over complicate things. Tri-homed DMZs are generally used (and more justifiably used) when the ISA is an Edge Firewall all alone by itself.
I'm not saying you still can't accomplish what you want eventually,...I just don't think it is worth putting all the effort into it.
Also,...you cannot Publish from the Perimeter,...the Perimeter does not "touch" the Internet. You have to Publish "from" the External "to" the Perimeter. Getting from the Perimeter into the Internal is a completely different and separate process after that.
Not really, I only want one outbound connection to the internet, but want 2 inbound connections from the internet. One that basically will hold services like SMTP traffic and VPN traffic inbound, and the other that provides mostly outbound.