Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Service behind two firewalls (ISA-ISA, Cisco-ISA
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
Service behind two firewalls (ISA-ISA, Cisco-ISA - 18.Jul.2008 12:48:16 AM
|
|
|
azhilenko@yandex.ru
Posts: 5
Joined: 18.Jul.2008
Status: offline
|
Hello everybody!
I have the next confusion regarding to publishing service (any) behind two firewalls.
There is DMZ between two firewalls, but service to be published is placed behind both of them.
The next configuration is supposed to be used:
MS ISA 2004/2006 - MS ISA 2004/2006
CISCO IOS firewall - MS ISA 2004/2006
Any advice, link to information/documentation and other resourceses and help will be appreciated.
< Message edited by azhilenko@yandex.ru -- 18.Jul.2008 12:49:23 AM >
|
|
|
|
|
RE: Service behind two firewalls (ISA-ISA, Cisco-ISA - 23.Jul.2008 5:35:22 AM
|
|
|
azhilenko@yandex.ru
Posts: 5
Joined: 18.Jul.2008
Status: offline
|
Hello Thomas!
Thank You much for Your attention.
We did the next:
1. We published on FrontEnd Cisco IOS Firewall port 3389 to BackEnd ISA Server 2006, port 3389.
2. We published on BackEnd ISA Server 2006 internal RDP Server from port 3389 to port 3389.
3. We allowed in traffic from Cisco IP to ISA Server.
This configuration doesn't work.
ISA Server doesn't allow in traffic Cisco by Default Rule.
I wanted to get some info about network routing rules (Routing, NAT) regarding to ISA Server and, may be, documents that describe same configuration.
Could You tell me if we are in right direction with configuring such kind of scheme.
Thank You,
Alexey.
|
|
|
|
|
RE: Service behind two firewalls (ISA-ISA, Cisco-ISA - 23.Jul.2008 7:00:40 AM
|
|
|
Jason Jones
Posts: 2140
Joined: 30.Jul.2002
From: United Kingdom
Status: online
|
Can you provide some diagrams (even if just text) and explain your networks an associated relationships between them (routing, NAT etc)
Thanks
JJ
_____________________________
Jason Jones (MVP)
Silversands Limited http://www.silversands.co.uk
My Blog: http://blog.msfirewall.org.uk/
Get our NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
|
|
|
|
|
RE: Service behind two firewalls (ISA-ISA, Cisco-ISA - 23.Jul.2008 9:23:50 AM
|
|
|
tshinder
Posts: 47490
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Yes, that would be helpful.
We have plenty of back to back ISA firewall articles on this site, so the ASA/ISA Firewall back to back configuration should use the same principles.
Tom
_____________________________
Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
|
|
|
|
|
RE: Service behind two firewalls (ISA-ISA, Cisco-ISA - 25.Jul.2008 6:02:18 AM
|
|
|
azhilenko@yandex.ru
Posts: 5
Joined: 18.Jul.2008
Status: offline
|
Hello Thomas!
May I send You the scheme to Your email tshinder@isaserver.org?
Thank You.
|
|
|
|
|
RE: Service behind two firewalls (ISA-ISA, Cisco-ISA - 1.Aug.2008 8:49:02 AM
|
|
|
azhilenko@yandex.ru
Posts: 5
Joined: 18.Jul.2008
Status: offline
|
Thomas, hello!
I have send You an email with schemas from azhilenko@yandex.ru address.
Best regards, Alexey
|
|
|
|
|
RE: Service behind two firewalls (ISA-ISA, Cisco-ISA - 14.Aug.2008 7:45:14 AM
|
|
|
azhilenko@yandex.ru
Posts: 5
Joined: 18.Jul.2008
Status: offline
|
Hello, Thomas!
I've tried one more time.
The same message, the same address.
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
