Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Static NAT
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
Static NAT - 22.May2004 5:51:00 AM
|
|
|
romualdt
Posts: 30
Joined: 3.Nov.2003
From: Tacoma, WA
Status: offline
|
If I understand correctly ISA2004 does not support static NAT. So to get my mail server, that is currently behind a pix using static NAT,to work behind the ISA server I would need to Use a server publishing rule and then change my dns records to point to the external address of my ISA server. Is my understanding correct?
I currently have 5 static IP address 3 I user for different servers (web, mail, TS) so to get these behind ISA i would also have to change the DNS records for these as well. Then create a server publishing rule for these????
[ May 22, 2004, 06:00 AM: Message edited by: romualdt ]
|
|
|
|
|
RE: Static NAT - 22.May2004 9:48:00 PM
|
|
|
leonhughes
Posts: 149
Joined: 19.Mar.2001
From: UK
Status: offline
|
Hi Romualdt,
This should'nt be a problem with ISA 2004. If you bind all your IP addresses to the external NIC on the ISA server, you should be able to creats access policies for each server. When you select the external interface, there should also be an address button. When you press this you can choose which of the external IP addresses you want to use.
It's worth noting the the 'primary' IP address is the one that's used for all outbound traffic. i.e. if you're publishing a mail server, make sure it's public IP address is the primary so that you can send and recieve SMTP etc from the same address. This is especially important when setting up a PTR record in you external DNS. If you don't do this, some ISP's will reject the mail.
|
|
|
|
|
RE: Static NAT - 15.Jun.2004 12:22:00 AM
|
|
|
ChrisGarty
Posts: 1
Joined: 15.Jun.2004
From: Melbourne, Australia
Status: offline
|
Hi,
I think I have a similar situation to Romualdt. I just want to make sure I understand your answer correctly.
I currently have two network segments.I have an external network segment and an internal network segment. The firewall for the internal network segment has an IP address in the external segment and provides NAT and DHCP for the internal machines.
I want to consolidate these two segments into one. Can I configure ISA 2004 to support Internet routable IP addresses and private NAT'd IP addresses in the same segment?
I have 5 Internet routable IP addresses that I want to expose. If I can't have them in the same segment, do I need to bind them to my ISA 2004 server and then route to internal IP addresses?
Thanks in advance.
- Chris
|
|
|
|
|
RE: Static NAT - 16.Jun.2004 1:18:00 AM
|
|
|
tshinder
Posts: 47659
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi Chris,
How would that work? The public segment, in order to protect the network, needs to be completely different than the public, otherwise, you have no security and you're hacked in a moment's notice.
The firewall always needs two or more NICs (or a single NIC with multiple heads). Putting the external and internal on the same network segment is a recipe for disaster.
HTH,
Tom
|
|
|
|
|
RE: Static NAT - 7.Aug.2004 7:11:00 PM
|
|
|
RMPL
Posts: 1
Joined: 7.Aug.2004
From: Warsaw, Poland
Status: offline
|
First of all sorry for my english language ;-)
I have ISA 2004 installed (previously BETA, now full version). I want to publish my three different SMTP servers located in internal network under three different public IP adress (one per server). Public IP adresses are bound to external interface on ISA 2004 machine so publishing access from external network (internet) to these internal SMTP's is easy, BUT... I want that each of my SMTP servers when connecting to some external SMTP presenting themself with one specific public adress (same as server is published). How to configure ISA to not use outgoing NAT for these servers on default IP adress of external interface ???
Some ISP servers rejecting my mails. Also i cant change my DNS recrods to ISA default external IP...This static NAT thing works fine on CheckPoint form example (but Checkpoint works differently then ISA, using NAT based on ARP)
Thanks in advance for any advice....
|
|
|
|
|
RE: Static NAT - 7.Aug.2004 10:20:00 PM
|
|
|
tshinder
Posts: 47659
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi R,
If you use NAT, then the primary IP address will be used. If you use route, then the source IP address will be preserved.
HTH,
Tom
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
