Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Static NAT ??? not with ISA 2004
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
Static NAT ??? not with ISA 2004 - 9.Aug.2005 3:54:00 AM
|
|
|
zamirl
Posts: 94
Joined: 26.Mar.2002
From: Bat-Yam, Israel
Status: offline
|
Did you ever had the need to completly make
a server in your network available to the world
or to another network on all ports even if the
server is behind NAT ?
Well, I did, or at least I wanted to test it
The only option which seems reasnable to perform
this is to create a server publishing rule and to
create a protocol definition "all ports" and
provide all TCP port range for inbound.
What is the problem ?
As soon as you try to apply such a rule the
server virtual memory will sky rocket and your
server is useless !
To be honest I did not try to do it on a Windows 2003 with SP1 or with SP1 for ISA 2004.
If anyone else did try it with service packs
and had a different results I would love to read
about it.
Thanks
Liran Zamir
|
|
|
|
RE: Static NAT ??? not with ISA 2004 - 9.Aug.2005 6:18:00 AM
|
|
|
tshinder
Posts: 47659
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi Liran,
This was an issue identified during the beta phase, and I don't think there are any chances with SPs.
I can't imagine a firewall scenario that would require this type of config. If you need unprotected access to a server, put it on the DMZ in front of the ISA firewall.
HTH,
Tom
|
|
|
|
RE: Static NAT ??? not with ISA 2004 - 31.Aug.2005 6:36:00 AM
|
|
|
Nagorg
Posts: 1
Joined: 31.Aug.2005
Status: offline
|
My question may not be exactly to the same point as Liran's, but similar.
When working with a PIX, you generally create static translations from a public IP to a private IP and associated ACL's. In this configuration scenario, any outbound traffic from the public IP will leave the private network as the configured static public IP address and not what has been configured for use in NAT/PAT.
Is there a way to force this in ISA2004? I cant create a route rule because my internal IP is private non-routed IP address. To be more specific, my scenario is with an SMTP server. While I have created a publishing rule the does work for all inbound SMTP traffic, any time my SMTP server actually sends mail, it leaves the network from my NAT'ed address instead of the published IP.
How can I control this behavior?
|
|
|
|
|
RE: Static NAT ??? not with ISA 2004 - 31.Aug.2005 9:10:00 AM
|
|
|
isawader
Posts: 420
Joined: 27.Apr.2005
Status: offline
|
ISA doesn't support 1-to-1 NAT from private network to public network. It's been on the wish list for a long time.
A work around involves configuring a "route" Network rule.
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
