Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Statically assigned IP and ports

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 Firewall] >> Network Infrastructure >> Statically assigned IP and ports Page: [1]
Login
Message << Older Topic   Newer Topic >>
Statically assigned IP and ports - 12.Apr.2005 12:18:00 AM   
Guest
 Hi,

I'm trying to configure DNS Zone Transfer between two DNS Servers that are seperated by ISA 2004. DNS1 (172.16.76.1) is on the Internal interface and DNS2 (172.16.139.2) is on the External interface. NAT is configured.

On ISA, I've configured a static IP and bound an Access Rule to it (DNS Server) on the External interface (172.16.139.253) to send DNS (TCP/UDP port 53) to the Internal DNS server so NAT can work.

I've configured the DNS2 to allow Zone Transfers only to the Static IP previously configured (172.16.139.253).

The problem is that Zone Transfer does not work. I've found out that the Zone Transfer request coming from DNS1 is coming from the default ISA IP address and not the IP address I configured for NAT. So the Zone Transfer request is refused because it is coming from a different IP.

I could just tell DNS2 to accept Zone Transfers from ISA external IP but we are planning on establishing a one-way trust between two forests and I think it would be easier to manage if I could make sure the NAT IP is the one being used.

In other words, I want to make sure all communications between these two servers are being done on static IP addresses and not ISA default IP. Can this be done with ISA?

Thanks!
Sylvain
  Post #: 1
RE: Statically assigned IP and ports - 12.Apr.2005 1:03:00 PM   
tshinder

 

Posts: 47659
Joined: 10.Jan.2001
From: Texas
Status: offline 		Hi Sylvain,

For intradomain communications, make sure you are using a ROUTE relationship between the source and destination network and then create the appropriate access rules.

HTH,
Tom

(in reply to Guest)
Post #: 2
RE: Statically assigned IP and ports - 12.Apr.2005 1:30:00 PM   
Guest
 Hi Tom,

Thanks for the reply.

This is not for intradomain communication but interdomain communication. The other domain is in a DMZ which we want to establish a one way trust so the domain in the DMZ trusts our corporate domain but not the reverse.

(in reply to Guest)
  Post #: 3
RE: Statically assigned IP and ports - 12.Apr.2005 3:58:00 PM   
Guest
 Just to add. I've quickly read you document on Intradomain communication. It says that ROUTING should be used instead of NAT. Can I still do Web and Server publishing in a Routing scenario?

My scenario is different than your document since the domain to which I wish a trust is an untrusted network.

Thanks!
Sylvain

(in reply to Guest)
  Post #: 4

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 Firewall] >> Network Infrastructure >> Statically assigned IP and ports Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts