Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Three homed dmz problem
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
Three homed dmz problem - 10.Dec.2002 5:21:00 AM
|
|
|
zouzou
Posts: 4
Joined: 10.Dec.2002
Status: offline
|
Hi all,
I have an isa box with three Nics. One connected to the internet, the second to my private network and the third to my Dmz.
In the dmz, i have a web server.
I subnetted my IP range.
My problem is that i can ping my Isp router and the private network from my web server but i can't ping my Web server from the internet. I opened all the ports and protocol on Isa (Filtering).
What is strange is that i can connect to my web server on port 80 using telnet but i can't browse the web server using my browser.
Is there any problem with routing. I read in some topic that my Isp must add a route to my subnet ?
Can anyone solve my problem !
Thank you.
|
|
|
|
|
RE: Three homed dmz problem - 10.Dec.2002 5:36:00 PM
|
|
|
tshinder
Posts: 47659
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi zouzou,
I think you have a problem with your trihomed DMZ. You should NOT be able to ping the internal network, since you *must* use public addresses in the DMZ.
HTH,
Tom
|
|
|
|
|
RE: Three homed dmz problem - 10.Dec.2002 7:25:00 PM
|
|
|
zouzou
Posts: 4
Joined: 10.Dec.2002
Status: offline
|
Thank you tshinder for the reply !
Ok for pinging the private network from Dmz. I am not able to ping the private network.
Does my ISP add a route to my subnet ?
Why Is it not possible to ping my WEB server from the internet ? (I opened all the protocol and port on ISA)
Here is my Ip configuration:
Isp range: xx.xx.xxx.144/29
Subnet mask : 255.255.255.248
Here is my Isa Nic Configuration :
External Nic : xx.xx.xxx.149
Subnet Mask : 255.255.255.252
Gw : xx.xx.xxx.150
Dmz Nic : xx.xx.xxx.146
Subnet Mask : 255.255.255.252
No Gw
WEB Server Nic : xx.xx.xxx.145
Subnet : 255.255.255.252
Gw : xx.xx.xxx.146
Private Network : 192.168.1.1
Thank you.
|
|
|
|
|
RE: Three homed dmz problem - 11.Dec.2002 10:51:00 PM
|
|
|
tshinder
Posts: 47659
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi zouzou,
They may need to add a route, it depends on how things are set up.
Just make sure the external interface is on a different network ID than the DMZ. with a .252 you only have two usable IP addresses.
You have to create packet filters to allow the appropriate ICMP packets inbound and outbound, as described in the ISA Server and Beyond book.
HTH,
Tom
|
|
|
|
|
RE: Three homed dmz problem - 16.Dec.2002 7:10:00 AM
|
|
|
zouzou
Posts: 4
Joined: 10.Dec.2002
Status: offline
|
Hi tshinder !
Can you give more details ?
What Ip address should i give to my external interface to make it on a different network ID than the DMZ.
Sofiane.
|
|
|
|
|
RE: Three homed dmz problem - 16.Dec.2002 6:25:00 PM
|
|
|
tshinder
Posts: 47659
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi Sofiane,
You just need to subnet your block. For subnetting help, check out www.learntosubnet.com
HTH,
Tom
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
