Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Traffic from Perimeter to Internal
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
Traffic from Perimeter to Internal - 20.Apr.2005 1:39:00 PM
|
|
|
dotNL
Posts: 9
Joined: 14.Feb.2005
Status: offline
|
Ok, I don't get it. I've set up a 3-Leg Perimeter. For testing purposes I've set up two Firewall Policies :
1. Perimeter -> Internal : Allow all outbound traffic from Perimeter to Internal for All Users
2. Internal -> Perimeter : Allow all outbound traffic from Internal to Perimeter for All Users
With this I think I have said that all traffic between Internal and the Perimeter should be permitted.
Still if I want to join a server to the domain, I can see in the monitoring that it block several protocols.
My question : Why does ISA 2004 not follow my policies?
|
|
|
|
|
RE: Traffic from Perimeter to Internal - 20.Apr.2005 7:42:00 PM
|
|
|
tshinder
Posts: 47659
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi Dot,
Did you review my article on intradomain communications through the ISA firewall? Its on this site.
HTH,
Tom
|
|
|
|
|
RE: Traffic from Perimeter to Internal - 21.Apr.2005 10:27:00 AM
|
|
|
dotNL
Posts: 9
Joined: 14.Feb.2005
Status: offline
|
Nice document, but what I understand from it is that you need to allow certain protocols.
Still this is a secure solution. But I've allowed all protocols from Internal to DMZ (and vice versa) and still I can't connect to my DC. The secure part I'll do when I've tested the ISA 2004 for now all traffic between the Internal and DMZ will be allowed.
When I try to join the server to the domain I keep getting the message "The network path was not found." Googling it says to me it's a DNS problem. My DMZ server has 2 internal DNS configured and with the provided access rules it can connect to DNS and query. Still I get this error.
So I don't know what I'm doing wrong....
[ April 21, 2005, 11:48 AM: Message edited by: dotNL ]
|
|
|
|
|
RE: Traffic from Perimeter to Internal - 23.Jun.2005 3:39:00 PM
|
|
|
pwindell
Posts: 802
Joined: 12.Apr.2004
From: Taylorville, IL
Status: offline
|
In addition to the two Access Rules,...isn't a Network Rule (no-NAT) required as well?
|
|
|
|
|
RE: Traffic from Perimeter to Internal - 6.Jul.2005 3:14:00 AM
|
|
|
rino01
Posts: 66
Joined: 1.Jul.2005
From: Stockholm / Sweden
Status: offline
|
Yes, you need a relationship between your networks, NAT or Route, and in the case above it is a route relationship i would suggest.
|
|
|
|
|
RE: Traffic from Perimeter to Internal - 8.Jul.2005 5:05:00 AM
|
|
|
cybernard
Posts: 23
Joined: 5.Mar.2005
Status: offline
|
Network rules should bu created:
DMZ to INTERNAL = ROUTE
INTERNAL to DMZ = NAT
Then you create firewall rules which ever you want to.
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
