Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Tri-Homed DMZ Without Public IPs

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2000 Firewall] >> DMZ >> Tri-Homed DMZ Without Public IPs Page: [1]
Login
Message << Older Topic   Newer Topic >>
Tri-Homed DMZ Without Public IPs - 7.Jan.2005 7:54:00 PM   
smokeskull

 

Posts: 25
Joined: 28.Sep.2003
Status: offline 		As an FYI, it is possible in ISA 2000 to make a tri-homed DMZ using private IP schemes in the DMZ With 3 NICs; NIC1 to internet, NIC2 to DMZ, NIC3 for private network. The way you make it so that all the traffic between the private network and the DMZ is routed over the external interface and filtered by the FW is as follows:

1. Set up the ISA server LAT normally.

2. Set the internal DMZ interface and network to a different private subnet than the internal LAN interface's private subnet.

3. In the RRAS console on the ISA server, go into IP routing. Open the properties of the internal LAN NIC. Add an incoming and an outgoing filter that stops all traffic coming and going to the DMZ subnet. Wait a few minutes for the connections to die out.

That's it! Now all traffic to and from the DMZ will have to use the external interface and all the rules configured there. So, make sure your internal DNS is pointing at the correct IP!
Post #: 1

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2000 Firewall] >> DMZ >> Tri-Homed DMZ Without Public IPs Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts