• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Tri-Homed Server Filtering Issue

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2000 Firewall] >> DMZ >> Tri-Homed Server Filtering Issue Page: [1]
Login
Message << Older Topic   Newer Topic >>
Tri-Homed Server Filtering Issue - 17.Jul.2002 5:53:00 AM   
wtholmes

 

Posts: 12
Joined: 10.Oct.2001
From: Ithaca
Status: offline 		Hello,

I have a Tri-Homed ISA Server.

Interface #1 External [192.168.100.1]
Interface #2 Internal [192.168.101.1]
Interface #3 Internal [192.168.102.1]

The addresses on Both Interface 2 & 3 have been added to the LAT.

I have a Site & Content Rule that permits any request to All External
Destinations.

I also have a protocol rule that applies to All IP Traffic and Any
Request.

Next I Create a Destination Set that includes the network addresses from
[192.168.101.1] through [192.168.101.254], and a Client Address Set that
includes the addresses form [192.168.102.1] through [192.168.102.254].

Finally I created a site and content rule that denies all traffic
originating on the client address set that is destined for the
Destination set.

Unfortunately all the traffic gets through anyway. Could someone point
out what I am doing wrong?

Thanks

Bill
Post #: 1
RE: Tri-Homed Server Filtering Issue - 17.Jul.2002 2:53:00 PM   
toolswizard

 

Posts: 43
Joined: 17.Jul.2002
From: Ohio
Status: offline 		My guess is that since they are both recorded on the lat that ISA routes the packets as it considers both subnets local. I have the same setup, but I use a second firewall on one of the subnets. This creates a DMZ between the two. If you want to block between the two networks, refer back to packet filtering in Win2000.

(in reply to wtholmes)
Post #: 2
RE: Tri-Homed Server Filtering Issue - 21.Jul.2002 10:18:00 PM   
wtholmes

 

Posts: 12
Joined: 10.Oct.2001
From: Ithaca
Status: offline 		Hi,

I have only one machine on the second network which is running RRAS. I enabled tcpip filtering on the machine and then blocked everything except the two protocols I wanted to allow. This to no avail. The RRAS seemed to completely ignore the filters. Again any ideas?

THanks for the response.

(in reply to wtholmes)
Post #: 3
RE: Tri-Homed Server Filtering Issue - 22.Jul.2002 12:50:00 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline 		Hi WT,

You can use TCP/IP filtering on the DMZ host, but if you want to create a LAT based DMZ, you need to use RRAS packet filters.

HTH,
Tom

(in reply to wtholmes)
Post #: 4

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2000 Firewall] >> DMZ >> Tri-Homed Server Filtering Issue Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts