Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Unique Web Publishing Question

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Publishing] >> Web Publishing >> Unique Web Publishing Question Page: [1]
Login
Message << Older Topic   Newer Topic >>
Unique Web Publishing Question - 6.Jun.2007 4:06:50 PM   
Original ISADUDE

 

Posts: 1
Joined: 6.Jun.2007
Status: offline 		Thanks in advance.  We have a Internet facing network, a DMZ with a 192.168.x.x subnet, and our internal network of 10.x. 

Can I web publish a site on our internal 10.x network by just having our ISA server only on our DMZ net?  I've setup one 192.168.x address on my 'external' ISA NIC and another 192.168.x address on my 'internal' ISA NIC.  We will NAT from the Internet facing public IP address to our 'external' ISA IP and then allow traffic from our 'internal' ISA IP to the site on our internal 10.x net.  Of course this does not work and that is why I am writing.  Our network guys will not let us straddle between the DMZ and the internal network.

Bottom line, can I setup external and internal interfaces on a ISA server on the same subnet for web publishing a site on a different subnet.  Does the internal ISA interface have to be on the same subnet as the site being published?
Post #: 1
RE: Unique Web Publishing Question - 8.Jun.2007 8:35:36 PM   
Jason Jones

 

Posts: 2247
Joined: 30.Jul.2002
From: United Kingdom
Status: offline
quote:

Bottom line, can I setup external and internal interfaces on a ISA server on the same subnet for web publishing a site on a different subnet.


Nope!

The only way you can achieve what you want is to use a single NIC ISA which will only allow you to do web publishing, but not server publishing or network to network access rules.

You are much better configuring ISA with two NICs which straddle the DMZ=>Internal, but if you can't, you can't. If there is hope to "convince the powers that be" of this better design, then just shout

Have a look through the website articles as Tom has written quite a few guides on single NIC ISA setups and auth using LDAPS authentication.

Cheers

JJ

_____________________________

Jason Jones (MVP)

Silversands Limited http://www.silversands.co.uk
My Blog: http://blog.msfirewall.org.uk/

Get our NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8

(in reply to Original ISADUDE)
Post #: 2

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Publishing] >> Web Publishing >> Unique Web Publishing Question Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts