Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Why the Internet clients cannot access the Web server in trihomed DMZ?
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
Why the Internet clients cannot access the Web server i... - 7.Dec.2003 5:25:00 PM
|
|
|
brzuzens
Posts: 2
Joined: 7.Dec.2003
From: Warsaw, Poland
Status: offline
|
Hi,
I have the following configuration:
Internet
|
ISP's router
x.y.116.33
|
|
External NIC x.y.116.35
subnet 255.255.255.248
gateway x.y.116.33
|
ISA SERVER---DMZ NIC x.y.116.41------------WEB SERVER x.y.116.43
| subnet 255.255.255.248 subnet 255.255.255.248
10.0.0.101 gateway x.y.116.41
subnet 255.255.255.0
|
|
LAN hosts
10.0.0.z
mask 255.255.255.0
gateway 10.0.0.101
I created IP Packet Filter allowing inbound traffic (TCP, local port 80) for all remote computers.
I can access Web Server in DMZ from my LAN, but internet clients can't access it. Do I need to ask my ISP to define static route for the DMZ subnet on their router, or is there any other way to do it myself?
Please help,
Piotr
|
|
|
|
RE: Why the Internet clients cannot access the Web serv... - 7.Dec.2003 5:32:00 PM
|
|
|
brzuzens
Posts: 2
Joined: 7.Dec.2003
From: Warsaw, Poland
Status: offline
|
Sorry, but my scheme is not correct. The correct configuration is following:
ISP Net ID: x.y.116.32/28
--
ISA SERVER:
External NIC:
x.y.116.35
255.255.255.248
DG: x.y.116.33
DMZ NIC:
x.y.116.41
255.255.255.248
LAN NIC:
10.0.0.101
255.255.255.0
--
WEB SERVER (DMZ)
x.y.116.43
255.255.255.248
x.y.116.41
--
LAN HOSTS:
10.0.0.z
255.255.255.0
10.0.0.101
Bests regards,
Piotr
|
|
|
|
|
RE: Why the Internet clients cannot access the Web serv... - 7.Dec.2003 6:56:00 PM
|
|
|
spouseele
Posts: 12782
Joined: 1.Jun.2001
From: Belgium
Status: offline
|
Hi Piotr,
this are the important configuration settings:
1) the ISA external interface has x.y.116.35/29 with the DG set to your ISP router (x.y.116.33): OK.
2) the ISA DMZ interface has x.y.116.41/29 with no DG set: OK.
3) the DMZ hosts are on the ISA DMZ network ID x.y.116.40/29 with the ISA DMZ interface (x.y.116.41) as DG: OK.
4) your ISP router should have x.y.116.33/29 as LAN interface and there should be a static route for the DMZ network ID x.y.116.40/29 with as gateway the ISA external interface (x.y.116.35).
HTH,
Stefaan
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
