• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

configure 3 leg perimeter network

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 General ] >> General >> configure 3 leg perimeter network Page: [1]
Login
Message << Older Topic   Newer Topic >>
configure 3 leg perimeter network - 3.Jan.2005 6:27:00 AM   
ysalim

 

Posts: 11
Joined: 3.Jan.2005
Status: offline
i have 3 nic representing the internal, perimeter and the external interface on the isa server 2004.

The configuration for internal nic is 192.168.0.3/24 GW 192.168.0.1, the perimeter nic is 192.168.1.3/24 GW 192.168.1.1 and public ip given by the isp. let assumed that the ip address is 192.168.100.243 GW 192.168.100.241

Our internal client has 3 subnet 10.0.0.0/24 GW 10.0.0.1, 10.1.0.0/24 GW 10.1.0.1 and 10.2.0.0/24 GW 10.2.0.1 connected to a router which configured as 192.168.0.1/24

Our dmz servers were configured using 172.16.0.0/26 GW 192.168.1.1 and connected to a router (192.168.1.1)

i'm able to ping to 192.168.100.241, 192.168.100.243 (other f/wall outside interface) 192.168.0.1, 192.168.0.2 (other f/wall inside interface) 192.168.1.1 and 192.168.1.2 but not to the 10.0.0.0/24, 10.1.0.0/24 ,10.2.0.0/24 and all the dmz servers

What should i do?????? please help
Post #: 1
RE: configure 3 leg perimeter network - 3.Jan.2005 1:22:00 PM   
bas

 

Posts: 89
Joined: 14.Sep.2001
From: The Netherlands
Status: offline
My suggestion would be:
1. remove the Gatways form the internal and DMZ network, you only need 1 on the external nic
2. manually add the routes to your internal subnets using route add command
3. Alter the Internal Network to reflect all the subnets you are using internally
4. Check the Firewall Security Policy to see wether you have applyed ICMP protocols to the networks you want to use it

[/edit]
Oh and watch out with the 3-leg perimeter setup it creates some NAT network rules between your networks. You might want to check whether you want it to be like this.

[ January 03, 2005, 01:25 PM: Message edited by: bas ]

(in reply to ysalim)
Post #: 2
RE: configure 3 leg perimeter network - 4.Jan.2005 1:54:00 AM   
ysalim

 

Posts: 11
Joined: 3.Jan.2005
Status: offline
Thanks Bas

Another Question....What is the correct DNS configuration for the internal nic, perimeter nic and the external nic

(in reply to ysalim)
Post #: 3
RE: configure 3 leg perimeter network - 4.Jan.2005 12:59:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Y,

Put a DNS server ONLY on the internal interface of the ISA firewall. Then configure the DNS server on the internal network to resolve both internal and Internet host names. Finally, create an access rule on the ISA firewall that allows the DNS server to resolve Internet host names.

HTH,
Tom

(in reply to ysalim)
Post #: 4
RE: configure 3 leg perimeter network - 6.Jan.2005 7:57:00 AM   
ysalim

 

Posts: 11
Joined: 3.Jan.2005
Status: offline
Thanks Tom

(in reply to ysalim)
Post #: 5

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 General ] >> General >> configure 3 leg perimeter network Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts