Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

RE: ONLY FIREWALL CLIENT

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 Firewall] >> Firewall Client >> RE: ONLY FIREWALL CLIENT Page: <<   < prev  1 2 [3] 4   next >   >>
Login
Message << Older Topic   Newer Topic >>
RE: ONLY FIREWALL CLIENT - 28.Jan.2006 6:52:11 PM   
tshinder

 

Posts: 47420
Joined: 10.Jan.2001
From: Texas
Status: offline 		Hi Maj,

In that case, you could subnet your block and create a route relationship between those addresses and the default External Network. You'll have to inform the router in front of the ISA firewall of those addresses.

HTH,
Tom

_____________________________

Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/

GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8

(in reply to majedalanni)
Post #: 41
RE: ONLY FIREWALL CLIENT - 28.Jan.2006 6:57:31 PM   
majedalanni

 

Posts: 64
Joined: 7.Jan.2006
Status: offline 		Hi

If I subnet my network by prefix /29 and in ISA server in configuration --- network --- I add a network with new prefix and then make in network rule a route relastionship with external network and then what I do ????

Thanks

(in reply to tshinder)
Post #: 42
RE: ONLY FIREWALL CLIENT - 28.Jan.2006 7:01:02 PM   
majedalanni

 

Posts: 64
Joined: 7.Jan.2006
Status: offline 		And when I creat a network with prefix /29 what type of network I choose
Internal network or perimeter or VPN site to site or external network??

(in reply to tshinder)
Post #: 43
RE: ONLY FIREWALL CLIENT - 29.Jan.2006 4:18:41 PM   
tshinder

 

Posts: 47420
Joined: 10.Jan.2001
From: Texas
Status: offline 		Hi Maj,

You can choose internal, perimeter or external. They're all the same from a functionality point of view.

HTH,
Tom

_____________________________

Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/

GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8

(in reply to majedalanni)
Post #: 44
RE: ONLY FIREWALL CLIENT - 30.Jan.2006 7:23:09 PM   
majedalanni

 

Posts: 64
Joined: 7.Jan.2006
Status: offline 		Its not work

(in reply to tshinder)
Post #: 45
RE: ONLY FIREWALL CLIENT - 30.Jan.2006 9:00:25 PM   
majedalanni

 

Posts: 64
Joined: 7.Jan.2006
Status: offline 		Hi,

I create an internal named (public) network and put in it address of my public and make a route relationship with external and in firewall make a rule alow all from public to external

Is that true or I miss somthing?????
and in my client what I do ? did I configure his lan with ip from my network named public or what???

Thanks

(in reply to majedalanni)
Post #: 46
RE: ONLY FIREWALL CLIENT - 1.Feb.2006 8:37:57 PM   
majedalanni

 

Posts: 64
Joined: 7.Jan.2006
Status: offline 		HI ALL

How I do It???
Give my client an IP from MY public IP  ?????

(in reply to tshinder)
Post #: 47
RE: ONLY FIREWALL CLIENT - 2.Feb.2006 3:28:56 PM   
tshinder

 

Posts: 47420
Joined: 10.Jan.2001
From: Texas
Status: offline 		Hi Maj,

Did you subnet your block and then inform the upstream router of the path to that subnet?

Thanks!
Tom

_____________________________

Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/

GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8

(in reply to majedalanni)
Post #: 48
RE: ONLY FIREWALL CLIENT - 2.Feb.2006 8:17:38 PM   
majedalanni

 

Posts: 64
Joined: 7.Jan.2006
Status: offline 		Hi

No I just subnet my block and add it in ISA confuguration network and in network rule I make a route rule to external and in firewall rule I alow all protocol from that subnet to external . Is that true ????
If not
Can You Tell Me The Steps Please Please

MANY THANKS   

(in reply to tshinder)
Post #: 49
RE: ONLY FIREWALL CLIENT - 3.Feb.2006 1:19:16 PM   
tshinder

 

Posts: 47420
Joined: 10.Jan.2001
From: Texas
Status: offline 		Hi Maj,

We're at the point where we get into consulting range

I could do it, but probably some local network guys are less expensive.

HTH,
Tom

_____________________________

Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/

GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8

(in reply to majedalanni)
Post #: 50
RE: ONLY FIREWALL CLIENT - 4.Feb.2006 8:51:46 AM   
majedalanni

 

Posts: 64
Joined: 7.Jan.2006
Status: offline 		Hi,
I am not understand

How I do it?

(in reply to tshinder)
Post #: 51
RE: ONLY FIREWALL CLIENT - 5.Feb.2006 8:36:57 PM   
Jim Harrison

 

Posts: 231
Joined: 5.May2001
From: Redmond, WA
Status: offline 		Hi Maj,

Some reading seems in order
http://jim.cbk.net/subnetting.htm
http://support.microsoft.com/kb/164015

These questions are not ISA-specific.  If you don't have a solid understanding of TCP/IP, creating odd ISA configurations such as yours will be impossible.

_____________________________

Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
My ISAServer.org Stuff
My Site

(in reply to majedalanni)
Post #: 52
RE: ONLY FIREWALL CLIENT - 5.Feb.2006 9:05:16 PM   
majedalanni

 

Posts: 64
Joined: 7.Jan.2006
Status: offline 		HI

I now how subneting but it not work, I Have CCNA cert.

but I am not good in ISA

Just answer me Can I give my client a public IP not A private
If yes how ?

Many thanks brothers

(in reply to Jim Harrison)
Post #: 53
RE: ONLY FIREWALL CLIENT - 5.Feb.2006 11:06:54 PM   
elmajdal

 

Posts: 5061
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: online 		i dont think u can give a client a REAL IP behind and ISa server

(in reply to majedalanni)
Post #: 54
RE: ONLY FIREWALL CLIENT - 5.Feb.2006 11:17:52 PM   
tshinder

 

Posts: 47420
Joined: 10.Jan.2001
From: Texas
Status: offline 		Hi El,

Yes you can. I do it frequently, at the request of my clients and when required. Its not my preferred setup, but sometimes it make sense.

Tom

_____________________________

Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/

GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8

(in reply to elmajdal)
Post #: 55
RE: ONLY FIREWALL CLIENT - 6.Feb.2006 9:13:29 AM   
majedalanni

 

Posts: 64
Joined: 7.Jan.2006
Status: offline 		Hi

Ok see what I do

I make a network name (Internal_public) and make  a route rule to this network to external and put in the fist of rules and in firewall rules I put a rule to allow all protocol from (internal_public) to external
but Its not work

And in client pc how I configure it . which gateway I gave to it the ISA or My public gatewat?

Many thanks and I realy want the answer

(in reply to tshinder)
Post #: 56
RE: ONLY FIREWALL CLIENT - 7.Feb.2006 5:20:30 PM   
tshinder

 

Posts: 47420
Joined: 10.Jan.2001
From: Texas
Status: offline 		Hi Maj,

First, is this public network connected to a NIC is NOT the NIC used for the default Internal Network? You need three NICs for this to work.

Then configure the clients to use the IP address on the DMZ NIC as their default gateway.

Then configure the router in front of the ISA firewall with the IP address on the external interface of the ISA firewall as the gateway address to your public address DMZ.

HTH,
Tom

_____________________________

Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/

GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8

(in reply to majedalanni)
Post #: 57
RE: ONLY FIREWALL CLIENT - 7.Feb.2006 6:08:41 PM   
majedalanni

 

Posts: 64
Joined: 7.Jan.2006
Status: offline 		HI

I have two NIC
One for public and the second for private?
Is that work

Thanks

(in reply to tshinder)
Post #: 58
RE: ONLY FIREWALL CLIENT - 7.Feb.2006 9:42:46 PM   
tshinder

 

Posts: 47420
Joined: 10.Jan.2001
From: Texas
Status: offline 		Hi Maj,

You need to add a DMZ interface for this, or put the public address hosts on a network behind a LAN router behind the ISA firewall's internal interface.

HTH,
Tom

_____________________________

Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/

GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8

(in reply to majedalanni)
Post #: 59
RE: ONLY FIREWALL CLIENT - 8.Feb.2006 5:09:16 PM   
majedalanni

 

Posts: 64
Joined: 7.Jan.2006
Status: offline 		Hi

I think in my situation (2 NIC card) not work

thanks

(in reply to tshinder)
Post #: 60

Page:   <<   < prev  1 2 [3] 4   next >   >> << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 Firewall] >> Firewall Client >> RE: ONLY FIREWALL CLIENT Page: <<   < prev  1 2 [3] 4   next >   >>
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts