nezperce
Posts: 1
Joined: 8.Jan.2007
Status: offline
|
Hi,
I have a problem with the Proxy in the DMZ which I am putting up with ISA server.
My configuration is a Back-To-Back DMZ that is possible to summarize in the following scheme
LAN <-> ISA1 <- DMZ -> ISA2 <-> INTERNET
Isa2 has two Nic; toward Internet (listed by second in the Advanced Settings) and one toward the Dmz;
inside the Dmz I have a Web server.
The Nic toward Internet is connected to the router while the Nic of the Dmz with the Nic of the Web server are connected to a Switch.
Also the Nic Dmz of the Isa1 is connected to the Switch of the Lan.
The Web server also has DNS server functions that Forwarding the requests to the public DNS.
Inside the Lan I have a Root Domain with Dns server that forwarding the the requests toward the Dns server in Dmz (Web server).
My problem is that the only resources which go out on Internet are the outside Firewall and the Web server.
The root server and the clients are web proxy client.
Isa2 has two protocol rule (port 53, UDP, Send eReceive) for the dns in dmz and the dns into the lan;
Isa1 has a protocol rule for the lan dns.
Here the configurations of the DMZ
ISA2
Nic Internet
IP 81.174.x.x
Subnet 255.255.x.x
DG 81.174.x.x
DNS 212.216.x.x
Nic Dmz
IP 192.168.100.1
Subnet 255.255.255.0
DG
DNS
Web proxy client 192.168.100.1
WEB
IP 192.168.100.3
Subnet 255.255.255.0
DG 192.168.100.1
DNS 192.168.100.3
Web proxy client 192.168.100.1
ISA1
Nic Dmz
IP 192.168.100.2
Subnet 255.255.255.255
DG 192.168.100.1
DNS
Nic Lan
IP 192.168.200.3
Subnet 255.255.255.0
DG
DNS 192.168.200.1
Web proxy client 192.168.200.3
ROOT
IP 192.168.200.1
Subnet 255.255.255.0
DG
DNS 192.168.200.1
Web proxy client 192.168.200.3
Here the configuration of the DNS DNS WEB
PROPERTIES
INTERFACES
Listen on All IP addresses
FORWARDERS
Enable forwarders
212.116.112.112
193.43.2.1
155.99.125.2
Forward time-out 5 seconds
ADVANCED
BIND secondaries
Enable round robin
Enable netmask ordering
Secure cache against pollution
Name checking -> Multibyte (UTF8)
Load zone data on startup: -> From Active Directory and registry
ROOT HINTS
13 server autoritativi su internet
LOGGING
Query, Questions, Answers, Send, Receive, UDP, TCP
MONITORING
A simple query against this DNS server FORWARD LOOKUP ZONES doutweb.com
PROPERTIES
General (Zone file name -> doutweb.com.dns, Allow dynamic updates -> yes)
Start of Authority (Serial number -> 5, Primary server -> doutweb, Responsible person -> admin, Refresh interval -> 15 minutes, Retry interval -> 10 minutes, Expires after -> 1 days)
Name Servers (Server name -> doutweb, IP address -> 192.168.100.3)
Wins ()
Zone transfers (Allow zone transfers to any server) REVERSE LOOKUP ZONES
192.168.100.x Subnet
PROPERTIES
General (Zone file name -> 100.168.192on-addr.arpa.dns, Allow dynamic updates -> yes)
Start of Authority (Serial number -> 3, Primary server -> doutweb, Responsible person -> admin, Refresh interval -> 15 minutes, Retry interval -> 10 minutes, Expires after -> 1 days)
Name Servers (Server name -> doutweb, IP address -> 192.168.100.3)
Wins-R ()
Zone transfers (Allow zone transfers to any server) DNS ROOT
PROPERTIES
INTERFACES
Listen on All IP addresses
FORWARDERS
Enable forwarders
192.168.100.3
Forward time-out 5 seconds
ADVANCED
BIND secondaries
Enable round robin
Enable netmask ordering
Secure cache against pollution
Name checking -> Multibyte (UTF8)
Load zone data on startup: -> From Active Directory and registry
ROOT HINTS
13 server autoritativi su internet
LOGGING
Query, Questions, Answers, Send, Receive, UDP, TCP
MONITORING
A simple query against this DNS server
SECURITY
Permessi NT
FORWARD LOOKUP ZONES doutweb.com
PROPERTIES
General (Zone file name -> doutweb.com.dns, Allow dynamic updates -> yes)
Start of Authority (Serial number -> 290, Primary server -> root.doutweb.com, Responsible person -> admin.www.doutweb.com, Refresh interval -> 15 minutes, Retry interval -> 10 minutes, Expires after -> 1 days)
Name Servers (Server name -> root.doutweb.com, IP address -> 192.168.200.1)
Wins (Use Wins forward lookup)
Zone transfers (Only to the following servers 192.168.100.3)
RECORD A
Root (192.168.200.1) REVERSE LOOKUP ZONES
192.168.100.x Subnet
PROPERTIES
General (Zone file name -> 200.168.192on-addr.arpa.dns, Allow dynamic updates -> yes)
Start of Authority (Serial number -> 3, Primary server -> root.doutweb.com, Responsible person -> admin.doutweb.com, Refresh interval -> 15 minutes, Retry interval -> 10 minutes, Expires after -> 1 days)
Name Servers (Server name -> root.doutweb.com, IP address -> 192.168.200.1)
Wins-R ()
Zone transfers (Allow zone transfers to any server) Thanks in advance anyone wants to give a contribution
|
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Printable Version
Problem with Internet Access - 
New Messages
No New Messages
Hot Topic w/ New Messages
Hot Topic w/o New Messages
Locked w/ New Messages
Locked w/o New Messages
Post New Thread