• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

OCS edge & ISA DMZ

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Firewall] >> DMZ >> OCS edge & ISA DMZ Page: [1]
Login
Message << Older Topic   Newer Topic >>
OCS edge & ISA DMZ - 15.Jun.2008 12:09:13 PM   
ufgeorge

 

Posts: 9
Joined: 8.Mar.2006
Status: offline
Hi,

I've read the article (http://www.isaserver.org/tutorials/OCS-2007-ISA-2006-Firewall-Design-Architecture.html) . But I have some questions I can't understand.

The Edge OCS A/V need routable IP address. In this article, there are two ISP link. One(ISP1) connect to external and the other(ISP2) connect to DMZ.

Communicator clients(or PING) on internet resolve IP of edge ocs FQDN and get IP in DMZ. The network package will direct send to DMZ IP from ISP2 link. But the reply package will try to send back through ISP1 because there is no default gateway on DMZ NIC.

I am confuce about this knids of configuration. Since ISA is statusful firewall, will ISA reject to reply package?

The picture can not know how to connect the cable from ISP.Can anyone explain?

Correct me if I am wrong. TKS.

George
Post #: 1
RE: OCS edge & ISA DMZ - 16.Jun.2008 5:38:28 AM   
Jason Jones

 

Posts: 4663
Joined: 30.Jul.2002
From: United Kingdom
Status: offline
Why do you think there are two ISP links?

There is just one link and two Public IP addresses ranges. One Public range is used by the ISA external interface and the other is routed to the DMZ and external interface of the OCS edge server.

Ignore the private addresses in the diagram, this is done as an example only and all external addresses would need to be valid public addresses in the real world...

Cheers

JJ

_____________________________

Jason Jones | Forefront MVP | Silversands Ltd
My Blogs: http://blog.msedge.org.uk/ and http://blog.msfirewall.org.uk/

(in reply to ufgeorge)
Post #: 2
RE: OCS edge & ISA DMZ - 26.Jun.2008 11:44:29 AM   
ufgeorge

 

Posts: 9
Joined: 8.Mar.2006
Status: offline
It is because you use 2 different IP ranges...

I think it is hard if you use one ISP link and get 2 different IP range.

I suggest you can use one ip range and subnet this range, it is more like real world.

One more thing to discuss. Before read this article, I connect real ip on external nic and dmz ip connect to inside ocs server through ISA. Is it possible combine both your idea and mine, use one nic bind 2 ips and both through ISA...Do you understand what I am talking about?

(in reply to Jason Jones)
Post #: 3
RE: OCS edge & ISA DMZ - 26.Jun.2008 12:45:21 PM   
Jason Jones

 

Posts: 4663
Joined: 30.Jul.2002
From: United Kingdom
Status: offline
It's not my article, but the key thing to understand is that IP ranges are examples and public IP addresses are needed on BOTH the ISA external interface and the OCS edge external interface. 

_____________________________

Jason Jones | Forefront MVP | Silversands Ltd
My Blogs: http://blog.msedge.org.uk/ and http://blog.msfirewall.org.uk/

(in reply to ufgeorge)
Post #: 4

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Firewall] >> DMZ >> OCS edge & ISA DMZ Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts