Internal to DMZ problem (Full Version)

All Forums >> [ISA 2006 Firewall] >> DMZ



Message

BjarneSkov -> Internal to DMZ problem (16.Jul.2008 4:57:56 AM)

Hi, I am a newbie trying to configure my ISA firewall.
I have set it up as an backend firewall. (10.16.31.200 (internal)) (192.168.100.2 (External))
I have a webserver (192.168.100.10) in the DMZ
I have another firewall as frontend firewall (192,168,100,1(internal))

Even wenn I allow all I can't ping the webserver. I can ping it from the ISA server not not from the Internal network.

I expect it is at route problem but not sure.

Thanks

Bjanre



IanC -> RE: Internal to DMZ problem (16.Jul.2008 7:47:27 AM)

Hi Bjanre,

It depends on the network relationship you have between the Internal and external networks.  If it's NAT, you just need a route (or default gateway) on the internal computers that points to ISA server's internal ip address (10.16.31.200).  If it's ROUTE, you also need to add to the Web server's routing table a route back to the 10.16.31.0 network.  This route uses the gateway 192.168.100.2.

Remove the Open All rule and just allow the protocols you need.

Ian



BjarneSkov -> RE: Internal to DMZ problem (16.Jul.2008 8:30:16 AM)

[:)] Thanks.
I am using NAT, and my gateway was the right one, but you put me on the correct paht..
I had a network rules like this:
Name                   Relation       Source        Destination
Internet Access      NAT             Internal         External

I put in a network rule like this:
Name                   Relation       Source        Destination
DMZ Access        NAT              Internal        DMZ

Hope thats an OK solution?

Thanks a lot for a quick answer [:)]



Page: [1]