Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
RE: Help with Network Setup
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
RE: Help with Network Setup - 7.Aug.2008 5:16:30 PM
|
|
|
justmee
Posts: 505
Joined: 14.May2007
Status: offline
|
quote:
It wouldn't be just any Rule because generally the Rules are outbound only. Inbound Rules are Reverse-NAT Rules (regardless of what weird name the manufacture may call them), so it would have to be a fouled up Reverse-NAT Rule which would be easy to spot since it probably would fail to perform its orginginally intended job.
Phillip, if you allow me to go a little bit off-topic:
It depends on which NAT box you are sitting and what type of NAT is used.
For example you may create a "typical" NAT rule on that box, nating from inside to outside, one IP address on the external interface.
So you have no firewall rules yet, and no inbound NAT rule or how would you call that.
That does not imply that I cannot talk from external directly with any of the hosts behind your NAT device, 'cause I might be able to do that just fine, using their original IP addresses.
I've seen that on some Linux-based boxes. Just to let know, the vendor does not say anything about that behaviour (I won't give names, so don't ask), in the docs is just "normal" stuff...
Even if you set some firewall rules on those boxes, I might be able to still "chat".
It goes down to the definition of "expectation", how the admin would expect by default his box to behave...
Sometimes it does not have nothing to do with incompetence, it's just human weakness.
Best,
J
|
|
|
|
|
RE: Help with Network Setup - 7.Aug.2008 6:03:22 PM
|
|
|
clint_garner
Posts: 8
Joined: 6.Aug.2008
Status: offline
|
That is what is driving me crazy, you confirmed that I'm understanding the concepts, yet they way things are setup it's not matching....
Here's what I have:
Goal: publish test.company.com (on internal server (10.3.20.x) to internet)
Topology:
Internet
|
Public IP of A record for test.company.com
ASA --- DMZ : asa NATS Public IP to dmz IP of ISA Nic 1(10.50.40.20)
ISA nic 2 is connected to LAN (10.50.20.20)
What should be network objects look like, and what should my Network Rules look like?
|
|
|
|
|
RE: Help with Network Setup - 8.Aug.2008 1:17:52 AM
|
|
|
clint_garner
Posts: 8
Joined: 6.Aug.2008
Status: offline
|
Deleted all to start over, based on the info, what ought they be?
Thanks,
Clint
|
|
|
|
|
RE: Help with Network Setup - 8.Aug.2008 9:14:41 AM
|
|
|
pwindell
Posts: 782
Joined: 12.Apr.2004
From: Taylorville, IL
Status: offline
|
[Justmee]
That does not imply that I cannot talk from external directly with any of the hosts behind your NAT device, 'cause I might be able to do that just fine, using their original IP addresses.
How would you do that when the original address is an RFC Private Address that won't route over the Internet?
_____________________________
Phillip Windell
www.wandtv.com
|
|
|
|
|
RE: Help with Network Setup - 8.Aug.2008 10:25:20 AM
|
|
|
pwindell
Posts: 782
Joined: 12.Apr.2004
From: Taylorville, IL
Status: offline
|
I think poor old Clint has had enough digression for this post!
Yes. In fact I am going to drop out and let you two work with it.
I'll still keep the email notifications going when new posts are made.
_____________________________
Phillip Windell
www.wandtv.com
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
