• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

HELP! Can't Get DMZ TO Work!!

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 Firewall] >> DMZ >> HELP! Can't Get DMZ TO Work!! Page: [1]
Login
Message << Older Topic   Newer Topic >>
HELP! Can't Get DMZ TO Work!! - 15.Jun.2010 7:45:37 PM   
mdbradsh

 

Posts: 38
Joined: 22.Jul.2006
From: Indianapolis
Status: offline
Hello! I need some serious professional ISAserver/IT help here!! I have a small SOHO network consisting of the following:

Internal Network = file server also performing internal DNS and Active Directory, Exchange 2003 Server, ISAserver 2004 SP3 and 4 client desktops.

DMZ= Webserver which also performs public DNS.

All servers are Windows Server 2003 OS, and clients are all Windows XP.

My ISP is Cable Co. and I used to have dynamic IP. I use DynIP on my ISAserver to track my IP and make things work, which it did.

I recently upgraded to business class service and received 5 static IPs. They are 173.xxx.x.xx/29.
I've searched through this forum, and others,about how to set up ISAserver with static IPs, but I have been unsucesssful in getting my DMZ to display my website to the internet and/or my public DNS to work. I can get it to work for my internal clients, but not to the internet. I'm pretty sure it's a DNS problem, but no matter what combination of NIC, static IP and ISAserver rule/publishing configuration I've tried, it has not worked. I've tried upgrading to ISAserver 2006 and get the same results.

I'm trying to move away from using DynIP and go with my static addresses. I tried going to my domain host(GoDaddy)and pointing to my name servers, which are set up in my public DNS, but they are not recognized by GoDaddy?

My ISP set me up with the SMC8014 router. I've tried both using and disabling DHCP, DMZ and so forth, getting differnet results, but no matter how I set it up, the DMZ isn't visible to the internet?

I would really greatly appreciate someone in the know giving me some step-by-step information on how to set up my SMC router and my 3 NICs on my ISAserver with my static IPs. After weeks of struggling with this, I am totally lost and admit defeat!

Thank you very much in advance. I anxiously await your help.

Mike

< Message edited by mdbradsh -- 15.Jun.2010 7:55:50 PM >
Post #: 1
RE: HELP! Can't Get DMZ TO Work!! - 17.Jun.2010 12:41:16 PM   
pwindell

 

Posts: 2244
Joined: 12.Apr.2004
From: Taylorville, IL
Status: offline
What DMZ?

There is no DMZ.

There is no DMZ in anything you described.

SMC8014?  Ok so this is Comcast correct?

You have to ask Comcast how to deal with this.  They have some wacky convoluted way to handle this.
1. Get rid of the DHCP on the SMC box
2. Tell Comcast that you need one of more of those Static Public IP#s to be applied to the ISA external Nic.  You did get Public Static IP#s right,...Static and Public are not automatically the same thing. You have to add them to the Nic yourself first, Comcast does not do that, hoever Comcast does have to get the SMC box rigged up so that thos addrersses will work and be reconized.

Good luck,...with Comcast you will need it,.... good luck getting the guys from India to understand what you are wanting to do.

_____________________________

Phillip Windell

(in reply to mdbradsh)
Post #: 2
RE: HELP! Can't Get DMZ TO Work!! - 17.Jun.2010 12:45:21 PM   
pwindell

 

Posts: 2244
Joined: 12.Apr.2004
From: Taylorville, IL
Status: offline
DMZ

If you actually really want a DMZ then leave the SMC box at its default except kill the DHCP on it.

All the Public IP# will be only on the outside of the SMC box.
The ISA will not have Public IP#s
The SMC Box is your Firewall,...the "outer" or "front" firewall.
The ISA would be the "inner" or "back" firerwall
The DMZ would be a Back-to-back DMZ and would exist between the SMC and the ISA.

_____________________________

Phillip Windell

(in reply to pwindell)
Post #: 3
RE: HELP! Can't Get DMZ TO Work!! - 18.Jun.2010 7:10:31 PM   
mdbradsh

 

Posts: 38
Joined: 22.Jul.2006
From: Indianapolis
Status: offline
Thank you so much for your reply. I don't usually have much luck in these forums so I appreciate your help.

Yes it is Comcast, in which I have no choice but to use at my location. Nothing else is offered at this time.

I'm sorry to be so vague, but there is a lot of information I can give and I wasn't sure how much to put in my original post.

I said DMZ because I have 3 Nics on my isaserver. One for internal servers/clients, one for external to connect to the internet, and one as a DMZ for my web/DNS server.

I asked Comcast for Static IPs. Truthfully, I did not know there was a difference between static and public static IPs. My Comcast SMC router shows an external or Public IP of 173.XXX.X.78. This is the same for my other static IPs they gave me of 173.xxx.x.73 thru 77. They told me it was 29 bit submask. The router is configured for these.

When I tried to set the external Nic of my isaserver with one of these,e.g 173.xxx.x.77, isaserver did not seem to "see" it in the listener setting and gave me an error for my published servers, but it does show up as my public IP externally on the net. Weird.

(in reply to pwindell)
Post #: 4
RE: HELP! Can't Get DMZ TO Work!! - 18.Jun.2010 7:23:15 PM   
mdbradsh

 

Posts: 38
Joined: 22.Jul.2006
From: Indianapolis
Status: offline
I'm so frustrated with trying to get isaserver to work that I was considering trying to put the DMZ between the router and isaserver. Would I need to do any port forwarding on the router?

Actually, I've had pretty good service from Comcast for this business class. I've called their customer service and actually got American IT guys that have been pretty helpful when it comes to setting up or resetting the router. They tell me though that my network set up is up to me to do.

I want to quit using DynIP. GoDaddy requires two name servers. I have DNS set up on my web server for one of those. I considered setting up cache only DNS on the isaserver and forwarding it to my webserver as a second name server. However I'm not sure of the security risk in doing so? I'm also wondering if I could just put a second IP on my webserver Nic, and then create two different name server records using the two different IP? Obviously I'm no IT Pro, but what do you think? Can I accomplish this without having to add another server? Again I appreciate your help and advice.

< Message edited by mdbradsh -- 18.Jun.2010 8:47:53 PM >

(in reply to pwindell)
Post #: 5
RE: HELP! Can't Get DMZ TO Work!! - 18.Jun.2010 10:11:01 PM   
mdbradsh

 

Posts: 38
Joined: 22.Jul.2006
From: Indianapolis
Status: offline
Update to my previous posts. I logged into my SMC router and shut off DHCP.I configured the external Nic on my isaserver with all of my static IPs and the listener now sees them. My public IP appears to have changed as I described before. My exchange server on my internal network is now getting and sending email. However, I'm still not getting my web server or public DNS out? My isaserver Nic configurations is as follows:

Internal Nic: 192.xxx.x.201
subnet mask: 255.255.255.0
Gateway: none
DNS: 192.xxx.x.202

External Nic: 173.xxx.x.73 thru 77
subnet mask: 255.255.255.248
Gateway: 173.xxx.x.78
DNS: none
DNS: none

Perimeter Nic: 172.xx.x.1
subnet mask: 255.255.255.0
Gateway: none
DNS: none

Would this be correct?

< Message edited by mdbradsh -- 18.Jun.2010 10:34:26 PM >

(in reply to mdbradsh)
Post #: 6
RE: HELP! Can't Get DMZ TO Work!! - 20.Jun.2010 7:25:38 PM   
mdbradsh

 

Posts: 38
Joined: 22.Jul.2006
From: Indianapolis
Status: offline
2nd Update. I went ahead and placed my web/DNS server between my SMC router and ISAserver as you suggested. I also found where to place my IPs for hosting my own DNS at GoDaddy. So I think it's about all worked out. Thanks so much again for your help!!

(in reply to mdbradsh)
Post #: 7

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 Firewall] >> DMZ >> HELP! Can't Get DMZ TO Work!! Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts