• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

ISA with 3 NIC and ONLY 192.168.xxx.xxx

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2000 Firewall] >> DMZ >> ISA with 3 NIC and ONLY 192.168.xxx.xxx Page: [1]
Login
Message << Older Topic   Newer Topic >>
ISA with 3 NIC and ONLY 192.168.xxx.xxx - 22.Oct.2004 12:50:00 PM   
DerTom

 

Posts: 3
Joined: 21.Jul.2003
From: Germany
Status: offline
Hi there,

I'd like to setup one single ISA Server 2000 (SP1) on a machine with 3 NICs.

NIC 1: 192.168.1.10 -> Default Gateway
192.168.1.1 (Router to DSL Connection)

NIC 2: 192.168.0.45 -> No Default Gateway
NIC for partner network

NIC 3: 192.168.100.1 -> No Default Gateway
My Local Network (in LAT)

My problem is:

If I write the 192.168.0.xxx network into my LAT, routing between the subnets works fine, but I can not use filters anymore.

If I remove the 192.168.0.xxx network out of the LAT table, inbound routing (192.168.0.xxx to 192.168.100.xxx) will not work anymore.

I've tried several packet filters, but I could not get it to work.

Any suggestions from you experts ??

Thanks.

Tom
Post #: 1
RE: ISA with 3 NIC and ONLY 192.168.xxx.xxx - 23.Oct.2004 12:46:00 PM   
spouseele

 

Posts: 12830
Joined: 1.Jun.2001
From: Belgium
Status: offline
Hi Tom,

to better understand the trihomed DMZ setup in ISA server 2000, check out:
- http://www.isaserver.org/tutorials/ISA_Server_DMZ_Scenarios.html
- http://support.microsoft.com/default.aspx?scid=%2Fservicedesks%2Fwebcasts%2Fwc110801%2Fwcblurb110801%2Easp
- http://www.amazon.com/exec/obidos/ASIN/1931836663/isaserver

The key point is that the DMZ should not be a LAT member. In that way the DMZ interface will be considered as another 'external' interface. So, the normal protocol and site&content rules apply for outbound access, and the normal publishing rules apply for inbound access.

If you want a real multinetworking feature then you should take a serious look at ISA server 2004.

HTH,
Stefaan

(in reply to DerTom)
Post #: 2

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2000 Firewall] >> DMZ >> ISA with 3 NIC and ONLY 192.168.xxx.xxx Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts