Welcome to ISAserver.org

publishing private ip's on the dmz

Users viewing this topic: none

Logged in as: Guest

Printable Version

All Forums >> [ISA Server 2004 Firewall] >> DMZ >> publishing private ip's on the dmz

Page: [1]

Message

<< Older Topic Newer Topic >>

publishing private ip's on the dmz - 25.Jan.2005 8:54:00 PM

Zarethustra

Posts: 4
Joined: 30.Sep.2004
Status: offline

I have the isa sever 2004 book by Dr. Tom and it is very good, but I have not found in the book or online an example of my problem.

I have several external severs that communicate back to our site using ipsec for security.

Right now we have a packet filter type fireall and all is well. I wish to replace this with an isa2004 implementation.

My question is, can I publish services on a private dmz and still allow access to the ipsec service ? The remote and local servers are running server 2003.

Am I out of luck trying to get ipsec to work with NAT on the DMZ ? If so, should I use the public DMZ example, allowing ipsec through and publishing the other services ?

Any comments would be helpfull.

FCC

Post #: 1

Featured Links*

RE: publishing private ip's on the dmz - 5.Feb.2005 3:26:00 AM

tshinder

Posts: 47439
Joined: 10.Jan.2001
From: Texas
Status: offline

Hi FCC,

If you're using NAT-T now with your packet filter firewall and its working, then it'll work fine with the ISA firewall. Just create the appropriate access rule or publishing rules to support the IPSec protocols you require.

HTH,
Tom

(in reply to Zarethustra)