Welcome to ISAserver.org

server on dmz (urgent)

Users viewing this topic: none

Logged in as: Guest

Printable Version

All Forums >> [ISA Server 2004 Firewall] >> DMZ >> server on dmz (urgent)

Page: [1]

Message

<< Older Topic Newer Topic >>

server on dmz (urgent) - 18.Sep.2006 1:44:05 AM

masterdraco

Posts: 2
Joined: 18.Sep.2006
Status: offline

need info on this asap.

we have set up an ISA firewall

eksample ip's used

External - public ip  169.170..171.172 / 255.255.255.0
internal - private ip - 10.10.*.*

now i need 3 more machines located behind the isa server

machine 1 - public ip 169.170.171.173
machine 2 - public ip 169.170.171.174
machine 3 - public ip 169.170.171.175

is it possible to send them straight through the ISA server ( no firewall )

before the isa server came up we had a 1to1 nat 169.170.171.173 -> 10.10.254.254
                                                                   169.170.171.174 -> 10.10.254.253
                                                                   169.170.171.175 -> 10.10.254.252

is the 1to1 nat possible on isa ?

Hope this is info enough.

Masterdraco

Post #: 1

Featured Links*

RE: server on dmz (urgent) - 18.Sep.2006 11:51:34 AM

elmajdal

Posts: 5061
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: offline

quote:

is the 1to1 nat possible on isa ?

N:1 natting is not supported YET with any version of ISA.

and you better take a look at this : private or public adress dmz confusion

HTH

_____________________________

Tarek Majdalani

MS Forefront Edge Security MVP
Website : http://www.elmajdal.net/ISAServer
New Section : http://www.elmajdal.net/Win2k8

(in reply to masterdraco)

Post #: 2

RE: server on dmz (urgent) - 18.Sep.2006 1:24:13 PM

masterdraco

Posts: 2
Joined: 18.Sep.2006
Status: offline

think you misunderstood my question

the 3 machines need to run straight through the isa with NO restrictions.

is it possible to do this ?

external ip --> internal ip machine 1 no restrictions in firewall

Masterdraco

(in reply to elmajdal)

Post #: 3

RE: server on dmz (urgent) - 18.Sep.2006 2:38:48 PM

elmajdal

Posts: 5061
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: offline

quote:

the 3 machines need to run straight through the isa with NO restrictions.

who said anything about restrictions !!

u wan tto have 3 machines behind isa server ,with 3 public IP on them right ???

and this is what i refered to u in the previous post :

quote:

Hi ITEngineer,

if you want a public IP on the webserver itself, than it should be obvious that the ISA DMZ NIC must also have a public IP. More precisely, the ISA DMZ NIC and the web server must be on the same network ID and that *must* be different than the network ID used for the ISA External NIC. In other words, you must have enough public IPs so you can subnet your public IP space in at least two subnets: one for the External network and one for the DMZ network.

On the ISA you still have two options to define the relationship between the DMZ and the External network. If you want to keep the Web servers own public IP visible to the outside world, you'll have to define a route relationship. On the other hand, if you define a NAT relationship than ISA will NAT to the public IP assigned to the ISA External NIC. In that case, why wasting a public IP on the Web server in the first place?

HTH,
Stefaan

_____________________________

Tarek Majdalani

MS Forefront Edge Security MVP
Website : http://www.elmajdal.net/ISAServer
New Section : http://www.elmajdal.net/Win2k8

(in reply to masterdraco)

Post #: 4