Re: Routing between internal network and DMZ
- From: "Keith" <Keith@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 28 Apr 2005 11:14:04 -0700
Thank you for responding Phillip. So, there is not a way for the DMZ to get
internet acces then?
"Phillip Windell" wrote:
>
> "Keith" <Keith@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> news:563C547B-D87C-4864-94A1-5253B5CFE511@xxxxxxxxxxxxxxxx
> > We are running a tri-homed ISA server 2000. Our internal network is
> > 10.200.225.x, and we also have a DMZ, 10.200.135.x that is on a 3rd NIC.
> The
> > DMZ is not part of the LAT. I setup Site and Content Rules and Protocol
> > rules for our internal network to access the DMZ. This is working fine.
> I
> > would like the DMZ to access our internal network and the internet as
> well.
> > So I setup Site and Content Rules and Protocol rules for the DMZ as well.
> I
> > created a client set for the DMZ and put this client set in the rules.
> > However, machines in the DMZ cannot access our internal subnet or the
> > internet. What am I doing wrong? Can't I route traffic between the 2
> NIC's?
> > Are there any logs I can look at to help troubleshoot?
>
> .....with ISA2000
> No. You can't. The DMZ is an untrusted external network just like the
> Internet. The only way it can access internal resources is to "publish" the
> internal resource to the external Nic and then access it from the DMZ by
> going to the ISA's external Nic as if it was the resource.
>
> Things are all different with ISA2004. You can actually route between the
> internal and the DMZ networks and control it with Access Rules.
>
> --
>
> Phillip Windell [MCP, MVP, CCNA]
> www.wandtv.com
>
>
>
.
- References:
- Routing between internal network and DMZ
- From: Keith
- Routing between internal network and DMZ
- Prev by Date: ISA 2000 and RealPlayer10
- Next by Date: Elusive Problem Relating to FTP
- Previous by thread: Routing between internal network and DMZ
- Next by thread: ISA 2000 and RealPlayer10
- Index(es):
Relevant Pages
|
