Re: DMZ and Routing to the other side
- From: blueboy1894 <blueboy1894@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Mon, 12 Jun 2006 12:09:01 -0700
Yeah, tried configuring it along those lines to begin with. OKay, I'll have
another go tomorrow. Thanks for the (re)pointer Phillip.
"Phillip Windell" wrote:
Then it isn't a DMZ,...it is just another Internal Network with the ISA.
acting as a LAN Router between them,...Think of it in those terms and you
will have less problems.
--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html
Troubleshooting Client Authentication on Access Rules in ISA Server 2004
http://download.microsoft.com/download/9/1/8/918ed2d3-71d0-40ed-8e6d-fd6eeb6cfa07/ts_rules.doc
Microsoft Internet Security & Acceleration Server: Guidance
http://www.microsoft.com/isaserver/techinfo/Guidance/2004.asp
http://www.microsoft.com/isaserver/techinfo/Guidance/2000.asp
Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp
Deployment Guidelines for ISA Server 2004 Enterprise Edition
http://www.microsoft.com/technet/prodtechnol/isa/2004/deploy/dgisaserver.mspx
-----------------------------------------------------
"blueboy1894" <blueboy1894@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:85E43A62-478C-4EFE-B7C8-77A969693514@xxxxxxxxxxxxxxxx
Hiwant
I have a trihomed ISA in the following config:
NIC1: (Local Subnet) 192.168.1.x, no gateway
NIC2: (External/Web) (Public IP, Router IP as gateway)
NIC3: (DMZ) 192.168.2.x, no gateway
The DMZ is attached to a WAN router which goes to a remote site. What I
to do is have LAN/WAN connectivity from the Internal network to the remotethe
site on the other side of the DMZ/WAN link.
Intra-Domain comms have been configured between the Internal network and
DMZ and work fine. I can also ping both the ISA and the remote site'ssubnet
from within the DMZ so the routing across the WAN link from the DMZ isgood.
packets
How would I go about configuring the ISA's Internal network to route
to the remote site subnet, on the other side of the DMZ? I have added thenetworks
remote site's subnet into the DMZ network (on the normal basis that
in ISA normally contain all addresses accessible through that adapter.)remote
Do I need to add a persistent route to that subnet? If so, how would I go
about it - normal attempts to do so result in the command being refused on
the basis that the remote subnet does not exist on the same network as the
gateway (i.e. the adapter attached to the DMZ).
The reason I believe this to be true is that any attempt to reach the
site is being routed out to the external interface of the ISA, instead ofthe
DMZ interface (traffic to the DMZ is being routed OK - I can ping into the
DMZ from the ISA).
Any comments/help much appreciated.
Regards
If this isn't possible, that's fine, as this is a short-term configuration
but it would be the nicest solution.
- Prev by Date: Re: Original Client IP's required on published webserver
- Next by Date: RE: failed connection attemps
- Previous by thread: Original Client IP's required on published webserver
- Next by thread: RE: failed connection attemps
- Index(es):
Relevant Pages
|
