Re: Back-to-Back Firewall Pix & ISA Server 2004

Tech-Archive recommends: Fix windows errors by optimizing your registry

Hi, I'm not using a DHCP, all clients and servers are statically configured.


Phillip Windell ,

Why I\m doing in a backwords? and why the Back-to-Back Firewall Scenraio is
working between 2 ISA's, but with the Pix is getting difficulties?


"kenkcj" wrote:

Check your dhcp settings. Under the dhcp server expand your server and
scope. Click on scope options and ensure that the dns server settings are
correct and pointing at 128.104.30.40. If its not, right click on scope
options and "configure options" from there locate dns server and input the
appropriate information.
Hope this helps,
-kenkcj

"Habibalby" <hms__25@xxxxxxxxxxx> wrote in message
news:5E9125AC-1DD4-4C0E-AFCA-2D1CF3F8949E@xxxxxxxxxxxxxxxx
Hi All,

I have implemented a Setup companion of Pix as a Back-end Firewall and ISA
Server as a front-end Firewall.

Pix has got the Public Interface static IP Address from ISP
Pix has got Internal IP Address 192.168.1.0 Network and Interface is
assigned 192.168.1.1
No Access rules are defined in Pix, it means everything is allowed from
the
Network Behind Pix.

ISA has got two interfaces, External and Internal

External Interface has got an IP Address as part of the Internal Interface
of Pix Firewall 192.168.1.50
Internal Interface has got an IP Address as part of the Corporate Network
128.104.30.12

All internal Clients has got the 128.104.30.12 as the default Gateway.

Internet is working fine, but the DNS is configured in the External
Interface of ISA Server " Which is result in wrong Setup of ISA Server"

All the DNS query out to External should be done via the DNS Server which
is
located in the Corporate Network on 128.104.30.40. and this DNS Server is
configured to forward DNS Queries to the ISP DNS Servers.

The internal Interface of ISA Server is configured with the Corporate
Network DNS Server 128.104.30.40, it can nslookup, but when i query
another
external DNS Server from any clients it won't work. Also, from the DNS
Server
itself the NSLookup to external Domain it doesn't work.

I have the same setup Back-to-Back Firewall, with two ISA Servers and
everything works great.

What is the problem with the pix Firewall then?

Any help or input please welcome




.

Relevant Pages

  • Re: Cannot get access to router on SBS server
    ... point the DNS server setting to the IP of the SBS ... calling CNetCommit::ValidateFulltimeConnectionProperties. ... Call to Reading web publishing selection returned ok. ...
    (microsoft.public.windows.server.sbs)
  • Re: dns on firewall
    ... A firewall should be as safe from harm as possible. ... > use solely as a DNS server in a DMZ. ... > connection working as well, ...
    (comp.os.linux.security)
  • Re: Herb Martin...Global Catalog SRV record missing!
    ... Error: Root hints list has invalid root hint server: ... DNS server: 128.63.2.53 ... PTR record query for the ...
    (microsoft.public.windows.server.dns)
  • Re: Long Time Samba No Work-Need Expert Help On Samba/Networking
    ... The windows firewall has to be completely ... I tried the samba commands I listed on the ... added interface ip=127.0.0.1 bcast=127.255.255.255 ... server string = %h server ...
    (Ubuntu)
  • Re: when connected to a domain. takes forever to login
    ... >> configure the internal DNS server to handle that too. ... Will using it as DNS server make it vulnerable to hackers since ... Your router or firewall will be dropping ...
    (microsoft.public.windowsxp.network_web)