Re: Can't access dmz from external network.

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

From: "Phillip Windell" <philwindell@xxxxxxxxxxx>
Date: Wed, 16 Jul 2008 08:40:03 -0500

"Jason" <Jason@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:12DC4EA8-AC5E-409D-B064-3CA8C9842EE4@xxxxxxxxxxxxxxxx

Question: I set up a trihomed ISA 2006 server with External, Internal and
DMZ
networks. And I put a web server on DMZ with ip address
XXX.XXX.243.226/XXX.XXX.243.224.

My ISA NIC information is as followings:
External NIC ip: XXX.XXX.243.200, 255.255.255.128, Gateway:
XXX.XXX.243.129;

DMZ NIC ip: XXX.XXX.243.225, 255.255.255.224, Gateway: Blank;
Internal NIC ip: 192.168.1.30; 255.255.255.0, Gateway: Blank

Web Server NIC ip: XXX.XXX.243.226, 255.255.243.224, Gateway:
XXX.XXX.243.225(DMZ NIC address).

Can't do anything with XXX.XXX
There is no way to know if the addressing is done correctly with that. To
me the Masks look "wacked" and the DMZ address range is questionable but no
way to verify that without knowing the addresses.

After i assigned IP address, i created networks, then, set up routing
relationship between DMZ and External. After that, i created access rules
to
permit http/https/ping/dns traffic for all environment.

Creating an Access Rule doesn't mean it was created correctly. You need to
specify exactly what you did to create the Rule.

--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------
Technet Library
ISA2004
http://technet.microsoft.com/en-us/library/cc302436(TechNet.10).aspx
ISA2006
http://technet.microsoft.com/en-us/library/bb898433(TechNet.10).aspx

Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html

Troubleshooting Client Authentication on Access Rules in ISA Server 2004
http://download.microsoft.com/download/9/1/8/918ed2d3-71d0-40ed-8e6d-fd6eeb6cfa07/ts_rules.doc

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.mspx

Microsoft ISA Server Partners: Partner Hardware Solutions
http://www.microsoft.com/forefront/edgesecurity/partners/hardwarepartners.mspx
-----------------------------------------------------

.

Prev by Date: Re: Routing in ISA 2006
Next by Date: Problems with bypass rules in ISA 2004 SP3
Previous by thread: Re: Routing in ISA 2006
Next by thread: Problems with bypass rules in ISA 2004 SP3
Index(es):
- Date
- Thread

Relevant Pages

Re: Where do I put Exchange Server?
... I'm not sure of OWA can be front-ended by a lone IIS server; again, the DMZ ... isn't the right place for it with ISA 2000. ... > its internal network only. ...
(microsoft.public.isa.configuration)
Re: Netzschema
... Wir verfolgen seit ISA 2000 den Ansatz ohne DMZ und haben jeweils auf der Internet- als auch auf der LAN-Seite Snort Sensoren. ... Stell doch deinen OWA Server in die Domain und publishe SMTP und OWA durch den ISA Server. ...
(microsoft.public.de.german.isaserver)
[fw-wiz] Exchange 2003 OWA compromise reached
... Thanks to all for your answers to my questions regarding Exchange 2003 OWA. ... Since we also want to move our ftp server onto a separate DMZ away from our ... we will attach the Microsoft ISA server outside interface to the ...
(Firewall-Wizards)
Re: Where do I put Exchange Server?
... DMZ in ISA Server 2004? ... Speaking of ISA Server 2004, I saw some screen shots of it. ... > its internal network only. ...
(microsoft.public.isa.configuration)
Re: using my ISA for some routing
... Currently my user's default gateway is my WAN router and for access to the ... itnernet they're using my ISA 2006 server as a proxy server by specifying ... in Internet Explorers proxy settings. ...
(microsoft.public.isa.configuration)