I don't understand this
- From: "Miguel Ángel Romero" <miguel.romero78@xxxxxxxxx>
- Date: Tue, 25 Apr 2006 04:13:50 +0200
This is a chunk of text of the book of Thomas Shinder's, I refer to the last
paragraph. It is the first step to create a dmz.
In the lab network that we're using for the examples in this section, the
external network host is on the same network ID as the external interface of
the ISA firewall, which is 192.168.1.0/24. The external IP address on the
ISA firewall is 192.168.1.70 and the external host will use an IP address
assigned in the same network ID. The DMZ segment uses the network ID
172.16.0.0/16. Therefore, on the Windows XP external network host we use in
this section, we configured a routing table entry to tell it to use the
external IP address of the ISA Server 2004 firewall to reach network ID
172.16.0.0/16. Specially, here's what we did:
route add 172.16.0.0 MASK 255.255.0.0 192.168.1.70Note that this example
does not use a subnet of a public address block. In your production
environment, you would subnet your public address block and create a routing
table entry for your DMZ segment's subnetted block on your router upstream
from the ISA Server 2004 firewall. This implies you have control over the
upstream router, which makes public address DMZ segments a moot point for
hobbyist ISP accounts. However, there's no reason why you can't create
private address DMZs with a hobbyist ISP account.
--
Regards
.
- Follow-Ups:
- Re: I don't understand this
- From: Jim Harrison \(MSFT\)
- Re: I don't understand this
- Prev by Date: How does ISA/Caching feature knows what page is 'dynamic' ?
- Next by Date: Re: PPPoE Routing?
- Previous by thread: How does ISA/Caching feature knows what page is 'dynamic' ?
- Next by thread: Re: I don't understand this
- Index(es):
Relevant Pages
|
