Re: I don't understand this

---

• From: "Jim Harrison \(MSFT\)" <jmharr@xxxxxxxxxxxxxxxxxxxx>
• Date: Tue, 25 Apr 2006 08:15:54 -0700

---

What exactly don't you understand?

--
--
Jim Harrison [ISA SE]
Read the help, books and articles!

This posting is provided "AS IS" with no warranties, and confers no rights.

"Miguel Ángel Romero" <miguel.romero78@xxxxxxxxx> wrote in message news:O1Pak3AaGHA.4788@xxxxxxxxxxxxxxxxxxxxxxx
This is a chunk of text of the book of Thomas Shinder's, I refer to the last
paragraph. It is the first step to create a dmz.


In the lab network that we're using for the examples in this section, the
external network host is on the same network ID as the external interface of
the ISA firewall, which is 192.168.1.0/24. The external IP address on the
ISA firewall is 192.168.1.70 and the external host will use an IP address
assigned in the same network ID. The DMZ segment uses the network ID
172.16.0.0/16. Therefore, on the Windows XP external network host we use in
this section, we configured a routing table entry to tell it to use the
external IP address of the ISA Server 2004 firewall to reach network ID
172.16.0.0/16. Specially, here's what we did:

route add 172.16.0.0 MASK 255.255.0.0 192.168.1.70Note that this example
does not use a subnet of a public address block. In your production
environment, you would subnet your public address block and create a routing
table entry for your DMZ segment's subnetted block on your router upstream
from the ISA Server 2004 firewall. This implies you have control over the
upstream router, which makes public address DMZ segments a moot point for
hobbyist ISP accounts. However, there's no reason why you can't create
private address DMZs with a hobbyist ISP account.
--
Regards




.

---

• Follow-Ups:
  • Re: I don't understand this
    • From: Miguel Ángel Romero

• References:
  • I don't understand this
    • From: Miguel Ángel Romero

• Prev by Date: Preventing Internet use for non domain users
• Next by Date: @ Proxy with Radius authentification is secure ?
• Previous by thread: I don't understand this
• Next by thread: Re: I don't understand this
• Index(es):
  • Date
  • Thread

---

Relevant Pages RE: 504 Proxy timeout only with SSL traffic ... the DMZ network is considered External to the ... this may have an effect when you access the DMZ. ... And can access all other HTTPS sites on the internet? ... that there may be something wrong with the proxy engine on the ISA, ... (microsoft.public.isa) Re: Where do I put Exchange Server? ... DMZ in ISA Server 2004? ... Speaking of ISA Server 2004, I saw some screen shots of it. ... > its internal network only. ... (microsoft.public.isa.configuration) Re: Where do I put Exchange Server? ... ISA 2004 is certainly a lot more flexible on capabilities of individual ... Do you think w/ ISA 2004, DMZ is the right place for Exchange? ... > DMZ in ISA Server 2004? ... >> its internal network only. ... (microsoft.public.isa.configuration) RE: 504 Proxy timeout only with SSL traffic ... The internal ISA Server has two nics one assigned to the internal network ... The external ISA has two nics once assigned to the DMZ and one assigned to ... Does your ISA Server have 3x NICs? ... (microsoft.public.isa) Re: Where do I put Exchange Server? ... I'm not sure of OWA can be front-ended by a lone IIS server; again, the DMZ ... isn't the right place for it with ISA 2000. ... > its internal network only. ... (microsoft.public.isa.configuration)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > ISA  > microsoft.public.isa  > 2006-04