Home > Ask the Enterprise Desktop Experts > Questions & Answers > Setting up public access to a DMZ using ISA Server
Ask The Enterprise Desktop Expert: Questions & Answers
EMAIL THIS

Setting up public access to a DMZ using ISA Server

Roberta Bragg EXPERT RESPONSE FROM: Roberta Bragg

Pose a Question
Other Enterprise Desktop Categories
Meet all Enterprise Desktop Experts
Become an Expert for this site


Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


>
QUESTION POSED ON: 09 June 2003
I have set up a tri-homed system (three network cards) using ISA Server. I have subnetted public IP addresses with public addresses on public and DMZ cards. The private address is on a LAN card. The LAT looks fine (private addresses only). I had the ISP config router to forward IP addresses on subnet (DMZ address range) to ISA Server public address on Internet (public) card.

I have carefully followed instructions (mainly from Tom Shinder's book, ISA Server and Beyond). I have enabled IP routing and filtering within ISA. I can access servers on the DMZ from the private LAN OK. However, I have set up packet filters to allow public access to the DMZ (demilitarized zone), but this is not working. I have tried over and over again on two different servers.

Do I need to do anything within Windows 2000 (e.g., set up routing somehow)? Do I need to do anything within RRAS? Do I need to set up any static routes within 2000? Does the type of LAN cards I am using have any bearing? I have tried all I can think of but am having no success.


>
EXPERT RESPONSE
  1. What does Tom Shinder say? {grin}

  2. You don't say, but if we count the networks: (1) DMZ (2) private and (3) Internet, no address from the DMZ should be in the LAT. LAT should only be network 2 ?- and, of course, as I'm sure you have already done, the DMZ network needs to be on a different subnet, not just physically different from your internal networks.

  3. Is the DMZ server an FTP? If so see Three-homed perimeter network configuration.

  4. Is the filter type OPEN? Is the remote port set to ANY PORT? Is the "local computer" set to the IP address of the perimeter network server?

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary



Search and Browse the Expert Answer Center
Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.
Browse our Expert Advice

HomeTopicsITKnowledge ExchangeTipsMultimediaWhite PapersBlogs
About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
SEARCH 
TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Reprints  |  Site Map




All Rights Reserved, Copyright 2008, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts