Q

Setting up public access to a DMZ using ISA Server

I have set up a tri-homed system (three network cards) using ISA Server. I have subnetted public IP addresses with public addresses on public and DMZ cards. The private address is on a LAN card. The LAT looks fine (private addresses only). I had the ISP config router to forward IP addresses on subnet (DMZ address range) to ISA Server public address on Internet (public) card.

I have carefully followed instructions (mainly from Tom Shinder's book, ISA Server and Beyond). I have enabled IP routing and filtering within ISA. I can access servers on the DMZ from the private LAN OK. However, I have set up packet filters to allow public access to the DMZ (demilitarized zone), but this is not working. I have tried over and over again on two different servers.

Do I need to do anything within Windows 2000 (e.g., set up routing somehow)? Do I need to do anything within RRAS? Do I need to set up any static routes within 2000? Does the type of LAN cards I am using have any bearing? I have tried all I can think of but am having no success.

  1. What does Tom Shinder say? {grin}

  2. You don't say, but if we count the networks: (1) DMZ (2) private and (3) Internet, no address from the DMZ should be in the LAT. LAT should only be network 2 ?- and, of course, as I'm sure you have already done, the DMZ network needs to be on a different subnet, not just physically different from your internal networks.

  3. Is the DMZ server an FTP? If so see Three-homed perimeter network configuration.

  4. Is the filter type OPEN? Is the remote port set to ANY PORT? Is the "local computer" set to the IP address of the perimeter network server?
This was first published in June 2003

Dig deeper on Network intrusion detection and prevention and malware removal

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchVirtualDesktop

SearchWindowsServer

SearchExchange

Close