Ask the Expert

Setting up public access to a DMZ using ISA Server

I have set up a tri-homed system (three network cards) using ISA Server. I have subnetted public IP addresses with public addresses on public and DMZ cards. The private address is on a LAN card. The LAT looks fine (private addresses only). I had the ISP config router to forward IP addresses on subnet (DMZ address range) to ISA Server public address on Internet (public) card.

I have carefully followed instructions (mainly from Tom Shinder's book, ISA Server and Beyond). I have enabled IP routing and filtering within ISA. I can access servers on the DMZ from the private LAN OK. However, I have set up packet filters to allow public access to the DMZ (demilitarized zone), but this is not working. I have tried over and over again on two different servers.

Do I need to do anything within Windows 2000 (e.g., set up routing somehow)? Do I need to do anything within RRAS? Do I need to set up any static routes within 2000? Does the type of LAN cards I am using have any bearing? I have tried all I can think of but am having no success.

  1. What does Tom Shinder say? {grin}

  2. You don't say, but if we count the networks: (1) DMZ (2) private and (3) Internet, no address from the DMZ should be in the LAT. LAT should only be network 2 ?- and, of course, as I'm sure you have already done, the DMZ network needs to be on a different subnet, not just physically different from your internal networks.

  3. Is the DMZ server an FTP? If so see Three-homed perimeter network configuration.

  4. Is the filter type OPEN? Is the remote port set to ANY PORT? Is the "local computer" set to the IP address of the perimeter network server?

This was first published in June 2003

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: