Problem solve Get help with specific problems with your technologies, process and projects.

Setting up public access to a DMZ using ISA Server

I have set up a tri-homed system (three network cards) using ISA Server. I have subnetted public IP addresses with public addresses on public and DMZ cards. The private address is on a LAN card. The LAT looks fine (private addresses only). I had the ISP config router to forward IP addresses on subnet (DMZ address range) to ISA Server public address on Internet (public) card.

I have carefully followed instructions (mainly from Tom Shinder's book, ISA Server and Beyond). I have enabled IP routing and filtering within ISA. I can access servers on the DMZ from the private LAN OK. However, I have set up packet filters to allow public access to the DMZ (demilitarized zone), but this is not working. I have tried over and over again on two different servers.

Do I need to do anything within Windows 2000 (e.g., set up routing somehow)? Do I need to do anything within RRAS? Do I need to set up any static routes within 2000? Does the type of LAN cards I am using have any bearing? I have tried all I can think of but am having no success.

  1. What does Tom Shinder say? {grin}

  2. You don't say, but if we count the networks: (1) DMZ (2) private and (3) Internet, no address from the DMZ should be in the LAT. LAT should only be network 2 ?- and, of course, as I'm sure you have already done, the DMZ network needs to be on a different subnet, not just physically different from your internal networks.

  3. Is the DMZ server an FTP? If so see Three-homed perimeter network configuration.

  4. Is the filter type OPEN? Is the remote port set to ANY PORT? Is the "local computer" set to the IP address of the perimeter network server?

Dig Deeper on Enterprise desktop management

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.