Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Tri Home DMZ NIC Config

Status
Not open for further replies.
bradhiggins

bradhiggins

Technical User
Sep 24, 2003
43
0
0
Hey all,

I have been doing some reading and to set up a tri home dmz, and I keep getting confused on one issue. I have a /28 CIDR address range from my ISP with netmask of 255.255.255.240 .

Am i able to just use these public IP's directly so 2 on ISA and the rest on my DNS and mail,
eg
INT NIC 192.168.0.1 255.255.255.0
EXT NIC ???.???.???.98 255.255.225.240
DMZ NIC ???.???.???.99 255.255.255.240

or do I have to further subnet them so the External and DMZ NIC's are on different subnets.

If so what is the easisest way in doing this.

Cheers

brad
 
Sort by date Sort by votes
Thanks but I have already read umpteen articles but none gives specific NIC configurations or what packet filters required.

I had one response on another forum that said that yes they needed to be on different subnets and you can further subnet your /28 to a /29 creating 2 subnets and it doesn't affect your public IP's.

I got this configured and set up so that people internally can access the mail in the DMZ and with correct PAcket Filters.

The problem I had was I couldn't get internet connectivity to the servers in the DMZ zone through the ISA using the DMZ external NIC as the gateway on the DMZ machines.

IF you find out the answer can you let me know?

In the end I just put the DNS servers in the public subnet (They have nothing else on them but DNS) and published the mail server.

Cheers

Brad
 
Upvote 0 Downvote
Here is my setup now,

I have 1 Checkpoint firewall, that cannot be taken out (I am replacing it though). That is using the 255.255.255.240, and it has a local routing table to route certain IP addresses to private IPs. I was thinking, on the DMZ leg of the ISA, maybe I should try to use the subnet 255.255.255.0.

OK, maybe I can try the idea you had with the /29, I am curious to see if the router recognizes the new subnet. I will try that, thanks!

 
Upvote 0 Downvote
can you show me the post about the /29 subnet? Thanks :)
 
Upvote 0 Downvote
dmz and ext nic have to be on different subnets, otherwise isa will not route the requests. the easiest way to do it is - just chage your SM.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sparrow4
  • Locked
  • Question
Configure Avaya IPO R11 / VM Pro + Office365 or Exchange for voicemail to email
Replies
2
Views
139
Johnkite
Johnkite
tjbradford
  • Locked
  • Question
ASAX 5508 - basic config - packet loss
Replies
0
Views
46
tjbradford
tjbradford
sudhakar346
  • Locked
  • Question
Cisco ASA inside to DMZ issue over public IP
Replies
2
Views
54
kythri
kythri
RMurr34
  • Locked
  • Question
ASA Config - Open port 3389 for all IPs
Replies
1
Views
63
iggsterman
iggsterman
acabezas2014
  • Locked
  • Question
Configuring ASA for Network Segmentation
Replies
1
Views
65
acabezas2014
acabezas2014

Part and Inventory Search

Sponsor

Back
Top