OK...I'm using the 3-leg perimeter model but I suppose in reality I have 4 legs as follows...
Adapter 1 (Physical) > connected to Internet with a single 28-bit address my ISP uses to route my 28-bit CIDR block
Adapter 2 (Loopback) > First 29-bit subnet of the 28-bit CIDR block assigned to me...all usable addresses are bound to this adapter but these addresses are only used to publish NAT'd resources.
Adapter 3 (Physical) > represents "perimeter" network to ISA server and has 2nd 29-bit subnet of the aforementioned CIDR block. I have the first address bound to the adapter which is connected to a dedicated DMZ switch. I have one other server connected to this switch with 3 public IP addresses in this block bound to the adapter for an Office Communications Edge Server. The default gateway for the edge server is the IP on this ISA physical adapter.
Adapter 4 (Physical) > connected to the internal network for SecureNAT and/or Firewall clients
The problem I am having is getting traffic over to the perimeter network. The routing looks good and I can ping the IP's on the perimeter network from the ISA server itself. Am I correct in assuming "publishing" resources is to redirect to NAT and that if I wanted to allow protocols to the perimeter network I would use access rules?
If this theory is true, why would I still be having problems even with an access rule in place. When I watch the real-time logging I still see traffic blocked based on the default rule, which is at the bottom of my firewall policy and my access rules obviously precede the default rule. What am I doing wrong?
Start Free Trial
