I set up a trihomed ISA 2006 server with External, Internal and DMZ networks. And I put a web server on DMZ with ip address XXX.XXX.243.226/XXX.XXX.24
3.224.
My ISA NIC information is as followings:
External NIC ip: XXX.XXX.243.200, 255.255.255.128, Gateway: XXX.XXX.243.129;
DMZ NIC ip: XXX.XXX.243.225, 255.255.255.224, Gateway: Blank;
Internal NIC ip: 192.168.1.30; 255.255.255.0, Gateway: Blank
Web Server NIC ip: XXX.XXX.243.226, 255.255.243.224, Gateway: XXX.XXX.243.225(DMZ NIC address).
After i assigned IP address, i created networks, then, set up routing relationship between DMZ and External. After that, i created access rules to permit http/https/ping/dns traffic for all environment.
I tested Web server from ISA itself and desktop from Internal network. Both of them worked and i can successfully open the web site. But when i tried to access web server from external, i couldn't open the web site. I use ip address in testing.
I began the troubleshooting progress. First i use PING command. The result is as follows:
ISA firewall can ping DMZ web server, and verse vesa.
ISA firewall can ping enterprise Router. I don't have access to enterprise router, so i could not test from router to isa. but i indeed can ping the ISA external NIC from external workstation. so i don't think there are any problems on my enterprise router.
As i said above, when i tried to ping ISA DMZ NIC and web server ip, i could not success. But i can ping the external IP on ISA.
My question is "Why i can't access my web server from external, why i can't even ping it?" Is that the problem between the routing relationship between my DMZ NIC and my External NIC. I guess there is something wrong on the relationship between my two NICs (external and DMC).
Please guys help me with it, i am very frustrated with the troubleshooting. I spent two days on it. All stuff looks ok except the external access----and it's the most key function for DMZ setup.
Thank you.
Start Free Trial
