• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 364
  • Last Modified:

Basic setup of DMZ (IP address allocations to different components)

I want to setup a DMZ for the first time using ISA 2004 for a webserver. It will be a trihomed DMZ and what I need help with is the IP address allocations.
Say we have been assigned the following public IP address block
196.23.156.25 - 196.23.156.32 / 255.255.255.240
Now the routers Ip address is 196.23.156.25/255.255.255.240
On the internet side, the firewall's NIC will be 196.23.156.26/255.255.255.240
Then do I make the IP of the NIC on the DMZ side 196.23.156.27/255.255.255.240 and then the Webserver in the DMZ will have the IP 196.23.156.28/255.255.255.240
The firewall NIC on the LAN side will have the IP 192.168.0.10/255.255.255.0 and every other Server/PC on the LAN will follow in this range (192.168.0.0)

So my main question is, is this break down correct or should the IP address allocations for the DMZ part be different, and if different what should it be for the DMZ and the Webserver.

Much appreciate the help
0
mailnovice
Asked:
mailnovice
1 Solution
 
TannerManCommented:
For a tri-homed dmz your exactly correct. Your DMZ is public, therefore it the firewall's DMZ NIC and all machines in the DMZ will utilize external IP addresses within your provided range. Your correct with all your statements.

Here is a good link that explains it for ISA "Tri-homed" section is of interest to you.
http://www.isaserver.org/tutorials/ISA_Server_DMZ_Scenarios.html

Hope it helps
0

Featured Post

Take Control of Web Hosting For Your Clients

As a web developer or IT admin, successfully managing multiple client accounts can be challenging. In this webinar we will look at the tools provided by Media Temple and Plesk to make managing your clients’ hosting easier.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now