Forefront DMZ Routing

Posted on 2011-03-02
Last Modified: 2012-05-11
Experts, I have a legacy server which I would like to migrate behind a new Forefront implementation. This machine is assigned a public IP, 65.xx.xx.x99. Forefront is tentatively planned to be located at 65.xx.xx.100. The gateway from our ISP is located at 65.xx.xx.105.
There are several more websites published, in the 65.xx.xx.99-114 range.
1:1 NAT is not an option.

My understanding is that I can set up a route relationship instead of a NAT inside of Forefront to make this happen. I'm also wondering if I need to set up some additional CIDR to further segregate the ranges. I really hope that isn't the case since the gateway was assigned in the middle of our block.
Much beyond that I'm lost. Some quick guidance would be much appreciated.
Question by:timbrigham
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 49

Accepted Solution

Akhater earned 500 total points
ID: 35024345
well you are in trouble the only way to do it is assign the public ip to your TMG and publish the required ports/application to your server.

on the other hand if you can communicate with your ISP another subnet is indeed he solution however it will require more than just to change your gateway, they will also need to add static routes from their side to your new subnet

Author Closing Comment

ID: 35030617
Akhater, I thought that would be the case. Anything ISA is capable of is usually pretty well documented. Thanks for verifying.

Featured Post

Save the day with this special offer from ATEN!

Save 30% on the CV211 using promo code EXPERTS30 now through April 30th. The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
Shadow IT is coming out of the shadows as more businesses are choosing cloud-based applications. It is now a multi-cloud world for most organizations. Simultaneously, most businesses have yet to consolidate with one cloud provider or define an offic…
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question