NAT to ISA on DMZ - Networking

This is a discussion on NAT to ISA on DMZ - Networking ; Hi all, this couple of weeks we have been designing the migration to Exchange server from a highly customized qmail installation (not my decision...). Im in charge that whatever setup we install complies with our current firewall setup. This is ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: NAT to ISA on DMZ

  1. NAT to ISA on DMZ

    Hi all, this couple of weeks we have been designing the migration to
    Exchange server from a highly customized qmail installation (not my
    decision...). Im in charge that whatever setup we install complies
    with our current firewall setup. This is an IPCop firewall whit RED-
    ORANGE-BLUE-GREEN zones. Exchange 2003 failed miserably when trying to
    set a front end on the DMZ whit out making the firewall swiss cheese.
    Exchange 2007 seems a little better but it needs an ISA server for the
    front end. We have part of the setup done with ISA inside the DMZ and
    another subnet inside the DMZ for the "untrusted" interface of the
    ISA. As for Port forwarding email traffic coming from the internet
    will get directed to the router in the DMZ, then to the ISA , then
    back to the firewall and finally to the exchange backend (what a hack,
    thanks MS). The problem is that the exchange backend REQUIRES that its
    gateway is the ISA. This is where iptables come into play. I cant
    specify the ISA server as gateway but I can forward email traffic from
    the firewall to the ISA on the DMZ and it will send it back to the
    client on the internet.


    REQUEST:

    NEEDED
    internet
    | |
    | v --
    > -->

    --------- DMZ
    192.168.99 10.0.0 192.168.99
    | FW |-----------------------------------
    [DSL router]------------------ [ISA]------------------ |
    --------- <--
    |
    | v
    | | ^
    -----------------------------------------------------------------------
    ---- |
    | v
    | <--
    |
    LAN
    |
    [Exchange]



    RESPONSE

    NEEDED:

    internet
    | ^
    | |
    <-- <--
    --------- DMZ
    192.168.99 10.0.0 192.168.99
    | FW |-----------------------------------
    [DSL router]------------------ [ISA]------------------ ^
    --------- -->
    |
    | |
    | ^ |
    -----------------------------------------------------------------------
    ---- |
    | |
    V -->
    |
    LAN
    |
    [Exchange]


    INSTEAD OF:

    internet
    |
    ^ |
    | --------- DMZ
    192.168.99 10.0.0 192.168.99
    | | FW |-----------------------------------
    [DSL router]------------------ [ISA]------------------
    ---------
    |
    |
    |
    -----------------------------------------------------------------------
    ---- |
    ^
    |
    | |
    | LAN
    |
    [Exchange]


    I'm following some examples for forwarding traffic between proxies but
    haven't make progress
    Can anyone help me create the needed rules for this.

    I may have an issue on the DMZ as both the DSL Router and ISA have the
    same gateway but haven't got the chance to test it.

    Is this even posible?

    Thanks


  2. Re: NAT to ISA on DMZ


+ Reply to Thread