• United States

Setting up a DMZ based on IP numbers

Dec 02, 20021 min

We have a 300-workstation network with a Windows 2000 server, two domain controllers, a SQL 2000 database server, Linux Web server and ISA firewall. We’ve been asked to segment the database server onto a separate network so only certain staff members can access it.

We also want to install a second ISA server and create an internal demilitarized zone. Some staff members use the same computers all the time, so we need to allow access to the DMZ based on client IP address. For those who use different workstations, we want to create VPN connection icons on their desktops so they can dial into the DMZ network.

How do we set up the DMZ ISA server to allow access based upon client IP addresses? Also, how do we configure it so servers inside the DMZ can have full access to internal network resources while keeping out unauthorized connections from the network?

Start ISA Management and enable packet filtering and IP routing using the properties dialog in the IP Packet Filters section under Access Policy for the ISA server name. Configure your filtering rules to define the client and server traffic allowed across the internal DMZ network boundary.