hutchingsp
Limp Gawd
- Joined
- Dec 24, 2006
- Messages
- 150
We have the following:
LAN 10.65.0.0/16
|
ISA Server (LAN Private IP on 10.65.0.0/16)
ISA Server (WAN Public IP on 1.2.3.253/24)
|
Netscreen (Internal Public IP on 1.2.3.254/24)
Netscreen (External Public IP on w.x.y.z into the ISP managed Cisco router)
We use the public IP area between the ISA and the Netscreen as a basic DMZ.
All the services hosted in this area are in the range 1.2.3.1 to 1.2.3.40/24.
The ISA is going to be replaced, and I'd like to use one of the interfaces on its replacement as an interface to a proper DMZ.
Am I right in thinking that I should be able to "simply" change the subnet mask on each of the existing public IPs to /26 and I'm in business?
It's not something I've too much hands on experience with, but I believe that'll give me a maximum of 4 subnets with 62 hosts each, one for the network between the ISA and the Netscreen and another for the DMZ interface.
I'm having a bit of a mental block with picturing the physical connectivity, embarrassing really! Right now the external NIC on the ISA simply plugs into the internal switch on the Netscreen, when I bring a DMZ interface into the equation that has to connect to both the Netscreen and the hosts behind it?
LAN 10.65.0.0/16
|
ISA Server (LAN Private IP on 10.65.0.0/16)
ISA Server (WAN Public IP on 1.2.3.253/24)
|
Netscreen (Internal Public IP on 1.2.3.254/24)
Netscreen (External Public IP on w.x.y.z into the ISP managed Cisco router)
We use the public IP area between the ISA and the Netscreen as a basic DMZ.
All the services hosted in this area are in the range 1.2.3.1 to 1.2.3.40/24.
The ISA is going to be replaced, and I'd like to use one of the interfaces on its replacement as an interface to a proper DMZ.
Am I right in thinking that I should be able to "simply" change the subnet mask on each of the existing public IPs to /26 and I'm in business?
It's not something I've too much hands on experience with, but I believe that'll give me a maximum of 4 subnets with 62 hosts each, one for the network between the ISA and the Netscreen and another for the DMZ interface.
I'm having a bit of a mental block with picturing the physical connectivity, embarrassing really! Right now the external NIC on the ISA simply plugs into the internal switch on the Netscreen, when I bring a DMZ interface into the equation that has to connect to both the Netscreen and the hosts behind it?