Hi,
I'm wondering whether I have NAT setup correctly as I just
read an article that says I should point router NAT
translation to the INTERNAL NIC of SBS2000. I also want to
include a new server in the DMZ to handle mail using
SpamLion, before mail is allowed to go to exchange.
I have setup our network layout like this:
internet <-> Cisco ADSL Router <-> SBSserver ext. NIC <->
SBS server int. NIC <-> Workstations.
on the ADSL router I have an external IP in the
80.xxx.xxx.xxx range
On the internal NIC of the ADSL router I configured
172.26.0.100
The external NIC of the SBS server has 172.26.0.99
The internal NIC of the SBS server has 192.168.16.2
All the workstations are in 192.168.16.xxx
We run intrusion detection and firewall on the Cisco ADSL
router as well.
The first question is:
- Should I NAT to the internal NIC of the SBS server, on
the ADSL router? I have strange behaviour of the ISA
server, that suspects rules being not applied. Please find
current config below:
ip nat inside source list 1 interface ATM0.1 overload
ip nat inside source static tcp 172.26.0.99 53 80.33.51.60
53 extendable
ip nat inside source static tcp 172.26.0.99 80 80.33.51.60
80 extendable
ip nat inside source static tcp 172.26.0.99 25 80.33.51.60
25 extendable
ip nat inside source static tcp 172.26.0.99 443
80.33.51.60 443 extendable
ip nat inside source static tcp 172.26.0.25 25 80.33.51.60
25 extendable
The second question is:
- If I'm going to put in an extra server for SpamLion, I
would configure it with a DMZ IP of p.e. 172.26.0.101 and
have smtp port traffic first go to the new server and only
after approval to Exchange. What do I need to configure in
SBS2000 to have ISA accept incoming mail from that new
server's IP?
Thanks!
Sam