Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

DMZ Help

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 Firewall] >> DMZ >> DMZ Help Page: [1]
Login
Message << Older Topic   Newer Topic >>
DMZ Help - 16.Jan.2007 12:35:01 PM   
dnguyen2205

 

Posts: 8
Joined: 16.Jan.2007
Status: offline 		I just recently tried to put our Web server behind ISA 2k4 w/ sp2 on the DMZ. On our webserver we run two websites on it. One works and the other does not. This is how I have it set up:

Webserver:
- Set the NIC with DMZ address's for both websites
- Set the correct DMZ IP's for both websites in IIS

ISA Server:
- I added the two external IP's for our website to the External NIC
- Created two web listeners for both websites
- Created two web publishing rules
     -Forward www.abc.com to DMZ IP address (192.168.1.XX)
     -Forward www.123.com to DMZ IP address(192.168.1.XX)

- So website www.abc.com works, but www.123.com does not.
        - If I swapped the DMZ address's in the publishing rules, then www.123.com works, but www.abc.com does not.

Can someone help me out? If you need any more information, let me know!

Thanks!!

< Message edited by dnguyen2205 -- 17.Jan.2007 3:28:54 PM >
Post #: 1
RE: DMZ Help - 16.Jan.2007 5:13:21 PM   
mrupright

 

Posts: 68
Joined: 18.Oct.2004
Status: offline 		Hi dnguyen2205,

You bound two extra public IP's to your ISA external interface so you now have three (3) external ips?  On your web listeners properties click the network tab.  Did you define the public ip addresses here?  Click your External adapter and then click the Addresses button.

Under Available IP Addresses, you should see the ip's you bound to the wan interface.  Click the "Specified IP Addresses on the ISA Server computer in the selected network"  Choose your public IP and click "Add" then "OK"  Then "apply" and "ok" again.  Do the same for the other web listener.

Happy to help

Mark

< Message edited by mrupright -- 16.Jan.2007 5:33:11 PM >

(in reply to dnguyen2205)
Post #: 2
RE: DMZ Help - 16.Jan.2007 5:24:27 PM   
dnguyen2205

 

Posts: 8
Joined: 16.Jan.2007
Status: offline 		Hello mrupright:

You bound two extra public IP's to your ISA external interface so you now have three (3) external ips? 

- Yes

On your web listeners properties click the network tab.  Did you define the public ip addresses here?  Click your External adapter and then click the Addresses button. Under Available IP Addresses, you should see the ip's you bound to the wan interface.  Click the "Specified IP Addresses on the ISA Server computer in the selected network"  Choose your public IP and click "Add" then "OK"  Then "apply" and "ok" again.  Do the same for the other web listener.

- Yes I defined the public IP's for both of our websites on the weblistener. Then for the "TO:" portion I directed it to the DMZ I created on the Webserver, to both websites.

Thanks for your help!

Dave

< Message edited by dnguyen2205 -- 16.Jan.2007 5:26:19 PM >

(in reply to mrupright)
Post #: 3
RE: DMZ Help - 18.Jan.2007 3:34:42 PM   
dnguyen2205

 

Posts: 8
Joined: 16.Jan.2007
Status: offline 		Anyone!??

(in reply to dnguyen2205)
Post #: 4
RE: DMZ Help - 18.Jan.2007 11:31:12 PM   
mrupright

 

Posts: 68
Joined: 18.Oct.2004
Status: offline 		Hi dnguyen2205,

quote:


Then for the "TO:" portion I directed it to the DMZ I created on the Webserver, to both websites.


Do you mean for each web server publish rule you directed it to the corresponding websites dmz ip address in the TO tab?  You bound a second ip to your webserver and configured the websites to listen on the different ip's:  www.abc.com - 192.168.1.1 and www.123.com - 192.168.1.2 and that is what is in the TO tab?

HTH

Mark

< Message edited by mrupright -- 18.Jan.2007 11:42:44 PM >

(in reply to dnguyen2205)
Post #: 5
RE: DMZ Help - 19.Jan.2007 12:18:56 AM   
dnguyen2205

 

Posts: 8
Joined: 16.Jan.2007
Status: offline
quote:

ORIGINAL: mrupright

Hi dnguyen2205,

quote:


Then for the "TO:" portion I directed it to the DMZ I created on the Webserver, to both websites.


Do you mean for each web server publish rule you directed it to the corresponding websites dmz ip address in the TO tab?  You bound a second ip to your webserver and configured the websites to listen on the different ip's:  www.abc.com - 192.168.1.1 and www.123.com - 192.168.1.2 and that is what is in the TO tab?

HTH

Mark


Hello Mark,

Yes, that is how I configured everything. Do you see anything wrong with the way I configured it, that could cause my issue?

Thanks for the reply.

< Message edited by dnguyen2205 -- 19.Jan.2007 12:21:58 AM >

(in reply to mrupright)
Post #: 6
RE: DMZ Help - 19.Jan.2007 1:18:31 PM   
mrupright

 

Posts: 68
Joined: 18.Oct.2004
Status: offline 		Hi dnguyen2205,

Grrrr... 

I have tried to duplicate the problem in my vmware lab to no avail.  I came close a few times but after a flush of dns cache....poof it works.  Have you tried flushing the dns cache on ISA and your webserver?  I should be able to duplicate the issue you are having...but then again...my lab setup can still be different from your production setup.

HTH

Mark

(in reply to dnguyen2205)
Post #: 7
RE: DMZ Help - 19.Jan.2007 1:24:09 PM   
dnguyen2205

 

Posts: 8
Joined: 16.Jan.2007
Status: offline 		Hi Mark,

No, I haven't tried the DNS flush yet, I will try it this weekend to see what happens.

Thanks for your help!

Dave

(in reply to mrupright)
Post #: 8

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 Firewall] >> DMZ >> DMZ Help Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts