Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Not able to publish servers
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
Not able to publish servers - 2.Feb.2007 5:51:49 AM
|
|
|
SadSam
Posts: 10
Joined: 2.Feb.2007
Status: offline
|
Hi,
I have problems to create working server publishing rule. Nothing seems to be working. For examble if I try to publish internal Terminal Server I only get 'remote desktop disconnected'-message. In ISA logging is:
RDP (Terminal Services) Denied Connection ...and result code: 0xc0040014 FWX_E_FWE_SPOOFING_PACKET_DROPPED.
Is this configuration problem? Have i forgotten to do something or am i doing somethin wrong?
|
|
|
|
RE: Not able to publish servers - 2.Feb.2007 10:39:19 AM
|
|
|
spouseele
Posts: 12782
Joined: 1.Jun.2001
From: Belgium
Status: offline
|
Hi SadSam,
please post the result of the 'ipconfig /all' and 'route print' commands on the ISA Server and the internal Terminal Server.
Also, what have you defined on ISA as networks and what network rules do you have in place?
HTH,
Stefaan
|
|
|
|
|
RE: Not able to publish servers - 2.Feb.2007 12:40:24 PM
|
|
|
SadSam
Posts: 10
Joined: 2.Feb.2007
Status: offline
|
Hi,
thanks for answering so quickly...
I started all over from beginning, installed server again and now i'm trying to get it right. Hopefully you can advise basic configurations so that there is easy to continue whit access rules. Propably the problem in the first place was in the routing...
Anyway what i'm trying to get working:
ISA with 3 networkcards
External:
IP: Public IP1, public IP2
Default GW
No DNS
Internal 1
IP 192.168.10.20
No GW
DNS1 Public IP3
DNS2 Public IP4
Internal 2
IP 192.168.99.20
No GW
DNS1 Public IP3
DNS2 Public IP4
Terminal server has now public IP5 with same default GW than ISA and with DNS1: IP3 and DNS2: IP4. For publishing throug ISA its going to be:
IP: 192.168.99.17
GW: 192.168.99.20
DNS1: Public IP3
DNS2: Public IP4
in Internal 1 network are workstations and to the terminal server has to be access from internal 1 network and external network. All servers are now in public IP:s (IP3 and IP4 are own domain controllers with DNS) and plan is to move then one by one to internal 2 network.
Now there is now extra routes in routing table and it looks like this:
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 Default GW Public IP1 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.10.0 255.255.255.0 192.168.10.20 192.168.10.20 20
192.168.10.20 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.10.255 255.255.255.255 192.168.10.20 192.168.10.20 20
192.168.99.0 255.255.255.0 192.168.99.20 192.168.99.20 20
192.168.99.20 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.99.255 255.255.255.255 192.168.99.20 192.168.99.20 20
public.0 255.255.255.192 Public IP1 Public IP1 20
Public IP1 255.255.255.255 127.0.0.1 127.0.0.1 20
Public IP2 255.255.255.255 127.0.0.1 127.0.0.1 20
public.255 255.255.255.255 Public IP1 Public IP1 20
224.0.0.0 240.0.0.0 192.168.10.20 192.168.10.20 20
224.0.0.0 240.0.0.0 192.168.99.20 192.168.99.20 20
224.0.0.0 240.0.0.0 Public IP1 Public IP1 20
255.255.255.255 255.255.255.255 192.168.10.20 192.168.10.20 1
255.255.255.255 255.255.255.255 192.168.99.20 192.168.99.20 1
255.255.255.255 255.255.255.255 Public IP1 Public IP1 1
Default Gateway: Default GW
===========================================================================
Persistent Routes:
None
In ISA there is now only Internal network (192.168.10.0-192.168.10.255 and 192.168.99.0-192.168.99.255).
No Network rules (only defaults) and no access rules.
Previously I tried almoust everything with step by step guides, wiht trial and error and finally with just quessing and finally i was so messed up that i decided to start everything from beginning....just need couple of good advice to get to the point
I hope so that this helps you to help me.
Thanks beforehand
Sam
|
|
|
|
|
RE: Not able to publish servers - 3.Feb.2007 12:29:59 PM
|
|
|
SadSam
Posts: 10
Joined: 2.Feb.2007
Status: offline
|
Hi Stefaan,
here is how things are connected now and what was it planned to be:
Current
Internal 1 : WKS ---+[Switch]---+
. !
. !
SRV A -----------------------------!
. !
. [Switch]--- [ISP] -- Internet
. !
. !
SRV N ----------------------------!
. !
. !
[ISA] ------------------------------+
Planned
Internal 1 : WKS ----[Switch]---+
. !
. [ISA]--- [ISP] -- Internet
. !
. !
Internal 2 : SRV -----[Switch]---+
Plan was to move servers one by on to Internal 2 and publish them throug ISA. I started with TS because its looked like it could be the easiest one. Firstly Internal 1 and Internal 2 were in different ISA networks, but that was not working...
Public IP's belongs to same network ID.
Easiest way to do this would be the best one, (but does it mean that first i have to get a router between Subnets and connect that directly to ISA?)
Sam
|
|
|
|
|
RE: Not able to publish servers - 3.Feb.2007 3:01:08 PM
|
|
|
spouseele
Posts: 12782
Joined: 1.Jun.2001
From: Belgium
Status: offline
|
Hi Sam,
to be sure, do you really want that ISA Server controls the traffic between the networks IP 192.168.10.0/24 (internal 1: WKS) and 192.168.99.0/24 (internal 2: SRV)? Yes or No?
In your current configuration, do all internal hosts have public IP's?
HTH,
Stefaan
|
|
|
|
|
RE: Not able to publish servers - 3.Feb.2007 8:43:09 PM
|
|
|
SadSam
Posts: 10
Joined: 2.Feb.2007
Status: offline
|
Hi Stefaan,
Yes, plan was that ISA also controls traffic between Internal 1 and Internal 2.
In current config workstations have 192.168.10.0/24 and servers have public IP's
Sam
|
|
|
|
|
RE: Not able to publish servers - 4.Feb.2007 6:15:02 AM
|
|
|
spouseele
Posts: 12782
Joined: 1.Jun.2001
From: Belgium
Status: offline
|
Hi Sam,
OK, than you have to go for he following scenario:
Internal 1 ---+
(WKS) !
[ISA] --- Internet
!
Internal 2 ---+
(SRV)
This requires 3 ISA networks:
- Internal 1: 192.168.10.0/24 for the workstations
- Internal 2: 192.168.99.0/24 for the servers
- External network (default)
and the following network rules:
- From (Internal 1 + Internal 2) To External = NAT
- From Internal 1 To Internal 2 = ROUTE
The reason for the route relationship between Internal 1 and 2 is that otherwise you might have problems with domain related traffic such as file sharing, etc..
Your problem is now how to get from the current configuration, with public IP's assigned to the servers, to the planned one in a smooth way.
Q1: How many public IP's do you have and how many servers?
Q2: Is it feasable to move and renumber the servers to the new network ID in one step?
HTH,
Stefaan
|
|
|
|
|
RE: Not able to publish servers - 4.Feb.2007 4:12:23 PM
|
|
|
SadSam
Posts: 10
Joined: 2.Feb.2007
Status: offline
|
Hi Stefaan,
ISA networks and network rules looks like (looks like, but not so sure anymore) what i was trying in first effort (when i tried to move TS to Internal 2).
We have 10 servers (+ ISA server) and as many public IP's in use (+ couple of spare ones). Propably it's not possible move servers in one step. It has to be done off-hours and timewindow is not so big. That's the reason why i though that best way is move servers one by and to get that configuration to work at the time....
So if there is way to do this....
Sam
|
|
|
|
|
RE: Not able to publish servers - 5.Feb.2007 3:01:48 PM
|
|
|
spouseele
Posts: 12782
Joined: 1.Jun.2001
From: Belgium
Status: offline
|
Hi Sam,
OK, can you clean up your diagram of the current network and repost it? It's hard to read now. Use a fixed font face such as Courier New. It will allign much better ;-)
HTH,
Stefaan
|
|
|
|
|
RE: Not able to publish servers - 5.Feb.2007 4:49:23 PM
|
|
|
SadSam
Posts: 10
Joined: 2.Feb.2007
Status: offline
|
Hi,
hope it looks better this time...
- All workstations are connected to switch 1
- Switch 1 is connected to switch 2
- All servers are connected to switch 2
- Switch 2 connected to modem
Internal 1 : WKS [Switch 1]+
!
!
[Switch 2]--- [ISP] -- Internet
!
!
All SRV (including ISA)----+
My plan was
- To connect all workstations to switch 1
- All servers to switch 2
- ISA internal 1 NIC to switch 1
- ISA internal 2 NIC to switch 2
- ISA external to modem
Internal 1 : WKS [Switch 1]---+
!
[ISA]--- [ISP] -- Internet
!
Internal 2 : SRV [Switch 2]---+
Sam
< Message edited by SadSam -- 5.Feb.2007 5:03:40 PM >
|
|
|
|
|
RE: Not able to publish servers - 12.Feb.2007 9:31:15 AM
|
|
|
SadSam
Posts: 10
Joined: 2.Feb.2007
Status: offline
|
Hi Stefaan,
sorry that i haven't been able to answer for a while.
Situation is not so bad, there is firewall on the edge of internet.
[ISP] = [modem]---[router]---[firewall], but those are in hands of service provider. Does this change everything? I though that from outside view this doesn't matter...
I try to bend a model from iron wire.....
Your suggestion is following for a temporary solution:
- all workstations (private IP's Internal 1 network) connected to Switch 1
- ISA server NIC 1 with private IP from Internal 1 network connected to Switch 1
- ISA server NIC 2 with private IP from Internal 2 network connected to Switch 2
- ISA server NIC 3 with public IP connected to Switch 3 (witch i don't have but can obtain).
- Also other servers with public IP's connected to Switch 3
- In ISA server defined network Temporary with all public IP's (also ISA server's public IP?)
- migrate servers one by one to Internal 2 network (and connect them to Switch 2) and make publishing rules from temporary network to Internal 2 network IP's?
Internal 1 --[Switch 1]
(WKS) !
[ISA] -[Switch 3]- [ISP] --- Internet
! !
Internal 2 -[Switch2] !
(SRV New) !
!
Temporary -------------+
(SRV Old)
|
|
|
|
|
RE: Not able to publish servers - 22.Feb.2007 6:54:35 AM
|
|
|
SadSam
Posts: 10
Joined: 2.Feb.2007
Status: offline
|
Hi,
didn't work out...still not able to do any workable publishing rule.....can you give some further advice?
|
|
|
|
|
RE: Not able to publish servers - 3.Apr.2007 7:57:01 AM
|
|
|
SadSam
Posts: 10
Joined: 2.Feb.2007
Status: offline
|
Hi again,
How I can get around this problem?
If I define network 'Temporary' to ISA with old servers public IP's and then move and publish one server I get those error messages because there is public IP which belongs to same network ID than servers in 'Temporary' network. Is there any method to do this without first changing servers IP's.
IP's currently in use are:
x.x.x.2
x.x.x,3
x.x.x.7
x.x.x.8
x.x.x.9
x.x.x.10
x.x.x.11
x.x.x.13
x.x.x.15
x.x.x.16
x.x.x.17
x.x.x.20
Mask 255.255.255.192
GW x.x.x.1
Servers needed to be publish have IP's x.x.x.7, x.x.x.9, x.x.x.13, x.x.x,15, x.x.x.16, x.x.x.17
Sam
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
