Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

One to one NAT

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Web Proxy] >> General >> One to one NAT Page: [1]
Login
Message << Older Topic   Newer Topic >>
One to one NAT - 10.Jan.2007 2:56:56 PM   
timanji

 

Posts: 13
Joined: 9.Jan.2007
Status: offline 		Hi everyone.  I'm a total newbie to this, so please forgive me if I ask any stupid questions.

I've been asked to configure the ISA2006 server for this scenario:
Outside users will hit the external ip address of the ISA server. (Which is a public ip address).  And the ISA server will then take this traffic and NAT it to a specific internal ip address of another server.

Essentially, the server the users are trying to access needs to think that the users are in the local network in order for the application to work.

I thought it would be straightforward, but I can't seem to figure it out.
This ISA server has dual NIC's.  One configured as "internal" and one "external".

Please help!
Thanks!
-tim
Post #: 1
RE: One to one NAT - 10.Jan.2007 3:05:57 PM   
spouseele

 

Posts: 12782
Joined: 1.Jun.2001
From: Belgium
Status: offline 		Hi Tim,

create a Web or Server publishing rule - this depends on the type of service you want to publish - and make sure you select Requests appear to come from the ISA Server computer in the To tab of the publishing rule.
 
HTH,
Stefaan
 

(in reply to timanji)
Post #: 2
RE: One to one NAT - 10.Jan.2007 4:02:25 PM   
timanji

 

Posts: 13
Joined: 9.Jan.2007
Status: offline 		Thanks for the quick reply.

So to clarify, under the Firewall Policy, I can use the wizard for "Publish Web Sites"?  Is that it?  Or will I also need to go under my network configuration and create a network rule?

Thanks!
-tim

(in reply to spouseele)
Post #: 3
RE: One to one NAT - 10.Jan.2007 4:09:04 PM   
spouseele

 

Posts: 12782
Joined: 1.Jun.2001
From: Belgium
Status: offline 		Hi Tim,

1. You should already have a network rule and network relationship defined between the internal and the external network, otherwise ISA wouldn't be useful at all.

2. If the service you want to publish is Web based (HTTP/HTTPS) than you should use a Web publishing rule. If it is non-Web based  than a server publishing rule is needed.

HTH,
Stefaan

(in reply to timanji)
Post #: 4
RE: One to one NAT - 10.Jan.2007 5:06:47 PM   
timanji

 

Posts: 13
Joined: 9.Jan.2007
Status: offline 		Ok, thanks.  I'll try it and post the results.

Thank you!
-tim

(in reply to spouseele)
Post #: 5
RE: One to one NAT - 10.Jan.2007 7:09:11 PM   
timanji

 

Posts: 13
Joined: 9.Jan.2007
Status: offline 		I'm definitely doing something wrong.

Here's my basic test.  I have a printer that I can administer via my browser.  So to test my ISA box, I want to see if I point my browser on my pc to the External IP address of the ISA server, and have it redirect me to the printers admin screen.

(My pc is on a different subnet than the printer.)

pc ---- switch --- outside_ISA / inside_ISA --- switch --- printer
pc = 192.168.1.2
outside_ISA = 192.168.1.1
inside_ISA = 172.16.1.1
printer = 172.16.1.2

I ran the "Publish Web Sites" wizard.  (Since the printer admin is http port 80)
Created a "listener" to listen on the outside_ISA ip address.

But still, when I open my browser and point to http://192.168.1.1, I get nothing.

What am I doing wrong?
thanks!
-tim

(in reply to spouseele)
Post #: 6
RE: One to one NAT - 10.Jan.2007 8:19:34 PM   
timanji

 

Posts: 13
Joined: 9.Jan.2007
Status: offline 		I got it to work by changing the default port from 80 to something else.

Why won't it work on port 80?

-tim

(in reply to timanji)
Post #: 7
RE: One to one NAT - 11.Jan.2007 4:31:40 PM   
spouseele

 

Posts: 12782
Joined: 1.Jun.2001
From: Belgium
Status: offline 		Hi Tim,

I don't see any reason why it shouldn't work with the default TCP port 80. Anything useful in the ISA Monitor log?

HTH,
Stefaan

(in reply to timanji)
Post #: 8
RE: One to one NAT - 9.Apr.2007 3:39:43 PM   
pwindell

 

Posts: 782
Joined: 12.Apr.2004
From: Taylorville, IL
Status: offline
quote:

ORIGINAL: timanji

I got it to work by changing the default port from 80 to something else.

Why won't it work on port 80?

-tim


It may fail if you didn't account properly what the user types in as the URL.  Web Publishing pays attention to the actual URL used,...Server Publishing does not.

It won't work on port 80 if a different Web Listener has already been prviously configured for port 80 on the same IP#.

It will help if we know exactly what we are trying to publish here. Otherwise we are playing a guessing game.  Also any "test" you do needs to be exactly the same kind of thing you are actually going to publish. Otherwise the test means nothing and the only thing it proves or disproves it if the test itself worked.



_____________________________

Phillip Windell
www.wandtv.com

(in reply to timanji)
Post #: 9

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Web Proxy] >> General >> One to one NAT Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts