Welcome to ISAserver.org

Publishing external servers for internal network

Users viewing this topic: none

Logged in as: Guest

Printable Version

All Forums >> [ISA 2006 Publishing] >> Server Publishing >> Publishing external servers for internal network

Page: [1]

Message

<< Older Topic Newer Topic >>

Publishing external servers for internal network - 24.Oct.2007 7:42:04 PM

mkbaisla_1999

Posts: 6
Joined: 16.May2007
Status: offline

Hello Everyone,

I need to provide some step-by-step documents for one of my clients to fulfill the following scenario (in client's own words):

ISA 2004 server sits between (2) other firewalls, a Cisco ASA (internal side) and a FortiGate (external side). The ISA 2004 server is currently only being used as a Web Proxy. All users currently connect via default port (8080) for outbound Internet access.
There are (2) internal (LAN) application servers that need to send traffic over custom ports (6251 / 6252) which ISA will translate and redirect to the appropriate URL over another custom port (6250).
1) Server A/B sends traffic on port 6251
2) ISA 2004 is listening on Internal interface for 6251
a. ISA 2004 translates the request and redirects to https://ex1.test.com but on port 6250 (not 80)
3) Server A/B sends traffic on port 6252
4) ISA 2004 is listening on Internal interface for 6252
a. ISA 2004 translates the request and forwards to https://ex2.test.com but on port 6250 (not 80)
Please let me know if this is possible w/ ISA 2004 and/or ISA 2006.
.
.
.
.
.
I would greatly appreciate it if somebody can provide me any step-by-step document or any other hint

Many Thanks

Post #: 1

Featured Links*

RE: Publishing external servers for internal network - 5.Nov.2007 8:11:59 PM

tshinder

Posts: 47490
Joined: 10.Jan.2001
From: Texas
Status: offline

Might work. Not exactly sure what protocols you would be using and the directionality of the connections, though.

Tom

_____________________________

Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/

GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8

(in reply to mkbaisla_1999)

Post #: 2

RE: Publishing external servers for internal network - 13.Nov.2007 4:51:12 PM

gbarnas

Posts: 147
Joined: 27.Apr.2005
From: New Jersey
Status: offline

This is very similar to what I just did.. ISA will not publish outbound protocols, so what I did was to build an ISA server backwards (behind firewalls) so that the "internal" interface could connect to the Internet, and the Public interface was in our network. I used other firewalls (ISA and Cisco) to secure and isolate this server properly. Thus, you can publish your external hosts on the ISA as you wish. This works - but I posted a question today in General/Installation & Planning to get some feedback - the topic is "Backwards ISA Implementation - RFQ"

Glenn

(in reply to mkbaisla_1999)

Post #: 3

RE: Publishing external servers for internal network - 14.Nov.2007 9:16:55 AM

tshinder

Posts: 47490
Joined: 10.Jan.2001
From: Texas
Status: offline

Hi Glenn,

Interesting. I would have just created the required protocol definitions. I'll check out your post.

Thanks!
Tom

_____________________________

Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/

GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8

(in reply to gbarnas)

Post #: 4