Welcome to ISAserver.org

Server Publishing IIS

Users viewing this topic: none

Logged in as: Guest

Printable Version

All Forums >> [ISA Server 2000 General] >> Server Publishing >> Server Publishing IIS

Page: [1]

Message

<< Older Topic Newer Topic >>

Server Publishing IIS - 18.Jul.2001 12:29:00 AM

joking

Posts: 45
Joined: 13.Feb.2001
From: Phoenix, AZ USA
Status: offline

I have ISA running at the edge of my network with a single external IP and connecting to the Internet via DSL. (This is a home / test network).

Internally I have an NT 4.0 server running as a PDC. The NT server is running DHCP and WINS, as well as Exchange 5.5 and IIS 4.0.

Using server publishing, I can send and receive external e-mail through the Exchange server, as well as connect to OWA and other internal websites from external locations.

I recently changed my ISA configuration so that instead of publishing my websites through a Web Publishing Rule, I publish them using a Server Publishing Rule. I did this to combat an IIS logging problem I saw others having, that being all web requests log as having come from the ISA server. Changing to a Server Publishing Rule fixed that, but now I have a new issue:

All EXTERNAL users can see my web sites just fine. When an INTERNAL user tries to see one of the INTERNAL sites the error "cannot find server or DNS error" is displayed in the browser. This happens with both secureNAT clients and Firewall clients. (Internal clients get to external sites just fine).

The Server Publishing Rule, the inbound Protocol Definition, the IP Packet filter, and the destination set all seems to be configured correctly. Is there something obvious that I've missed to allow my internal users access to internal sites by FQDN?

------------------
In Your Service,

Joseph King, MCSE
http://www.joking.net/

Post #: 1

Featured Links*

RE: Server Publishing IIS - 18.Jul.2001 7:27:00 AM

tshinder

Posts: 47659
Joined: 10.Jan.2001
From: Texas
Status: offline

Hi Joseph,

It usually not a good idea to access internal resources via the ISA Server, as it needlessly ties up resources on the server. However, you should be able to access the server when you configure the internal clients to be web proxy clients. It should also work with Firewall clients, so its interesting that it doesn't work in your case.

HTH,
Tom

------------------
Tom Shinder
http://www.isaserver.org/shinder/
Get It Here

(in reply to joking)

Post #: 2

RE: Server Publishing IIS - 18.Jul.2001 8:01:00 AM

joking

Posts: 45
Joined: 13.Feb.2001
From: Phoenix, AZ USA
Status: offline

Tom - thanks for the reply. I bought your book, but it didn't mention this either.

There are only 2 users on the internal network, so resources weren't really an issue. In a larger network I would have had the sites on a DMZ, and the sites wouldn't have been on the same network as the clients, and that probably would have solved this.

In my scenario, with my clients being secureNAT, ALL traffic is being routed to the ISA server, unless the destination is an internal IP (in this case 10.1.200.x). Since the internal sites resolve to the external IP of the ISA server by FQDN, the clients go to ISA first to attempt to reach the sites.

I have a work-around in place - I added the FQDNs to the hosts file on each workstation. (There is no internal DNS server). Now the clients go directly to the internal IIS server for locally hosted domains.

The only issue I have (other than inconvenince) is that is SHOULD have worked - and I don't understand why it didn't...

------------------
In Your Service,

Joseph King, MCSE
http://www.joking.net/

(in reply to joking)

Post #: 3