Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Server Publishing with Route Relationship between internal and Perimeter

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 General ] >> Server Publishing >> Server Publishing with Route Relationship between internal and Perimeter Page: [1]
Login
Message << Older Topic   Newer Topic >>
Server Publishing with Route Relationship between inter... - 3.Aug.2005 8:17:00 AM   
th.maier

 

Posts: 8
Joined: 22.Jul.2005
From: Germany
Status: offline 		We have been publishing an license server from our internal network to an external network. It worked just fine until we changed our Firewallsetup to enable OWA.

FW Setup before:

ISA Server 2004 as front- and backendfirewalls
NAT Relationship between internal and perimeter-network and NAT between internal and external network.
We used a publishing rule on fe and be fw to enable the access to certain port on the license-server for a limited number of ip-adresses on the external network.

FW Setup now:

Switched to Route-Relationship between the perimeter and the internal network. We didn't get OWA to work with NAT, but also wanted to use the route relationsship because we are planning to use ipsec between fe and be exchange.

This leaves us with to questions:

1. Is serverpublishing not working with a routerelationship?

2. How to create an accessrule to publish a the license server to the external network.
(We tried to route the request directly from the fe to the internal license server, but failed to do so because the fe fw didn't accept the internal gateway (be fw).

Any thoughts?

Thanks.

Thomas
Post #: 1
RE: Server Publishing with Route Relationship between i... - 3.Aug.2005 8:56:00 AM   
tshinder

 

Posts: 47659
Joined: 10.Jan.2001
From: Texas
Status: offline 		Hi Thomas,

If you have a route relationship between the back-end ISA firewall's internal network and the DMZ, then you need to include the IP addresses in the back-end ISA firewall's internal network in the defintiion of the front-end ISA firewall's Internal Network.

HTH,
Tom

(in reply to th.maier)
Post #: 2
RE: Server Publishing with Route Relationship between i... - 4.Aug.2005 8:56:00 AM   
th.maier

 

Posts: 8
Joined: 22.Jul.2005
From: Germany
Status: offline 		Thanks for the quick reply.
It gave the right hint.

This is what we did:

1. We added the IP of the internal server to the fe fw perimeter network.
2. We created a manual routing entry to ensure the fe fw to access the internal server via the be fw.
3. We changed the publishing rule on the fe fw to forward requests directly to the internal server. Additionaly we defined the request to appear as a request from the fe fw.

4. On the be fw we are fowarding the request from the perimeter network to the internal server.

One final question:

Should we have any concerns about defining a routing entry on the fe fw that points to the internal network?

Thanks

Thomas

(in reply to th.maier)
Post #: 3
RE: Server Publishing with Route Relationship between i... - 5.Aug.2005 2:19:00 PM   
ClintD

 

Posts: 1833
Joined: 26.Jan.2001
From: Keller, TX
Status: offline 		Not necesarily - the route only tells Windows where to send the packet. It is up to ISA's Firewall Policy Access Rules to determine if the packet is allowed.

(in reply to th.maier)
Post #: 4

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 General ] >> Server Publishing >> Server Publishing with Route Relationship between internal and Perimeter Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts