Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

The Hardest Time : ( With Web Publishing

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 General ] >> Web Publishing >> The Hardest Time : ( With Web Publishing Page: [1]
Login
Message << Older Topic   Newer Topic >>
The Hardest Time : ( With Web Publishing - 27.Mar.2004 4:37:00 PM   
shannonharvey

 

Posts: 56
Joined: 8.Feb.2002
From: Massachusetts
Status: offline 		Hello, Tom. Stephen (Hope I Spelled You Name Correctly) Or Whom Ever It May Concern:

Once again I finally get something down and here they go changing it again : ) ą.now donĘt get me wrong IĘm not complaining, IĘm just a bit frustrated with the chain of events, only to experience the same results of the product not workingąąthe problem that I am having is that of web publishingą..everything appears to work from an internal standpoint i.e.: www, webex, sharepoint and adminportalą.however if I try to get to these sites from an external standpoint nothing worksąplease keep in mind that the previous hostnames mentioned all reference mwcg.net.
The configuration that I am following is that of the DMZ pre-defined templateą..with two nicsą(not sure if I should add a third but I would imagine that any help that you can give me here would suggest that) on a domain controller (due to hardware constraints I am running everything on one machineą..mail, web, ad etc) the internal nic references 192.168.0.x and the external or (perimeter network references the ip that I am receiving from my isp comcast)
I have setup two hostnames in my dns one for internal the other for externaląąspecific names referencing web hosts are defined using cnamesą.the external hostname points to my external dns providers webhop server and fqdn names point to this host via cnames. So it appears as though I am running a split dns configurationą.is this not the case? My sole reasoning for following this config was that if I am to call on one of my websites using the fqdn the process would hit my external dns server (hosted on dyndns.org) and come back to my isa serverą.sure I know its sloppy, but if anyone can suggest a cleaner way of resolving this that would be great.
I have setup my web servers using isa 2004 and all appears to be setup correctly, but again if I try to access these sites from an external location it just sits internally works fineą.not sure if IĘve given enough information hereą.but if anyone can help with this it would be greatly appreciated.

Thank you,
Post #: 1
RE: The Hardest Time : ( With Web Publishing - 27.Mar.2004 6:45:00 PM   
tshinder

 

Posts: 47439
Joined: 10.Jan.2001
From: Texas
Status: offline 		Hi Shannon,

Its not clear what you configuration is like. Can you provide some exact details of your rules and FQDNs?

Thanks!
Tom

(in reply to shannonharvey)
Post #: 2
RE: The Hardest Time : ( With Web Publishing - 27.Mar.2004 9:09:00 PM   
shannonharvey

 

Posts: 56
Joined: 8.Feb.2002
From: Massachusetts
Status: offline 		Hi Tom,
IĘd be happy toą..as mentioned in my previous message I have a dns server running on the isa box with the following a records (1) corpwebs.mwcg.net and (2) ehopwebs.mwcg.net each of my websites are defined by a host header value as they all use the same internal ip and if I did not put these into place then conflicts would exists allowing only one website to start, the host header values are as follows: cw.mwcg.net, ap.mwcg.net, we.mwcg.net and sp.mwcg.net all of which have cname records pointing to corpwebs.mwcg.net.
Additionally I have the following records placed within my dns, which are as follows: www.mwcg.net, adminportal.mwcg.net, webex.mwcg.net, and spa.mwcg.net all of which have cname record pointing to ehopwebs.mwcg.net. To reiterate corpwebs is an (a) record pointing to 192.168.0.1 ehopwebs is an (a) pointing to a dyndns webhop server.
My web publishing rules on the isa server are as follows: policy name, action is (allow), protocol is (http), from is defined as (anywhere), to is defined as the respective cname record, all in all rules are defined as follows: 1. computer name is cw.mwcg.net, published name or domain name is www.mwcg.net, 2. computer name is we.mwcg.net, published name or domain name is webex.mwcg.net, 3. computer name is ap.mwcg.net, published name or domain name is adminportal.mwcg.net, and 4. computer name is sp.mwcg.net, published name or domain name is spadmin.mwcg.net.
As mentioned in my previous posting everything works fine internally, however when I attempt to access these sites from an external location, nothing worksą..IĘm sure IĘm missing something but with the lack of documentation with the product being in mid-beta its tough to narrow it down to a particular area.
Furthermore my web listener is configured as follows: networks = internal and pointing to internal ip address, which listens on port 80. I hope I am providing you with enough information to assist me in resolving thisą..if I am not I ask that you provide me with some guidance as to what area of my configuration you are looking for.
Thank you,


Shannon M. Harvey
Microsoft Certified Professional
President, Technical Director Network Operations
MetroWestConsultingGroup
Marlborough, MA. 01752
shannonharvey@mwcg.net / shannonharvey@yahoo.com

(in reply to shannonharvey)
Post #: 3
RE: The Hardest Time : ( With Web Publishing - 28.Mar.2004 8:27:00 PM   
tshinder

 

Posts: 47439
Joined: 10.Jan.2001
From: Texas
Status: offline 		Hi Shannon,

The first thing I'm thinking of is that the DNS server is on the ISA firewall itself. If the firewall is configured to use itself, it may be trying to resolve the names in the redirect to a public address, instead of resolving them to a private address on the internal network.

What does the log file on the ISA firewall say? Does it provide any information other than "default rule -- denied"?

One method that I often use which helps a lot is to redirect based on the same name the external users uses. For example, if the request comes in for blah.domain.com, I redirect to blah.domain.com, regardless of the actual name of the server on the internal network. This gets a bit tricky when using host headers (I don't use them because they create a lot of problems, don't work with SSL, and caused some problems with ISA 2000, and private addresses are pretty cheap [Smile] ). However, you should still be able to use the same method when using host headers to host multiple machines on a single Web server.

HTH,
Tom

(in reply to shannonharvey)
Post #: 4

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 General ] >> Web Publishing >> The Hardest Time : ( With Web Publishing Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts