Welcome to ISAserver.org

Unihomed ISA 2004 web publishing

Users viewing this topic: none

Logged in as: Guest

Printable Version

All Forums >> [ISA Server 2004 General ] >> Web Publishing >> Unihomed ISA 2004 web publishing

Page: [1]

Message

<< Older Topic Newer Topic >>

Unihomed ISA 2004 web publishing - 28.Apr.2005 1:25:00 AM

ashwaniram

Posts: 3
Joined: 15.Feb.2005
Status: offline

I have installed ISA on windows 2003 which has a single NIC but dual IP. One IP is for the proxy server. Clients are configured as Web proxy clients. The second IP on the same NIC is for the external website and Intranet that is hosted on the ISA server. The public IP of the corporate website is NATed to an internal IP which is on the single NIC of the ISA server (the second IP). I have disabled socket pooling. Internal DNS is AD integrated.

Problems
--------
I find that the ISA server only registers its primary IP (first IP) on the adapter in the internal DNS. I manually entered the second IP (which is for the corporate website) in the DNS but it keeps on disappearing from the DNS entry. Why does this happen.

I see users that are trying to get to our intranet and corporate website which is published on the same IP (using different host headers)hit the NIC on its primary IP on port 8080 and getting connection denied or unknown protocol. It should actually hit the second IP on which the websites are published. I think the problem is the web listner which is redirecting the web requests to the primary IP on the adapter, This is what I have isolated the problem to. When you select the server on which the website is published you can only select the server from the active directory not the IP from the DNS. So the listner which is configured to listen on the secondary IP does listen on this but the redircetion is sometimes performed to the internal primary IP because this is what it picks up from the DNS via name resolution. Remember The server has 2 IPs.

I am also now getting warnings about port scan attacks from public IPs which can not be true cause there is a firewall in front which blocks everything accept ports for mail, https, rdp and http.

Temporary Resolution
-----------
I have set the website to be published on both IPs and have configured the TCP/IP properties on the single NIC not to register in the DNS. and have manually configured the WPAD entries in DHCP and DNS to the primary IP of the NIC and the server name to the secondary IP on the NIC.

Would like further advice if there is a proper soltuion to this problem.

cheers