Internet clients (using the external domain name) can reach the internal web server home page.

Internal clients (using the external domain name) get:
10061 - Connection refused
Internet Security and Acceleration Server

When I published the internal web server with 'Web Publishing' both internal and Internet clients could access the internal web server via the external domain name.

Why does server publishing give this error to internal clients? (If internal clients access the internal web server using its internal host name it works fine. And in both cases the home page was using anonymous access.)

Howie

This is normal. The Web Proxy service intervenes and makes this possible. NAT isn't smart so it doesn't work when you use server publishing rules.

Keep in mind that internal clients need to access internal resources directly. There's no point to wasting the resouces on the ISA Server for internal clients to access internal sites.

HTH,
Tom

------------------
http://www.isaserver.org/shinder/



Get It Here!

It does however make testing my SPS extranet configurations more difficult. :)

I understand! I found myself in the same predicament. I used a laptop with a modem connected to another ISP to do my client-side testing.

HTH,
Tom

------------------
http://www.isaserver.org/shinder/



Get It Here!

E.g, we have an internal active directory domain 123.com, and we host www.345.com on internal IP 10.1.1.2, external 111.111.111.111. How do i put an entry in for www.345.com, the entry page doesnt allow full stops when adding an A record (which is right) do I have to create 345.com and all the others as domains in active directory?

Urk..just re-read this and it makes little sense, too tired to amend it though.

Help!

On your AD "Internal" DNS Server, you need to add the "External" Zones (Domains) to your DNS Configuration. Then, for the newly created External Zones, create Host (A) records to point the External FQDN to its Internal IP Address.

Example:

on your External DNS Server (or ISPs), lets say that you have three hosts: www.domain.com
ftp.domain.com
mail.domain.com

In order for these host to resolve to Internal Addresses instead of External, you would create the domain.com zone on your Internal DNS Server, then add host records for www, ftp, and mail that all point to their internal IP address. This way, when your internal clients attempt to resolve www.domain.com, instead of your Internal DNS server fowarding the request to the Internet, it checks to see that it now currently resolves for domain.com, and will check against its own database.

For SecureNat clients, everything is set after this. However, if you have FireWall Cleints, make sure that these addresses are in the local domain table, otherwise it will foward these request to get resolved by the ISA server, which more than likely will resolve it to its external name, which gets you back to square one.

HTH - Mike

quote:

---

Originally posted by Jez:
Have same problem, but we need to access all of our websites. We have about 120 of them, so cant keep typing in internal (10.x.x.x) ips all the time. Its been posted that you can add the entries to an internal DNS server, but how is this done as the domains are different.

E.g, we have an internal active directory domain 123.com, and we host www.345.com on internal IP 10.1.1.2, external 111.111.111.111. How do i put an entry in for www.345.com, the entry page doesnt allow full stops when adding an A record (which is right) do I have to create 345.com and all the others as domains in active directory?

Urk..just re-read this and it makes little sense, too tired to amend it though.

Help!

---

Cheers Mike.