Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Web listeners in multiple DMZ
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
Web listeners in multiple DMZ - 20.Aug.2004 5:17:00 PM
|
|
|
Guest
|
Hi,
I have multiple DMZ segments, and single External and internal interface.
I've configured Routing between DMZ segments.
I have some web sites using http and https in one DMZ segment. I want to configure the access to them by means of http and https.
So, I've exported and imported the required server certificates for the web sites to the ISA 2004.
Here is one of the web listener's properties:
Name: Web listener 1
Listen on:
External (192.168.10.10)
Internal (10.1.0.253)
DMZ1 (172.20.10.10)
Protocols:
Http
Https (with certificate www.example.com)
Authentication Integrated
Also, there is a publishing rule which uses this Listener. The basic idea is to use HTTPS to the ISA, and then HTTP from ISA to the web server.
If I try to connect from outside (using external interface), everything is ok.
If I try to connect from any other network (inside or any DMZ segment), I can't connect using HTTPS.
The error message is "Connection refused"
I've looked in log files, and there is a strange thing.
When I try to connect from the outside, ISA is using HTTP to communicate with the web server, which is the exact thing I want.
But, If I try to connect, for example, from the inside, ISA is trying to connect to web server using HTTPS. ??????????????
Can anybody explain this?
Help will be appreciated.
Thank you,
John
|
|
|
|
|
RE: Web listeners in multiple DMZ - 25.Aug.2004 1:32:00 PM
|
|
|
tshinder
Posts: 47668
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi John,
Can you break this down a bit? Not sure what you're actually trying to accomplish and what is and what is not working.
Thanks!
Tom
|
|
|
|
|
RE: Web listeners in multiple DMZ - 25.Aug.2004 10:32:00 PM
|
|
|
Guest
|
Hi Thomas,
To make a long story short...
Do I need the publish a service, located in the DMZ for internal users (from
Internal segment), or do I only need to create an access rule from Internal
to DMZ segment?
From my point of view, you only need to publish (Web publish or server
publish) the resources for the external usage from the Internet.
Am I wrong?
John
|
|
|
|
|
RE: Web listeners in multiple DMZ - 26.Aug.2004 3:53:00 PM
|
|
|
tshinder
Posts: 47668
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi John,
Great! Got it.
For the Internal network hosts, you can create an access rule. Its doesn't matter if there is a route or NAT relationship between the Internal-->DMZ networks, access rules are the way to go.
HTH<
Tom
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
