I'm still trying to find out what's going on. I'll keep everyone posted.

------------------
-=john=-
MCSE,MCP+I,CCNA,CCA

Any ideas anyone?

------------------
-=john=-
MCSE,MCP+I,CCNA,CCA

Make sure the web site is accessible from ISA. This should absolve any DNS issues.

The run through the web publishing wizard.

Good Luck
Chris

The listen is setup on that interface listening on port 80. no other authentication options are check - pretty simple. I tried the web site from the ISA server itself, and I can get on with no problem. However, from the web, I cannot unless I remove the packet filters.

------------------
-=john=-
MCSE,MCP+I,CCNA,CCA

When creating your publishing rules, are you using the FQDN that can be accessed by an external user?

Check out the articles I have on publishing at www.isaserver.org/shinder

The second article is a little jumbled up, but it should be fixed by tomorrow and will include the graphics and fixes to the text.

Thanks!

Tom

------------------
Tom Shinder
http://www.isaserver.org/shinder/

No, I am not using the FQDN on the web publishing rule. Thiese are the steps that I took:
1. Configured incoming web requests for the server. I configured listeners individually per address, and used the correct interface for the web. I set the TCP port to 80.
2. Created a destination set. NAME: WWW.MYSERVER.COM, Destination: WWW.MYSERVER.COM
3. Created a web oublishing rule. NAME: Webtest (enabled it). DESTINATION: selected dest set: WWW.MYSERVER.COM, ACTION: Redirect the request to this internal web server: 172.X.Y.Z (the private address of the server), the rest are deafults. So... I am not using a FQDN name here.

I even created an IP packet filter to allow HTTP server (port 80) traffic in. If I totally remove IP packet filtering, it works.

Also, I cannot find your second article (the one that is jumbled). Is it available yet?

Thanx again for all your help!

------------------
-=john=-
MCSE,MCP+I,CCNA,CCA

------------------
-=john=-
MCSE,MCP+I,CCNA,CCA

The only info I can add to the mix is that this is NOT ISA Enterprise Edition, it is Standard edition (not sure if that matters - it shouldn't).

I'm going to re-check the Internal web server itself. I know it is setup as a SecureMAT client, with the default gateway the ISA server itself. But, you mention in the second article of yours that the DNS configuration must be set. I will double check that.

TIA,

------------------
-=john=-
MCSE,MCP+I,CCNA,CCA

From the packet filter log:
SOURCE IP: 10.1.1.77
DEST IP: 10.1.1.68
PROTOCOL: TCP
PARAM #1: 3428
PARAM #2: 80
FILTER RULE: Spoof
INTERFACE: 10.1.1.68

Please note that the IP addresses have been changed to protect the innocent ( ). Also, my external PC is on the same subnet as the external interface of the ISA server (whcih should not be a problem since they are valid internet addresses).

Any thoughts on this???

------------------
-=john=-
MCSE,MCP+I,CCNA,CCA

It may be a problem with your LAT. Make sure that only the IP addresses on the internal network are included on the LAT. If a host on the external network has an IP address that is included on the LAT, it will be interpreted as a spoof attack.

You might try turning off intrusion detection and see what happens. Also, check from an external network client coming from a remote network. Connect a laptop to an ISP and then try to access the published web site.

HTH,
Tom

------------------
Tom Shinder
http://www.isaserver.org/shinder/

My LAT consisted of public address, but none from the subnet that I am testing on (some of my clients are still using opublic address internally. Since we route to the via private WAN connections, they are essential private address to my internal LAN). Anyway, I removed them from the LAT, still no luck.

I also tried to connect from my PC at home (totally different subnet) - Still no luck.

I also tried to remove intrusion detection. Guess what - still no luck.

Any other thoughts? This is really driving me nuts!

Tahnx again for all the help.

------------------
-=john=-
MCSE,MCP+I,CCNA,CCA

------------------
-=john=-
MCSE,MCP+I,CCNA,CCA

Thanks! Its interesting that they didn't have an answer to the spoof problem right away. That indicates that it isn't an easy or typical issue. Please let us know what they say! The answer should be very interesting.

Thanks!

Tom

------------------
Tom Shinder
http://www.isaserver.org/shinder/

Microsoft is still working on the spoof problem. Real interesting problem. I still have to put back the 4 or 5 changes that we made to see which fixed the publishing (the problem was that we tested after each change, and the problem did not fix. So we bounced the server and noticed it was working).

NOw anyone on the planet can access the web I published - unless you are on the same subnet as the external interface!

I'm thinking that the issue may lie in the fact that this machine has two external NICS on that subnet. It doen't make any sense to me, but I'm going to remove one of the NICS and test again.

Hopefully Microsoft will get back to me with an answer. The problem is being escalated internally to see what they can do. The MS tech is actually very knowledgeable - just stumped on the spoof problem - but i'm sure he'll get an answer.

You can feel good also, as the tech had great things to say about you and the entire isaserver.org site.

Keep up the good work - this site is great.

------------------
-=john=-
MCSE,MCP+I,CCNA,CCA

Thanks for getting back to us on this! It'll be really interesting to see what the issue is with the spoof issue when someone on the same network ID as the external interface tries to connect. Definitely looking forward to seeing what they come up with.

And thanks for sharing what MS said! That's really nice. Maybe some of those dudes can post some of their ISA secrets

Tom

------------------
Tom Shinder
http://www.isaserver.org/shinder/