Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Webserver Help
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
Webserver Help - 31.Jan.2007 12:27:37 PM
|
|
|
jbarrett@slrsd.org
Posts: 16
Joined: 15.Feb.2006
Status: offline
|
Hi Everyone,
The issus I am having, and I'm not sure if it is ISA Related. We have an AD Domain ****.prvt on the inside and a *****.org for of external website. Our Web server is located behind our ISA Server.
I have Web Server publishing rule and everything is working fine The web site has an internal address of 10.x.x.x
The problem I am having is whenever someone access the website they go out to internet and back in to internal network to access website. I would like to cut down on my bandwidth by making internal users go directly to website on the inside. Then have them go out to internet then back in to internal network.
Thanks
Jackie
|
|
|
|
|
RE: Webserver Help - 2.Feb.2007 2:59:53 PM
|
|
|
jbarrett@slrsd.org
Posts: 16
Joined: 15.Feb.2006
Status: offline
|
Tom,
Did the trick. I also had to create a rule to allow access to Web Server IP Address. Everything seems to be working. Again thatnks for the help
Jackie
|
|
|
|
|
RE: Webserver Help - 3.Feb.2007 6:09:03 PM
|
|
|
jbarrett@slrsd.org
Posts: 16
Joined: 15.Feb.2006
Status: offline
|
Tom,
Came up with another problem now. When I try to access OWA from internal network I am getting
Error Code 10061: Connection refused
Background: The server you are attempting to access has refused the connection with the gateway. This usually results from trying to connect to a service that is inactive on the server.
Date: 2/3/2007 10:59:51 PM
Server: FRANKLIN.XXXX.PRVT
Source: Remote server
The address for OWA is mail.xxxx.org
In my DNS I have an entry for Host record that point mail.xxxx.org to my public address. I know there is a routing issue and\or access policy issue but not sure what it is. OWA works fine outside of internal Network.
Thanks
Jackie
|
|
|
|
|
RE: Webserver Help - 4.Feb.2007 11:47:37 AM
|
|
|
tshinder
Posts: 47669
Joined: 10.Jan.2001
From: Texas
Status: online
|
Hi Jackie,
Enable the Web listener on the internal interface as well, and then configure the split DNS to resolve the name for internal users to the internal interface address.
HTH,
Tom
_____________________________
Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
|
|
|
|
|
RE: Webserver Help - 4.Feb.2007 1:15:07 PM
|
|
|
jbarrett@slrsd.org
Posts: 16
Joined: 15.Feb.2006
Status: offline
|
Tom,
I think I have something messed up. Here is my setup
DNS server
One zone for NETWORK.PRVT, this is for internal Network,
I created another zone for Network.ORG in this zone I created host record for www.network.org that points to my website with an address of 10..x.x.x this is working fine now when users go to website they stay on internal network as was the original problem. I also created a host record for mail.network.org with an address of 216.x.x.x. Before I setup zone for NETWORK.ORG everything worked fine.
I have an weblistener that that uses external network I have enabled http port 80 and ssl port 443. Certificate is SERVER.NETWORK.PRVT. Authentication is OWA Form based. I am using ssl so I could enable "Change Password" in OWA. Works fine.
My NIC on ISA SERVERS are as follow
Internal NIC
IP 10.2.5.2
SM 255.255.255.0
DG 10.2.0.253
DNS
10.2.5.3
10.2.5.5
External NIC
IP 10.2.0.253
SM 255.255.255.0
DG 10.2.0.254
NO DNS entries
10.2.0.254 is the internal address of our router, and the outside address of router is 216.x.x.x which is the IP address of mail.network.org
Tom any help would be greatly appriciated. I hope I've given you enough info.
Thanks
Jackie
|
|
|
|
|
RE: Webserver Help - 6.Feb.2007 12:01:30 PM
|
|
|
tshinder
Posts: 47669
Joined: 10.Jan.2001
From: Texas
Status: online
|
Hi Jackie,
You still need to create split DNS entries so that internal users use the internal interface to reach the site and external users use the external interface to reach the site.
HTH,
Tom
_____________________________
Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
|
|
|
|
|
RE: Webserver Help - 8.Feb.2007 12:27:44 PM
|
|
|
jbarrett@slrsd.org
Posts: 16
Joined: 15.Feb.2006
Status: offline
|
Tom,
I forgot to tell you I have Web Proxy enabled using port 8080. If I shut off the Web Proxy, I get OWA to work fine, but when I turn it back on I still get the error. I did some logging and it looks like it is the Default rule that is blocking it. The rule that is setup when you first install ISA. Any Ideas.
Again Tom thanks for the help
Jackie
|
|
|
|
|
RE: Webserver Help - 13.Feb.2007 3:50:34 PM
|
|
|
tshinder
Posts: 47669
Joined: 10.Jan.2001
From: Texas
Status: online
|
Hi Jackie,
The Web proxy setting shouldn't matter, because the split DNS and Direct Access will forward the connection to the internal Web listener, which is listening on TCP 443.
HTH,
Tom
_____________________________
Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
