Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Why does NAT not work for internal clients ?
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
Why does NAT not work for internal clients ? - 24.Jun.2004 5:36:00 AM
|
|
|
jvanosch
Posts: 15
Joined: 22.Jun.2004
Status: offline
|
I'm sure this is super easy.. I just can't figure out for the life of me what to change to make this work.
situation:
NAT - public side 20.1.1.50 / private side 10.1.1.50
WAN side requests to 20.1.1.50 get redirected to 10.1.1.50 on LAN side
LAN side requests to 20.1.1.50 stop at firewall.
How can I make it so LAN side requests get redirected back to the internal network to the server's LAN IP address ?
Any help would be greatly appreciated. It's critical this get solved ASAP.
|
|
|
|
RE: Why does NAT not work for internal clients ? - 24.Jun.2004 4:25:00 PM
|
|
|
lhamstra
Posts: 19
Joined: 20.Jun.2002
Status: offline
|
Hello jvanosch
So bassically want you want is that you publish your 20.1.1.50(NonLAT -> 10.1.1.50(LAT)
You can make a server publishing rule from 20.1.1.50 to 10.1.1.50 with the know protocol.
As the request come from the Internet, this source address normally wil no be translated(half NAT), your Internal LAN server has to have his default gateway to the Internal IP address of the ISA server.
Does this not work, I would try to see in the loggin if this request gests blocked in one or the other way.
Liekele
|
|
|
|
|
RE: Why does NAT not work for internal clients ? - 24.Jun.2004 6:22:00 PM
|
|
|
jvanosch
Posts: 15
Joined: 22.Jun.2004
Status: offline
|
I've already got a server publishing rule to do this NAT translation from external requests (which works fine). The problem is that this same translation doesn't seem to occur when the request comes from the inside.
|
|
|
|
|
RE: Why does NAT not work for internal clients ? - 24.Jun.2004 7:16:00 PM
|
|
|
jvanosch
Posts: 15
Joined: 22.Jun.2004
Status: offline
|
The server is reachable from the inside if sent to it's internal IP, however it's the server that sends the IP clients should be connecting to. If the server is set to send it's external address, then it will work for people outside our network, but not for those inside our network. And visa versa if sending it's internal address.
|
|
|
|
|
RE: Why does NAT not work for internal clients ? - 24.Jun.2004 8:57:00 PM
|
|
|
spouseele
Posts: 12782
Joined: 1.Jun.2001
From: Belgium
Status: offline
|
Hi jvanosch,
you can't loop through the ISA external interface. Therefore, internal users should always connect directly to the internal resource, not to the published instance of it.
For more info, check out http://www.isaserver.org/articles/14120_Errors_Discussion_and_Solution.html .
HTH,
Stefaan
|
|
|
|
|
RE: Why does NAT not work for internal clients ? - 24.Jun.2004 9:25:00 PM
|
|
|
jvanosch
Posts: 15
Joined: 22.Jun.2004
Status: offline
|
I wish I had an option in this case.
The server sends the IP address clients should connect to. This IP address can either be the public, or the private IP, however whichever one we set the server to send, the other side of the firewall will not be able to connect... hmm.. oh well.. at least now I know.
Thank you very much for your assistance all the same.
Sincerly
Jason
|
|
|
|
|
RE: Why does NAT not work for internal clients ? - 24.Jun.2004 9:33:00 PM
|
|
|
spouseele
Posts: 12782
Joined: 1.Jun.2001
From: Belgium
Status: offline
|
Hi Jason,
the solution to your problem is to implement a split DNS infrastructure. Check out the articles on this subject.
HTH,
Stefaan
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
RE: Why does NAT not work for internal clients ? - ![[Smile]](/image/smiles/smile.gif)
