Welcome to ISAserver.org

webserver not reachable

Users viewing this topic: none

Logged in as: Guest

Printable Version

All Forums >> [ISA Server 2000 General] >> Installation >> webserver not reachable

Page: [1]

Message

<< Older Topic Newer Topic >>

webserver not reachable - 16.Oct.2002 8:29:00 AM

dumpie

Posts: 18
Joined: 15.Oct.2002
Status: offline

I have installed ISA server trial version for test pruposes on a server with 3 NIC's to create a three-homed DMZ scenario.

the facts:

I received a range of 16 public IP adresses from my provider: 194.78.64.112/28 (means 16 addresses and 194.78.64.113 will be the default gateway (DG) )

I have an ADSL router connection with fixed public IP adresses (217.136.171.68 at the WAN-internet side and 194.78.64.113 at our side).

Furthermore I have a firewall server with 3 NIC's and a WWW-server in the DMZ zone.

Firewall server:
NIC 1 (external, going to the internet): 194.78.64.114 subnet 255.255.255.240 DG 194.78.64.113

NIC 2 (going to DMZ zone/perimeter network): 194.78.64.121 subnet 255.255.255.248 DG: none

NIC 3 (internal/going to my LAN) 192.168.38.20 subnet 255.255.255.0 DG: none

All PC's in the LAN have an IP address in the range 192.168.38.x subnet 255.255.255.0 and firewall client software installed.

WWW-server: 194.78.64.122 subnet: 255.255.255.248 DG: 194.78.64.121

I want to use ISA server as firewall protection and give the possibility to my LAN users to surf using the same connection (NAT).

The NAT works, my users can surf to the internet ans to our WWW-server in the DMZ but nobody outside on the internet can access my webserver.

On the ISA server I enabled packet filters for HTTP.

My questions: is the above usage of IP addresses correct ? and why people on the internet cannot access my webserver ?

PS: when I remove the ISA server and connect my WWW-server directly to my ADSL router, outside users are able to surf to it. Also, I noticed even with the ISA server that I can telnet to port 80 of the WWW-server from internet.

Post #: 1

Featured Links*

RE: webserver not reachable - 16.Oct.2002 8:49:00 PM

spouseele

Posts: 12826
Joined: 1.Jun.2001
From: Belgium
Status: offline

Hi dumpie,

you have not properly segmented your public IP address space 194.78.64.112/28. Your DMZ subnet 194.78.64.120/29 is OK. However, the external subnet should be 194.78.64.112/29 (subnetmask 255.255.255.248).

So, change the subnetmask on the ISP *and* ISA external interface to /29 and add to the ISP router a static route for your DMZ subnet 194.78.64.120/29 pointing to the ISA external interface (194.78.64.114).

HTH,
Stefaan

(in reply to dumpie)

Post #: 2