• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Internal access to DMZ web

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 General ] >> General >> Internal access to DMZ web Page: [1]
Login
Message << Older Topic   Newer Topic >>
Internal access to DMZ web - 16.Dec.2004 4:04:00 PM   
jasonWI

 

Posts: 8
Joined: 11.Dec.2004
Status: offline
I have a 3-legged ISA config. External 222.222.222.x\24, DMZ 10.1.10.x\24, Internal 10.0.10.x\24. I have published a web server in the DMZ that points to 10.1.10.22 in the DMZ. All external access works fine. But when users on the internal network try to access the site. They get "Page not Found". Logging looks like a GET request is never even being sent. Just initiates a HTTP connection and that's the end of it.

I have a ROUTE relationship set up between DMZ and internal (which shouldn't matter, as the request should be going out ISA and then back in, all through the public interface on ISA, shouldn't they?) Internal users attempt to access the public URL.
I've circumvented the problem temporarily by putting a internal DNS entry pointing to the internal address of the DMZ server. Not the solution i want necessarily.
All other web browsing functionality works fine, just viewing the webs on the published DMZ server seems to cause me a problem.

If you know the answer to this one, please see my other post in "ISA 2004: Web Publishing" about viewing local sites through VPN.
Post #: 1
RE: Internal access to DMZ web - 17.Dec.2004 12:10:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Jason,

NO! The Internal Network clients SHOULD NOT loop back through the external interface to get into the DMZ. They should source from the Internal Network and destination to the DMZ Network. NEVER LOOP BACK through the ISA firewall!

HTH,
Tom

(in reply to jasonWI)
Post #: 2
RE: Internal access to DMZ web - 20.Dec.2004 3:18:00 PM   
jasonWI

 

Posts: 8
Joined: 11.Dec.2004
Status: offline
Thanks much Tom. I did finally find an article asking a similar question and saw the same answer there. What is the correct way to do this? I would assume the alternative DNS zone that point everything to the 10.1.10.x ip addresses.

Could you also take a look at this post.
http://forums.isaserver.org/ultimatebb.cgi?ubb=get_topic;f=21;t=000248

(in reply to jasonWI)
Post #: 3
RE: Internal access to DMZ web - 28.Jul.2005 9:35:00 AM   
denli

 

Posts: 27
Joined: 15.Jul.2005
Status: offline
If you use "floating addresses" with webpublish rules you will enable your clients on the inside to access the published sites with their published addresses.

When you select the network for the weblistener, select 'All Networks (and Local Host)' and don't specify an IP address anywhere for the weblistener to listen on.

(in reply to jasonWI)
Post #: 4

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 General ] >> General >> Internal access to DMZ web Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts