Hi, can anyone give me some advice on publishing WSS 3.0 sites through ISA 2006. Basically I have 3 sharepoint sites, staff.sale.com. student.sale.com. parent.sale.com all sites are on port 80 using host headers. Now I have setup 3 external urls, www.staffintranet.co.uk, www.studentintranet.co.uk and www.parentintranet.co.uk My workplace already sits inside a DMZ from the local authority who control the firewall but have allocted an external IP on the firewall, eg, 188.8.131.52 and this is set to forward to the ip of the ISA server internally eg: 10.10.10.10. Now when I go to the ISP hosting for my external urls I have to put forwarding on so that when someone types in www.staffintranet.co.uk it forwards to 184.108.40.206 which then forwards to 10.10.10.10. Now the problem I am having is that when I set up an ISA sharepoint publishing rule and put in the public address, it will not accept the external url, it will only accept the external ip 220.127.116.11. Now this is great but only 1 site works, when I try and establish the other sites it states that you cannot setup a publishing rule using the same ip and port. What do I have to do to be able to route all three external urls through the ISA server to the internal urls.
Hi, Many thanks for the reply. Ok, firstly you say to make sure I have DNS records for the external URL's pointing to the public IP. This is done through GODaddy but do you mean that I have to have DNS records on my internal server as well. If so how do I create them as my internal domain name is sale.com but my external domain is .co.uk. Secondly you say the public IP should be configured on the ISA server and set to be forwarded for http in the firewall. Where do I set this. The publishing rule is set and I understand that bit. Sorry for seeming abit dim on this!!
That IP you reserved on the firewall needs to go to the isa server so Internet Traffic -> Firewall -> isa server nic 1 (public IP) -> isa server nic 2 (private IP) -> sharepoint Private IP
so client on the internet browses to www.staffintranet.co.uk this DNS record needs to translate to 18.104.22.168 client sends the hostheader www.staffintranet.co.uk to the isa server, isa server understands that hostheader and forwards the packet to the internal name staff.sales.com sharepoint server which in turn understands your staff.sales.com names
The ISA server needs to know where the sales.com sites are located so OR you create DNS records for the internal network OR use hostfile on the ISA server to put the sales.com names. but i think you allready have those dns records for your internal network.
So those guys that manage the firewall need to make sure that every packet on http destined for your 22.214.171.124 address is allowed to pass through to your isa server.
You need to make sure that the isa server has 2 network cards (nics) You need to make sure that ISA can resolve the internal names.
OK I think things are abit clearer. I have my ISA server setup as a single NIC unihome web publishing server. What you are saying is that I need to insert another NIC card and put the external firewall ip of 126.96.36.199 in as its ip on the new NIC. Now the guys who have setup the external firewall have got 188.8.131.52 forwarding to the internal ip of the ISA server 10.111.111.111. with all http packets allowed. Is this correct?? The ISA can resolve the internal names because I can open the internal sharepoint sites on the ISA server.
It IS possible to use 1 nic but it is more secure to use 2 nics and also more clearer to setup.
the first nic which is connected to the firewall needs to get the public ip the second nic has an internal ip so it can communicate with the sharepoint server(s), the second you allready have setup so just add the second and define it with the public ip.
The firewall people should know how to route traffic for your public ip as they have a subnet of IP's and the only thing they have to do is to allow traffic.
tell me your setup of the rules you made on isa as soon as your ready.
Hey Jack, Many thanks for taking the time to explain this to me. It was one subject I was having trouble getting my head around but now seems alot clearer. I will try the second NIC early next week and make sure the firewall team have the external IP set to pass HTTP traffic through. I will let you know how I get on.