server publishing not working (Full Version)

All Forums >> [ISA 2006 Publishing] >> Server Publishing


fres -> server publishing not working (22.Sep.2008 5:58:05 PM)

I am attempting to publish a web application with server puslishing that uses SSL x509 and a chat feature that runs on Port 8090 and it doesnt appear to be working. I have Shinder book for ISA 2004 and I am new to ISA. The book is helpful but I am now stuck.

I have ISA 2004 with 2 nic cards.
I configured the Internal network with all the IP ranges from my domain and the other domains in the forest.
I used the edgefire wall template and I created a Server Publishing rule for SSL traffic. I created a separate server publishing rule for the chat feature. I am not sure what protocol the chat feature uses. I set it up with TCP.
I am behind a hardware fire wall that has a NAT that exposes an IP on our LAN to the Internet.

I set up a Split DNS. I have SSL x509 installed on the server. I do not want to use bridging because I can not export the SSL Certificate from Apache Tom cat.

I use the same url externally to connect to the server as I do internally hence the split DNS.
I connected to my network from outside my Internal network from the Internet and The query in the monitoring didnt show a connection.. I connected to tha application that I am trying to publish and used the application and still the logging component is ISA  didnt show my connection. I was able to connect to the Web application with no problem. It looks like the ISA didnt do anything.

In addition to this problem the logging is showing a lot of denied netbios datagram and netbios name service. connections between the Internal Network and the local network.  The denied connection is due to the default rule.

I greatly appreciate any help.


Jason Jones -> RE: server publishing not working (23.Sep.2008 4:06:39 AM)

Can you provide details of your server publishing rule?

What network relationship do you have between you Internal and External networks?

The denied connections are normal for "noisy" NetBIOS protocols...



fres -> RE: server publishing not working (23.Sep.2008 5:56:34 PM)


Thanks for the help. I have the default relationships
I have the following relationships
Internet access
Source network: Internal, Quarntined VPN clients and VPN clients
Destination Network is External
The relationship is NAT

After reading your note I added a network relationship
External to Internal with a NAT relationship but no luck

VPN CLients to Internal Network
Source Network Quarntined VPN Clinent and VPN Clients

Desitination Network external
Relationship Route

I also have the local host  access
Source network Local Host
destination All networks.
relationship: route
I believe I need a NAT relationship because I am attempting to publish an HTTPS web site with a server rule using tunnelling. I would look into using bridging but I can't export the SSL certificate from the server. The certificate is installed in Apache Tom Cat 4.1

Jason Jones -> RE: server publishing not working (24.Sep.2008 6:29:40 PM)

Details of your publishing rule??? [;)]

fres -> RE: server publishing not working (26.Sep.2008 5:11:38 PM)

I have 2 server publishing rules
1. All Inbound TCP traffic from port 8090 from External
To the IP address of a server on the Internal Network
The check box "requests appear to come from ISA server is checked"
I am not sure that I should be using TCP traffic. I was told that the application uses streaming text. This publishing rule is supposed to allow the chat function to work.
Networks for the listener to listen on is External

2. HTTPS protocal
allow network traffic using HTTPS server from External to an IP Address of a server on the Internal network(the same server as the first rule)
The option requests appear to come from the ISA server computer is checked.
The Listener is set to listen on the external network.

Many thanks

fres -> RE: server publishing not working (28.Sep.2008 8:23:59 PM)


This might be a not so intelligent question but please bear with me

I have a Natted IP address from a hardware fire wall that exposes my Web application to the Internet. Does the ISA need to directly plug into that NATTED IP address?

Should we configure the Natted IP address to a port on our switch and should I plug the external NIC card directly into that port?

Currently I have the Internal and External Nic cards plugged into our LAN.

I hope that makes sense.


Page: [1]