• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Internal Clients Cannot Access Webserver Behind ASA 5510

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2000 General] >> General >> Internal Clients Cannot Access Webserver Behind ASA 5510 Page: [1]
Login
Message << Older Topic   Newer Topic >>
Internal Clients Cannot Access Webserver Behind ASA 5510 - 12.Dec.2008 8:43:33 AM   
tanvir

 

Posts: 45
Joined: 5.Mar.2003
Status: offline
Hi All,

I have both ISA 2000 and ASA 5510 installed. A web server is published behind ASA which is working fine but only for external clients.

My problem is that my internal clients which is behiind ISA cannot access this webserver.

Please keep in mind that ISA is for only internet access for internal clients which is on a separate internet service provider.

My network configuration scenario is as;

Internal Clients: 192.168.1.x
ISA (Internal): 192.168.1.x
ISA (External): 202.61.x.x
ASA (Inside): 192.168.1.x
ASA (Outside): 202.63.x.x
ASA (DMZ): 192.168.4.1
Webserver: 192.168.4.2

Note: There are separate service providers connected to ISA and ASA respectively.

When I'm trying to access my web server located in ASA DMZ from behind ISA, it shows timeout error. Otherwise, when I'm accessing from outside or the same service provider as of ASA it works.

ISA log shows;
192.168.1.x Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.2; .NET CLR 1.1.4322; .NET CLR 2.0.50727) 2008-12-12 11:49:37 PROXY1 - mywebsite.com 192.168.4.2 443 - - - SSL-tunnel - mywebsite.com:443 Inet 10060
I was wondering how it shows 192.168.4.2, even my internal dns points to 202.63.x.x

Any help is appreciated.
Post #: 1
RE: Internal Clients Cannot Access Webserver Behind ASA... - 15.Dec.2008 12:24:44 AM   
tanvir

 

Posts: 45
Joined: 5.Mar.2003
Status: offline
Solved.

(in reply to tanvir)
Post #: 2
RE: Internal Clients Cannot Access Webserver Behind ASA... - 4.Feb.2009 10:17:52 AM   
lhrn

 

Posts: 2
Joined: 4.Feb.2009
Status: offline
How did you solve it? We are having the same issue

(in reply to tanvir)
Post #: 3
RE: Internal Clients Cannot Access Webserver Behind ASA... - 9.Feb.2009 2:56:53 AM   
tanvir

 

Posts: 45
Joined: 5.Mar.2003
Status: offline
Hi there,

Sorry for late reply. I did the following to accomplish my task.

Add an A record in  your internal DNS for your webserver (192.168.1.x). Keep in mind that it doesn't physically exists on your network. It can route the request to your firewall.

Configure static NAT on your ASA that will translate requests for webserver from inside (192.168.1.x) to DMZ network (192.168.4.x).

Hope you can understand and implement. Please don't hesitate to ask here.

Tanvir

(in reply to lhrn)
Post #: 4
RE: Internal Clients Cannot Access Webserver Behind ASA... - 9.Feb.2009 8:37:01 AM   
lhrn

 

Posts: 2
Joined: 4.Feb.2009
Status: offline
Thank you very much for your help.

Our router is configured by an external company and we are just changed our ISP. They tried to solve it and then a guy from CISCCO called in. We solved it by creating 3 Primary zone for each of the websites.

But for our old router it didnt need the primary zones. Our domain is named mydomain.local and our web address is mydomain.on.ca. We have two other websites. All of them hosted internally. We do not have DMZ.

So we need to create a A record for mydomain.on.ca...right? So FQDN will be mydomain.on.ca.mydomain.local.

Then what do I do?

Another problem we are having is that our mail is going out with the router IP not the mail server IP. So some of our mails are being rejected by spam filters.

Thanks again




(in reply to tanvir)
Post #: 5

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2000 General] >> General >> Internal Clients Cannot Access Webserver Behind ASA 5510 Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts