• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

RE: Can't Access Websites By IP

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Firewall] >> General >> RE: Can't Access Websites By IP Page: <<   < prev  1 2 [3]
Login
Message << Older Topic   Newer Topic >>
RE: Can't Access Websites By IP - 7.May2009 1:14:56 PM   
dvizzle

 

Posts: 236
Joined: 20.Apr.2009
Status: offline
I'm assuming that if I remove the Array.dll script url from the Load Balancer, and replace it just with the IP:Port of the ISA servers, I'm losing the built in ISA failover?

(in reply to SteveMoffat)
Post #: 41
RE: Can't Access Websites By IP - 7.May2009 7:25:49 PM   
Jason Jones

 

Posts: 4663
Joined: 30.Jul.2002
From: United Kingdom
Status: offline
quote:

ORIGINAL: dvizzle

Using Load Balanced Proxy URL: DOES NOT work
Using ISA http://ISASERVER:8080/array.dll?Get.Routing.Script as proxy DOES NOT WORK
Using ISA IP port number WORKS

I checked my HLB, and it is set up to forward to http://ISASERVER:8080/array.dll?Get.Routing.Script

which doesn't work. The reason for using that is because it has the address of the other server as the failover address.


Why would you configure the HLB to use the array script?

The values provided in the script are the REAL IP addresses so if one server is down, your HLB is providing little value - no?

Why do you care about ISA failover if you have HLB to do it properly? Surely the HLB should point to each ISA and then present them to users with a single virtualised IP or name? This way, if one of the ISA servers fails, the HLB will stop sending requests and balance all users via the remainging ISA server...

Maybe I have missed something, but I just don't get why you would use an array script if you have HLB...

Cheers

JJ

_____________________________

Jason Jones | Forefront MVP | Silversands Ltd
My Blogs: http://blog.msedge.org.uk/ and http://blog.msfirewall.org.uk/

(in reply to dvizzle)
Post #: 42
RE: Can't Access Websites By IP - 8.May2009 9:16:38 AM   
pwindell

 

Posts: 2244
Joined: 12.Apr.2004
From: Taylorville, IL
Status: offline
Hi Jason,  I've just been watch and staying out of the way

I have a question on part of it.  Normally when using autodection I use the  http://ISASERVER:8080/array.dll?Get.Routing.Script

But if it is a HLB then it would be altered to the virtual IP of the HLB?
:8080/array.dll?Get.Routing.Script" target=_blank>http://<Virtual IP of HLB>:8080/array.dll?Get.Routing.Script
Or do you do something completely different?

_____________________________

Phillip Windell

(in reply to Jason Jones)
Post #: 43
RE: Can't Access Websites By IP - 8.May2009 10:22:33 AM   
dvizzle

 

Posts: 236
Joined: 20.Apr.2009
Status: offline
The proxy address is set as http://proxy.domain

DNS resolves it to the load balancer, which then looks at your IP address. It then sends your connection to the ISA server nearest to you. If it cannot connect to it, it sends to the next ISA server in the list.


As for the original problem, I believe I fixed it.

Because we are using 1 nic, ALL IP ranges are listed in the Addresses tab. The Web Browser tab, had "Directly Connect to IP's listed in Addresses tab" checked off like someone earlier recommended.

This is why every IP was listed in the array.

I unchecked "Direct connect to IPs in Addresses tab" and added by INTERNAL ranges to the bypass list on the Web Browsers page, and everything is looking to work normally.

Although I'm still a little concerned since MS says there are bugs in listing both domain names and IP ranges in the bypass list.

Thanks to everyone here for the direct and indirect help. You guys got me to think about it from every angle which helped fix the issue.

(in reply to pwindell)
Post #: 44
RE: Can't Access Websites By IP - 8.May2009 6:44:53 PM   
Jason Jones

 

Posts: 4663
Joined: 30.Jul.2002
From: United Kingdom
Status: offline
quote:

ORIGINAL: pwindell

Hi Jason,  I've just been watch and staying out of the way

I have a question on part of it.  Normally when using autodection I use the  http://ISASERVER:8080/array.dll?Get.Routing.Script

But if it is a HLB then it would be altered to the virtual IP of the HLB?
:8080/array.dll?Get.Routing.Script" target=_blank>http://<Virtual IP of HLB>:8080/array.dll?Get.Routing.Script
Or do you do something completely different?


All you gain by that is balancing of the script; the script will still contain real, dedicated IP addresses not HLB/VIP addresses and you then bypass the HLB and connect direct...similar scenario when using ISA EE with NLB.

_____________________________

Jason Jones | Forefront MVP | Silversands Ltd
My Blogs: http://blog.msedge.org.uk/ and http://blog.msfirewall.org.uk/

(in reply to pwindell)
Post #: 45
RE: Can't Access Websites By IP - 8.May2009 6:45:29 PM   
Jason Jones

 

Posts: 4663
Joined: 30.Jul.2002
From: United Kingdom
Status: offline
quote:

ORIGINAL: dvizzle

The proxy address is set as http://proxy.domain

DNS resolves it to the load balancer, which then looks at your IP address. It then sends your connection to the ISA server nearest to you. If it cannot connect to it, it sends to the next ISA server in the list.


As for the original problem, I believe I fixed it.

Because we are using 1 nic, ALL IP ranges are listed in the Addresses tab. The Web Browser tab, had "Directly Connect to IP's listed in Addresses tab" checked off like someone earlier recommended.

This is why every IP was listed in the array.

I unchecked "Direct connect to IPs in Addresses tab" and added by INTERNAL ranges to the bypass list on the Web Browsers page, and everything is looking to work normally.

Although I'm still a little concerned since MS says there are bugs in listing both domain names and IP ranges in the bypass list.

Thanks to everyone here for the direct and indirect help. You guys got me to think about it from every angle which helped fix the issue.


Cool

_____________________________

Jason Jones | Forefront MVP | Silversands Ltd
My Blogs: http://blog.msedge.org.uk/ and http://blog.msfirewall.org.uk/

(in reply to dvizzle)
Post #: 46

Page:   <<   < prev  1 2 [3] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Firewall] >> General >> RE: Can't Access Websites By IP Page: <<   < prev  1 2 [3]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts