• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Acessing my website from internal

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 General ] >> Web Publishing >> Acessing my website from internal Page: [1]
Login
Message << Older Topic   Newer Topic >>
Acessing my website from internal - 11.Mar.2005 2:10:00 PM   
mojo

 

Posts: 20
Joined: 20.Aug.2002
From: Denmark
Status: offline
Hi,

I've tried to setup a split DNS. Let's call my zone domain.com.

My ISP hosts my external DNS, so when clients types www.mydomain.com, all clients are directed to my external interface on the ISA (let's call the IP 166.63.208.158 , I know it's hotmails IP, but let us use it for this example).

My internal web server is called WEB1 and it's IP is 10.0.0.4.

On my internal DNS, I've created a new A record pointing www to 166.63.208.158.

Now if I ping www.mydomain.com from an internal client, then it returns 166.63.208.158 - perfect!

But when I from the same client enter www.mydomain.com (in internet explorer), then ISA log shows me that my request goes directly to the WEB1 - that is 10.0.0.4 instead of 166.63.208.158. "[Confused]"

My problem is, that form external client to isa, I use SSL, but from ISA to WEB1 I do not use SSL. Therefore WEB1 rejects my request, because ISA direct it as SSL.

How can I force my internal request to go out to the internet (external) and back in again as a regular external request?

Hope you understand what I mean!

"[Smile]"

Thanks!

Mojo
Post #: 1
RE: Acessing my website from internal - 11.Mar.2005 3:19:00 PM   
citrixman

 

Posts: 17
Joined: 3.Mar.2005
Status: offline
hi!
Um you dont want your clients looping back through the firewall thats bad!

Im assuming you have no DMZ or perimeter zone so I dont understand why you want your internal clients to go through the ISA server then back to the web server? Why not let them go straight to the webserver? You should still be able to use SSL directly from your clients to the webserver. Your internal DNS should have a A record pointing to the internal address of the webserver 10.0.0.4 not the external address thats the whole idea of a split brain dns im pretty sure [Smile]

Explain to me why you want your clients to go through the ISA firewall? If its so you can log the requests then you should set up another nic on the ISA firewall and create a perimeter zone or DMZ then set the secure web publishing rule to listen on both the external and the perimeter interface. Do you have a SSL certificate on the webserver? Or only on the ISA server and your doing SSL to HTTP bridging?

Citrixman.

[ March 11, 2005, 03:35 PM: Message edited by: citrixman ]

(in reply to mojo)
Post #: 2

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 General ] >> Web Publishing >> Acessing my website from internal Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts