I've tried to setup a split DNS. Let's call my zone domain.com.
My ISP hosts my external DNS, so when clients types www.mydomain.com, all clients are directed to my external interface on the ISA (let's call the IP 22.214.171.124 , I know it's hotmails IP, but let us use it for this example).
My internal web server is called WEB1 and it's IP is 10.0.0.4.
On my internal DNS, I've created a new A record pointing www to 126.96.36.199.
Now if I ping www.mydomain.com from an internal client, then it returns 188.8.131.52 - perfect!
But when I from the same client enter www.mydomain.com (in internet explorer), then ISA log shows me that my request goes directly to the WEB1 - that is 10.0.0.4 instead of 184.108.40.206.
My problem is, that form external client to isa, I use SSL, but from ISA to WEB1 I do not use SSL. Therefore WEB1 rejects my request, because ISA direct it as SSL.
How can I force my internal request to go out to the internet (external) and back in again as a regular external request?
hi! Um you dont want your clients looping back through the firewall thats bad!
Im assuming you have no DMZ or perimeter zone so I dont understand why you want your internal clients to go through the ISA server then back to the web server? Why not let them go straight to the webserver? You should still be able to use SSL directly from your clients to the webserver. Your internal DNS should have a A record pointing to the internal address of the webserver 10.0.0.4 not the external address thats the whole idea of a split brain dns im pretty sure
Explain to me why you want your clients to go through the ISA firewall? If its so you can log the requests then you should set up another nic on the ISA firewall and create a perimeter zone or DMZ then set the secure web publishing rule to listen on both the external and the perimeter interface. Do you have a SSL certificate on the webserver? Or only on the ISA server and your doing SSL to HTTP bridging?