I've published a couple of services via the Server Publishing including PCAnywhere and Web. Note that for one address, I'm publishing a web server via the Server Publishing, and for another IP address, I'm publishing a different web server via Web Publishing.
To test it out, I try to connect with my workstation, which is a SecureNAT client to the public ip address of the published web servers. I can access the published website that is using the Web Publishing from a SecureNAT client, but I can't access any services that are published using the Server Publishing unless the web client is from a completely different external ip address. I just can't access any Server Publishing services from my SecureNAT client.
that's perfect normal behaviour. You should always test the publishing rules from an external host. Check out http://www.isaserver.org/articles/14120_Errors_Discussion_and_Solution.html for more info. As a consequence, an internal host must always access internal resources directly, *not* the published instance.
I'm having a similar problem, I have an exchange 2003 on the internal network and have published smtp (a different server) for my customers on an external ISA address, I get NDR's when trying to send mail to my customers.
The customer is setup like this:
MX -> mail.thecustomer.com mail CNAME incoming.mydomain.com
I have separate DNS for mydomain.com, so incoming.mydomain.com has its internal address on the internal dns, and the published external ISA address on the external dns.
Exchange is configured to use only the internal dns, which resolves external queries through the root-servers. I would have thought it would (1) go to root-servers to find mail.thecustomer.com then (2) return its authoritative address (internal) for incoming.mydomain.com when it saw the cname. I have even gone so far as to create HOSTS file entries on Exchange and ISA pointing to the internal address for that name and Exchange still tries to deliver to the external published address.
I am only able to send mail to my customers by having a 2nd MX record pointing to a backup server on a different network. It receives the mail from Exchange, then sends it right back to the ISA published address.
I have read and somewhat understand the article referred to by spouseele but it's kind of frustrating, why does the same scenario work fine with a $30 linksys or dlink router but not with ISA?
Now, if I understand your configuration correctly, you have 2 internal mailservers A and B, and only B (for the customers) is server published on the ISA. Your problem seems to be you can't sent from server A to server B because an MX record lookup for the domains served by server B gives you the external IP address on ISA where you have published server B on. On the other hand, server A must be able to send to the external world too. Right?
I assume you know the domains who are served by server B. Therefore server A don't need to do an MX record lookup for those domains because server B is an internal resource. Therefore, just configure server A to route/relay those domains directly to the internal IP address of server B.
BTW --- I believe that according to the RFC's an MX record should always point to an A record, not a CNAME record.
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Printable Version
All Forums >> [ISA Server 2000 General] >> Server Publishing >> SecureNAT Client can't access published servers 
SecureNAT Client can't access published servers - 
![[Big Grin]](/image/smiles/biggrin.gif)
New Messages
No New Messages
Hot Topic w/ New Messages
Hot Topic w/o New Messages
Locked w/ New Messages
Locked w/o New Messages
Post New Thread