Welcome to ISAserver.org

please i need a pro assistance.

Users viewing this topic: none

Logged in as: Guest

Printable Version

All Forums >> [ISA Server 2004 Firewall] >> Network Infrastructure >> please i need a pro assistance.

Page: [1]

Message

<< Older Topic Newer Topic >>

please i need a pro assistance. - 28.Jun.2005 3:10:00 PM

Zabarbar

Posts: 10
Joined: 27.Jun.2005
Status: offline

i'll simplify the scenario;
External - DMZ - Internal

i'm publishing a mail server (outlook web access) and i configured the router to nat clients to the OWA, in monitoring i get 'connection initiated', destination: the nat address but the client actually fail to web access, any idea if it's a router issue or an ISA rule?

help is very much appreciated, thanks.

Post #: 1

Featured Links*

RE: please i need a pro assistance. - 28.Jun.2005 3:25:00 PM

spouseele

Posts: 12782
Joined: 1.Jun.2001
From: Belgium
Status: offline

Hi Zabarbar,

to find out which one is the culprit, place a workstation on the DMZ and test first the OWA publishing rule from there.

HTH,
Stefaan

(in reply to Zabarbar)

Post #: 2

RE: please i need a pro assistance. - 28.Jun.2005 4:35:00 PM

Zabarbar

Posts: 10
Joined: 27.Jun.2005
Status: offline

from the DMZ it's working because i use the server's actual IP (http://172.16.1.30/exchange) but from the external side the client is using using a nate'ed public address (http://192.125.16.80/exchange).
in the ISA monitoring window i can see the address 192.125.16.80 with connection initiated but the client fail to connect..??

(in reply to Zabarbar)

Post #: 3

RE: please i need a pro assistance. - 28.Jun.2005 5:19:00 PM

steavg

Posts: 174
Joined: 29.Jan.2004
From: Belgium
Status: offline

Hi zabarbar,

Can you post us your publishing rule.

Regards,

Stefan

(in reply to Zabarbar)

Post #: 4

RE: please i need a pro assistance. - 29.Jun.2005 3:27:00 AM

Zabarbar

Posts: 10
Joined: 27.Jun.2005
Status: offline

this is it:

ISA Server with 3 NICs
Private: 192.168.1.201/24
DMZ: 172.16.1.20/24
Public: 10.0.1.3/24 GW: 10.0.1.1 (router)

DMZ has the Mail server (Exchange Front-end) with the IP address 172.16.1.30/24 GW: 172.16.1.20

first i created network rules between the dmz and the external network and the dmz and internal network, the network relationship is Route not NAT.

these are the rules i'm using:
1- Access rule allowing http traffic from external to dmz web server.
2- Access rule to allow http traffic from external to external (worked in my scenario.
3- Publish Mail Server (Front-end Exchange) which has nic ip 172.16.1.30 and using address 10.0.0.45 as it's public name

action: allow
from: anywhere
to: 172.16.1.30
traffic: http
listeners - networks i checked external and internal.
public name: request for the following websites; 10.0.0.45

now from an external network workstation (10.0.0.22) i type in Internet Explorer the following:

http://172.16.1.30/exchange

i get the user name a password prompt and that tells me the access rules are working.

when i type http://10.0.0.45/exchange i get nothing (error)

when i check the monitoring/logging i can see: destination 10.0.0.45 - initiated connection - external to external (rule) - client 10.0.0.22

then a connection failed and closed connection notes appear after that.

i know it's confusing but i believe someone here might know what exactly is the matter and how to solve it, so i ask; please guys if you can help me shoot this out please do.

thanks.

(in reply to Zabarbar)

Post #: 5

RE: please i need a pro assistance. - 29.Jun.2005 6:51:00 AM