Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Local computers behind ISA Server with NAT on router

Posted on 2002-04-16
6
Medium Priority
?
325 Views
Last Modified: 2010-04-11
Hi can anybody help:

I am running the following:
Windows 2000 server in the following way:

External IP --> Router (NAT translation) --> Local IP on MyServer --> ISA on MyServer --> IIS on MyServer --> Local LAN Users (connected via second network card)

I am hosting a couple of websites using IIS on the ISA Server computer (behind the firewall)

Anyone connecting to the server from an external location can access the websites - ie. everything is working correctly.

The problem is, local computers behing the firewall cannot connect to the websites hosted on myServer.

Local computers CAN browse the internet in the usual way.

I assume there is a problem with address translation.

Any suggestions?

0
Comment
Question by:georgep23
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 3

Expert Comment

by:cincin77
ID: 6945282
There must be a problem with the configuration rules of your ISA firewall.
0
 
LVL 3

Expert Comment

by:trath
ID: 6946124
I had some real issues with publishing websites also, which were resolved once I removed IIS.
0
 
LVL 8

Expert Comment

by:scraig84
ID: 6947541
There could be a few things going on here.  You mention translation as a possible problem - do your internal clients resolve the web names to external IP addresses?  If so, you should be providing them internal IP addresses so that they can connect with these.  Can users connect using IP address rather than name?  If this is not the issue, you may have some issues with IIS or ISA, such as only publishing the web sites on the external card etc.  However, the first issue is most likely the problem.
0
Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!

 
LVL 1

Accepted Solution

by:
georgep23 earned 1200 total points
ID: 6950844
Yes, the internal clients resolve the domain names of sites hosted locally on MyServer to an external IP address.

If I type the internal IP address of the server into a clients browser I get the 'Default Website' page on the MyServer. (Note: I am using multiple sites on IIS using host header information and 1 IP address)

Therefore, do you suggest that DNS requests for websites hosted on MyServer from internal comuters should resolve to the internal address of the server? If so how do I do this - I tried using the hosts file on the clients but this does not work.

MyServer is also a DNS server - ie. internal clients point to MyServer for DNS requests. External address requests are routed to the external NIC --> to my ISP's DNS server.

Any ideas?
0
 
LVL 8

Expert Comment

by:scraig84
ID: 6950902
If hosts files aren't working, it sounds like you are using the Proxy portion of ISA.  Can you get to the sites when sitting at the server using a browser?  Better yet, if you modify a client's host file and remove the proxy setting in the browser, can you get to it then?  There are a few things you can try.  My first thought would be to try adding the entries to the server's host files, since proxied DNS resolution comes from the server acting as the DNS client.  If that doesn't work, you could try pointing the server's DNS entries to itself, and setup the domains on the local DNS server and point the sites to the internal address.  If that still doesn't work, I would say you could tell the client browser not to proxy requests for the sites in question and make sure the clients get resolved to internal addresses through their local host files or modified internal DNS.

Anyway you cut it, when you have NAT and a proxy, it can be a bit tricky with local sites.
0
 

Expert Comment

by:CleanupPing
ID: 9155718
georgep23:
This old question needs to be finalized -- accept an answer, split points, or get a refund.  For information on your options, please click here-> http:/help/closing.jsp#1 
EXPERTS:
Post your closing recommendations!  No comment means you don't care.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For many of us, the  holiday season kindles the natural urge to give back to our friends, family members and communities. While it's easy for friends to notice the impact of such deeds, understanding the contributions of businesses and enterprises i…
A 2007 NCSA Cyber Security survey revealed that a mere 4% of the population has a full understanding of firewalls. As business owner, you should be part of that 4% that has a full understanding.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Suggested Courses

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question