georgep23
asked on
Local computers behind ISA Server with NAT on router
Hi can anybody help:
I am running the following:
Windows 2000 server in the following way:
External IP --> Router (NAT translation) --> Local IP on MyServer --> ISA on MyServer --> IIS on MyServer --> Local LAN Users (connected via second network card)
I am hosting a couple of websites using IIS on the ISA Server computer (behind the firewall)
Anyone connecting to the server from an external location can access the websites - ie. everything is working correctly.
The problem is, local computers behing the firewall cannot connect to the websites hosted on myServer.
Local computers CAN browse the internet in the usual way.
I assume there is a problem with address translation.
Any suggestions?
I am running the following:
Windows 2000 server in the following way:
External IP --> Router (NAT translation) --> Local IP on MyServer --> ISA on MyServer --> IIS on MyServer --> Local LAN Users (connected via second network card)
I am hosting a couple of websites using IIS on the ISA Server computer (behind the firewall)
Anyone connecting to the server from an external location can access the websites - ie. everything is working correctly.
The problem is, local computers behing the firewall cannot connect to the websites hosted on myServer.
Local computers CAN browse the internet in the usual way.
I assume there is a problem with address translation.
Any suggestions?
There must be a problem with the configuration rules of your ISA firewall.
I had some real issues with publishing websites also, which were resolved once I removed IIS.
There could be a few things going on here. You mention translation as a possible problem - do your internal clients resolve the web names to external IP addresses? If so, you should be providing them internal IP addresses so that they can connect with these. Can users connect using IP address rather than name? If this is not the issue, you may have some issues with IIS or ISA, such as only publishing the web sites on the external card etc. However, the first issue is most likely the problem.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
If hosts files aren't working, it sounds like you are using the Proxy portion of ISA. Can you get to the sites when sitting at the server using a browser? Better yet, if you modify a client's host file and remove the proxy setting in the browser, can you get to it then? There are a few things you can try. My first thought would be to try adding the entries to the server's host files, since proxied DNS resolution comes from the server acting as the DNS client. If that doesn't work, you could try pointing the server's DNS entries to itself, and setup the domains on the local DNS server and point the sites to the internal address. If that still doesn't work, I would say you could tell the client browser not to proxy requests for the sites in question and make sure the clients get resolved to internal addresses through their local host files or modified internal DNS.
Anyway you cut it, when you have NAT and a proxy, it can be a bit tricky with local sites.
Anyway you cut it, when you have NAT and a proxy, it can be a bit tricky with local sites.
georgep23:
This old question needs to be finalized -- accept an answer, split points, or get a refund. For information on your options, please click here-> http:/help/closing.jsp#1
EXPERTS:
Post your closing recommendations! No comment means you don't care.
This old question needs to be finalized -- accept an answer, split points, or get a refund. For information on your options, please click here-> http:/help/closing.jsp#1
EXPERTS:
Post your closing recommendations! No comment means you don't care.