Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 542
  • Last Modified:

ISA Web Publishing

Hello Everyone,

I'm attempting to publish a web page from an internal server through ISA.  According to what I have read, I have everything setup correctly and I can see the web page internally just fine.  Externally I cannot.  Here is my configuration.

The web server I'm wanting to publish is a SecureNAT client.

The ISA server has two public IP addresses.  The IP address that I'm wanting to redirect HTTP requests has been configured with a listener.

Created a destination set with the FQDN that people will be using to connect to the site.

Created a Publishing rule with the above destination set and redircting the request to the IP of my internal web server.  This applies to any request.

As far as I've read everything should be working.  I have seen where people have been unable to view the site internally, but externally it works fine.  Mine seems to be doing this backwards.  Any help would be appreciated.  Thanks.
0
Arin
Asked:
Arin
1 Solution
 
PhilElderCommented:
Arin,

How many sites associated with the external IP? Do you have the appropriate host headers setup for the web site? In IIS console click on the server and you should see the website FDQN listed under Host Header Name.
http://windowswebsolutions.com/Articles/Index.cfm?ArticleID=21205

Do you have the listener assigned to that specific IP? Not all unassigned!

Is IIS on the ISA server itself running and listenning on Port 80 on all unassigned? Then, it is probably competing with ISA for the external port. If IIS is not needed on the ISA server shut the service down. If it is needed bind the web sites to the local interface only and not all unassigned. This applies to the FTP sites on that server too.

Check your application event viewer for binding errors. If there are errors indicated on the ISA server use the netstat -an command from the cmd interface to see if the ports are bound. Bore down on the offending app and see if you can shift its port needs.

Try an experiment: Create a web site on your site server with a non standard port. I like to use the 8000 range for sites for ease of administration and the 9000 range for FTP. Use a dynamic ip service such as no-ip.com to solve your FQDN issue for that site. Use the appropriate header for that site in IIS. Create the appropriate destination set and web publishing rule. The reason I suggest this is that this may solve the port issues. I have a number of sites running now that are working fine in this configuration.

Does your SecureNAT web server connected to a DNS controller that can resolve Internet names?

Make sure your destination sets do not include protocols ie. http://www.domain.com. The set should only read "my.domain.com"

There may be more...I do hope this helps!

Phil.

0
 
ArinAuthor Commented:
Phil,

There is only one website associated with the external IP.  I did not use host headers since I wasn't serving more than one site.

Yes, the listener is assigned to specifically that IP.

There are no binding errors in the event log.

I'll have to try that experiment.

Yes, the SecureNAT web server connects to a DNS that can resolve internet names.

The set is setup correctly without the "http://" at the beginning.

I really appreciate your quick response.  I will try the experiment you suggested above and see if I can get more info.  Thanks again.
0
 
lrmooreCommented:
Arin,
No comment has been added lately (81 days), so it's time to clean up this TA.
I will leave a recommendation in the Cleanup topic area for this question:

RECOMMENDATION: PAQ/No Refund

Please leave any comments here within 7 days.

PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER!

Thanks,

lrmoore
EE Cleanup Volunteer
---------------------
If you feel that your question was not properly addressed, or that none of the comments received were appropriate answers, please post a request in Community support (with a link to this page) to refund your points. http://www.experts-exchange.com/Community_Support/
0
 
SpideyModCommented:
per recommendation

SpideyMod
Community Support Moderator @Experts Exchange
0

Featured Post

Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now