toddnoe
asked on
ISA 2004 Publishing Multiple Websites
I'm new to ISA 2004, and need to publish multiple websites behind it. I have run through the publish wizards, and for some reason I'm not able to get to either website from outside of my network. Current setup looks like:
- ISA sits behind existing firewall as part of private network (not the best scenario, but..)
- Existing firewall is NATing all incoming HTTP and HTTPS traffic to ISA
- Used ISA publishing wizards to publish websites (one is Exchange 2003 w/ OWA and Moble Sync, etc. Have turned off Forms authentication, and have published both the web site for OWA and the mail server itself). Second server listens on port 80 as well. This one requires orginal header to function correctly (server.domain.com).
- Internal DNS has been configured, and both sites work fine behind our firewall. External DNS has been setup, and traffic gets to external firewall and then to ISA.
Any ideas, suggestions, etc. would be greatly appreciated.
Thanks,
Todd
- ISA sits behind existing firewall as part of private network (not the best scenario, but..)
- Existing firewall is NATing all incoming HTTP and HTTPS traffic to ISA
- Used ISA publishing wizards to publish websites (one is Exchange 2003 w/ OWA and Moble Sync, etc. Have turned off Forms authentication, and have published both the web site for OWA and the mail server itself). Second server listens on port 80 as well. This one requires orginal header to function correctly (server.domain.com).
- Internal DNS has been configured, and both sites work fine behind our firewall. External DNS has been setup, and traffic gets to external firewall and then to ISA.
Any ideas, suggestions, etc. would be greatly appreciated.
Thanks,
Todd
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Sorry for the delay - I almost lost hope.
Internal is Class C. Nic1 on ISA is .2, Nic2 is .14. Pinging the external ip will always get a response - all sites are the same public ip. Public router kicks all http requests to firewall, which then kicks them to ISA, which is then supposed to route based on published server rules.
Snippet of Log File: (Ip's changed to protect the innocent...like it does much good, though - ha ha)
Original Client IP,Server Name,Transport,Result Code,Error Information,Log Time,Destination IP,Destination Port,Protocol,Action,Rule,
68.126.XXX.XXX,SERVER1,TCP
68.126.XXX.XXX,SERVER1,TCP
68.126.XXX.XXX,SERVER1,TCP
I just saw something - I'm thinking that incoming requests are hitting .2 instead of .14. I'm going to redirect to .14 and cross my fingers. Looks like the default rule (block everything) is killing incoming requests on .2, and sites are published on .14.
Internal is Class C. Nic1 on ISA is .2, Nic2 is .14. Pinging the external ip will always get a response - all sites are the same public ip. Public router kicks all http requests to firewall, which then kicks them to ISA, which is then supposed to route based on published server rules.
Snippet of Log File: (Ip's changed to protect the innocent...like it does much good, though - ha ha)
Original Client IP,Server Name,Transport,Result Code,Error Information,Log Time,Destination IP,Destination Port,Protocol,Action,Rule,
68.126.XXX.XXX,SERVER1,TCP
68.126.XXX.XXX,SERVER1,TCP
68.126.XXX.XXX,SERVER1,TCP
I just saw something - I'm thinking that incoming requests are hitting .2 instead of .14. I'm going to redirect to .14 and cross my fingers. Looks like the default rule (block everything) is killing incoming requests on .2, and sites are published on .14.
ASKER
Alright, got that all figured out... incoming requests were hitting .2 instead of .14 - made the firewall kick all http traffic to .14. Also had to create a rule that allowed all external http traffic to certain machines (ASSumed that when you published a site, the rules were already created...). A couple tweaks here and there...2 of 3 are working now. Just have to get OWA and ISA to play nice now.
Thanks for your help, thaller. You got me back on track and pointed in the right direction.
Thanks for your help, thaller. You got me back on track and pointed in the right direction.
ASKER