Solved

ISA 2004 - Can't browse the webpage hosted in internal web server network

Posted on 2006-11-01
11
382 Views
Last Modified: 2010-03-18
Hello, I have the following question. Let me first of all inform you of my home network set up.

My Network consists of the following:

Cable Modem
Router - 172.16.1.1
Primary Domain Controller Server - 192.168.0.3
Web Server - 192.168.0.4
Exchange Server - 192.168.0.5
ISA 2004 Server - 192.168.0.1
                     
I have two subnets connected to my ISA server (2 nic cards)
Nic 1 - Internal private subnet IP address - IP 192.168.0.1
Nic 2 - External connection to the internet form the ISA server 2004 - IP 172.16.1.2
Nic 2 - points to the default gateway which is the router - 172.16.1.1

Now the quesiton, everything works just fine on my network, I have told ISA 2004 to allow ports such as 80, DNS, IMAP etc... so I can browse the web, send/receive emails no problems. Except, im hosting my personal webpage on my webserver that resolves to a domain name, the problem is that I cannot view my website anymore after setting up the ISA 2004 server, for example if I type in the domain name www.mydomain.com it no longer resolves to my Primary Domain Controller where im also running the DNS service.

I did a tracert to my external DNS and it seems to hang up at the router. I have tried setting the router to a DMZ with no help, I have also forwarded the DNS ports on the router to my external Nic card in the ISA - 172.16.1.2 with no help. Im stuck here.... im not sure if I should open up any other ports on my ISA server to make this work? can anyone be of assistance?
0
Comment
Question by:Turbopp
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
11 Comments
 
LVL 43

Expert Comment

by:Steve Knight
ID: 17856939
So you are on a 192.168.0.x address and trying to get onto the web server at 192.168.0.5 through it's external domain name?  Presumably whatever you are using as DNS from that client is returning the external address so ISA would have to take the traffic and send it back out on the same interface?  Not impossible but might be easier if you just run a seperate primary DNS zone internally for your external domain name and point your client PC at your internal DNS server using a www A record with your internal address?

Is that about right or have I misunderstood?

Steve
0
 

Author Comment

by:Turbopp
ID: 17857276
Hi the answers to your questions:

So you are on a 192.168.0.x address and trying to get onto the web server at 192.168.0.5 through it's external domain name?

 - Yes I am on a 192.168.0.x address, the webserver is at 192.168.0.4

Presumably whatever you are using as DNS from that client is returning the external address so ISA would have to take the traffic and send it back out on the same interface?

 - The DNS service is installed on my Primary Domain Controller and is returning the external IP address. So for some reason it gets stuck at my router... when I do the tracert of the external dns. At first I taught its the router, but I set the router to DMZ and I also told it to forward all the ports to the external nic of the ISA server.. but still no go.

Not impossible but might be easier if you just run a seperate primary DNS zone internally for your external domain name and point your client PC at your internal DNS server using a www A record with your internal address?

 - well that might work internally only, but outside users still will not be able to view my site right?
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 17857310
Outside users may be working anyway.  Many routers won't allow access to the external interface from outside, effectviely you want some loopback in the router.  The easiest way is to resolve to the internal address inside.

Does it work from outisde or not?  My email is in my EE profile if you want to send me an IP or domain name I can try it from here if you want - or post it here if not a problem
0
NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

 

Author Comment

by:Turbopp
ID: 17857670
Hi I will give you a feedback on this issue tonight, im at work now so I cant try it... but just to recap on what you said

currently my DNS resolves the domain name to the external IP which is like for eg: 10.25.26.145
so you are saying to resolve it to the internal like for example 192.168.0.4 correct?

but just to let you know, I can succesfully ping from the client machine both the external ip address of the second nic and the ip address of the router, so technically speaking it should be allowing access to the external interafce without any problems, but I will try it tonight. Thanks
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 17857914
Not necessarily - the router may respond to PING from inside on external interface but not route traffic through it's firewall back in through a port forward rule.

Steve
0
 

Author Comment

by:Turbopp
ID: 17868244
Hi i tried what you suggesed but it did not work, however I fugured what the issue was... in ISA there is an option in the Policy section to Publish a Web server and that is all i had to do so im up and running. Im sorry but i cannot accept your answers as it did not address Publishing the webserver in ISA. Thank you for your help anyway.
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 17868720
I am qukite aware of web publishing through ISA but that would be irrelevant if dns correctly gave the internal address of the server which would therefore not go anywhere near ISA.   I think you have found an alternative method but it is unfair to dismiss the method suggested.
0
 
LVL 1

Accepted Solution

by:
Computer101 earned 0 total points
ID: 19468804
PAQed with points refunded (500)

Computer101
EE Admin
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Greetings, Experts! First let me state that this website is top notch. I thoroughly enjoy the community that is shared here; those seeking help and those willing to sacrifice their time to help. It is fantastic. I am writing this article at th…
This article is in response to a question (http://www.experts-exchange.com/Networking/Network_Management/Network_Analysis/Q_28230497.html) here at Experts Exchange. The Original Poster (OP) requires a utility that will accept a list of IP addresses …
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
This tutorial will teach you the special effect of super speed similar to the fictional character Wally West aka "The Flash" After Shake : http://www.videocopilot.net/presets/after_shake/ All lightning effects with instructions : http://www.mediaf…
Suggested Courses

632 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question