Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 384
  • Last Modified:

ISA 2004 - Can't browse the webpage hosted in internal web server network

Hello, I have the following question. Let me first of all inform you of my home network set up.

My Network consists of the following:

Cable Modem
Router - 172.16.1.1
Primary Domain Controller Server - 192.168.0.3
Web Server - 192.168.0.4
Exchange Server - 192.168.0.5
ISA 2004 Server - 192.168.0.1
                     
I have two subnets connected to my ISA server (2 nic cards)
Nic 1 - Internal private subnet IP address - IP 192.168.0.1
Nic 2 - External connection to the internet form the ISA server 2004 - IP 172.16.1.2
Nic 2 - points to the default gateway which is the router - 172.16.1.1

Now the quesiton, everything works just fine on my network, I have told ISA 2004 to allow ports such as 80, DNS, IMAP etc... so I can browse the web, send/receive emails no problems. Except, im hosting my personal webpage on my webserver that resolves to a domain name, the problem is that I cannot view my website anymore after setting up the ISA 2004 server, for example if I type in the domain name www.mydomain.com it no longer resolves to my Primary Domain Controller where im also running the DNS service.

I did a tracert to my external DNS and it seems to hang up at the router. I have tried setting the router to a DMZ with no help, I have also forwarded the DNS ports on the router to my external Nic card in the ISA - 172.16.1.2 with no help. Im stuck here.... im not sure if I should open up any other ports on my ISA server to make this work? can anyone be of assistance?
0
Turbopp
Asked:
Turbopp
  • 4
  • 3
1 Solution
 
Steve KnightIT ConsultancyCommented:
So you are on a 192.168.0.x address and trying to get onto the web server at 192.168.0.5 through it's external domain name?  Presumably whatever you are using as DNS from that client is returning the external address so ISA would have to take the traffic and send it back out on the same interface?  Not impossible but might be easier if you just run a seperate primary DNS zone internally for your external domain name and point your client PC at your internal DNS server using a www A record with your internal address?

Is that about right or have I misunderstood?

Steve
0
 
TurboppAuthor Commented:
Hi the answers to your questions:

So you are on a 192.168.0.x address and trying to get onto the web server at 192.168.0.5 through it's external domain name?

 - Yes I am on a 192.168.0.x address, the webserver is at 192.168.0.4

Presumably whatever you are using as DNS from that client is returning the external address so ISA would have to take the traffic and send it back out on the same interface?

 - The DNS service is installed on my Primary Domain Controller and is returning the external IP address. So for some reason it gets stuck at my router... when I do the tracert of the external dns. At first I taught its the router, but I set the router to DMZ and I also told it to forward all the ports to the external nic of the ISA server.. but still no go.

Not impossible but might be easier if you just run a seperate primary DNS zone internally for your external domain name and point your client PC at your internal DNS server using a www A record with your internal address?

 - well that might work internally only, but outside users still will not be able to view my site right?
0
 
Steve KnightIT ConsultancyCommented:
Outside users may be working anyway.  Many routers won't allow access to the external interface from outside, effectviely you want some loopback in the router.  The easiest way is to resolve to the internal address inside.

Does it work from outisde or not?  My email is in my EE profile if you want to send me an IP or domain name I can try it from here if you want - or post it here if not a problem
0
Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

 
TurboppAuthor Commented:
Hi I will give you a feedback on this issue tonight, im at work now so I cant try it... but just to recap on what you said

currently my DNS resolves the domain name to the external IP which is like for eg: 10.25.26.145
so you are saying to resolve it to the internal like for example 192.168.0.4 correct?

but just to let you know, I can succesfully ping from the client machine both the external ip address of the second nic and the ip address of the router, so technically speaking it should be allowing access to the external interafce without any problems, but I will try it tonight. Thanks
0
 
Steve KnightIT ConsultancyCommented:
Not necessarily - the router may respond to PING from inside on external interface but not route traffic through it's firewall back in through a port forward rule.

Steve
0
 
TurboppAuthor Commented:
Hi i tried what you suggesed but it did not work, however I fugured what the issue was... in ISA there is an option in the Policy section to Publish a Web server and that is all i had to do so im up and running. Im sorry but i cannot accept your answers as it did not address Publishing the webserver in ISA. Thank you for your help anyway.
0
 
Steve KnightIT ConsultancyCommented:
I am qukite aware of web publishing through ISA but that would be irrelevant if dns correctly gave the internal address of the server which would therefore not go anywhere near ISA.   I think you have found an alternative method but it is unfair to dismiss the method suggested.
0
 
Computer101Commented:
PAQed with points refunded (500)

Computer101
EE Admin
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now