Solved

ISA 2004 - Can't browse the webpage hosted in internal web server network

Posted on 2006-11-01
11
374 Views
Last Modified: 2010-03-18
Hello, I have the following question. Let me first of all inform you of my home network set up.

My Network consists of the following:

Cable Modem
Router - 172.16.1.1
Primary Domain Controller Server - 192.168.0.3
Web Server - 192.168.0.4
Exchange Server - 192.168.0.5
ISA 2004 Server - 192.168.0.1
                     
I have two subnets connected to my ISA server (2 nic cards)
Nic 1 - Internal private subnet IP address - IP 192.168.0.1
Nic 2 - External connection to the internet form the ISA server 2004 - IP 172.16.1.2
Nic 2 - points to the default gateway which is the router - 172.16.1.1

Now the quesiton, everything works just fine on my network, I have told ISA 2004 to allow ports such as 80, DNS, IMAP etc... so I can browse the web, send/receive emails no problems. Except, im hosting my personal webpage on my webserver that resolves to a domain name, the problem is that I cannot view my website anymore after setting up the ISA 2004 server, for example if I type in the domain name www.mydomain.com it no longer resolves to my Primary Domain Controller where im also running the DNS service.

I did a tracert to my external DNS and it seems to hang up at the router. I have tried setting the router to a DMZ with no help, I have also forwarded the DNS ports on the router to my external Nic card in the ISA - 172.16.1.2 with no help. Im stuck here.... im not sure if I should open up any other ports on my ISA server to make this work? can anyone be of assistance?
0
Comment
Question by:Turbopp
  • 4
  • 3
11 Comments
 
LVL 43

Expert Comment

by:Steve Knight
ID: 17856939
So you are on a 192.168.0.x address and trying to get onto the web server at 192.168.0.5 through it's external domain name?  Presumably whatever you are using as DNS from that client is returning the external address so ISA would have to take the traffic and send it back out on the same interface?  Not impossible but might be easier if you just run a seperate primary DNS zone internally for your external domain name and point your client PC at your internal DNS server using a www A record with your internal address?

Is that about right or have I misunderstood?

Steve
0
 

Author Comment

by:Turbopp
ID: 17857276
Hi the answers to your questions:

So you are on a 192.168.0.x address and trying to get onto the web server at 192.168.0.5 through it's external domain name?

 - Yes I am on a 192.168.0.x address, the webserver is at 192.168.0.4

Presumably whatever you are using as DNS from that client is returning the external address so ISA would have to take the traffic and send it back out on the same interface?

 - The DNS service is installed on my Primary Domain Controller and is returning the external IP address. So for some reason it gets stuck at my router... when I do the tracert of the external dns. At first I taught its the router, but I set the router to DMZ and I also told it to forward all the ports to the external nic of the ISA server.. but still no go.

Not impossible but might be easier if you just run a seperate primary DNS zone internally for your external domain name and point your client PC at your internal DNS server using a www A record with your internal address?

 - well that might work internally only, but outside users still will not be able to view my site right?
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 17857310
Outside users may be working anyway.  Many routers won't allow access to the external interface from outside, effectviely you want some loopback in the router.  The easiest way is to resolve to the internal address inside.

Does it work from outisde or not?  My email is in my EE profile if you want to send me an IP or domain name I can try it from here if you want - or post it here if not a problem
0
Flexible connectivity for any environment

The KE6900 series can extend and deploy computers with high definition displays across multiple stations in a variety of applications that suit any environment. Expand computer use to stations across multiple rooms with dynamic access.

 

Author Comment

by:Turbopp
ID: 17857670
Hi I will give you a feedback on this issue tonight, im at work now so I cant try it... but just to recap on what you said

currently my DNS resolves the domain name to the external IP which is like for eg: 10.25.26.145
so you are saying to resolve it to the internal like for example 192.168.0.4 correct?

but just to let you know, I can succesfully ping from the client machine both the external ip address of the second nic and the ip address of the router, so technically speaking it should be allowing access to the external interafce without any problems, but I will try it tonight. Thanks
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 17857914
Not necessarily - the router may respond to PING from inside on external interface but not route traffic through it's firewall back in through a port forward rule.

Steve
0
 

Author Comment

by:Turbopp
ID: 17868244
Hi i tried what you suggesed but it did not work, however I fugured what the issue was... in ISA there is an option in the Policy section to Publish a Web server and that is all i had to do so im up and running. Im sorry but i cannot accept your answers as it did not address Publishing the webserver in ISA. Thank you for your help anyway.
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 17868720
I am qukite aware of web publishing through ISA but that would be irrelevant if dns correctly gave the internal address of the server which would therefore not go anywhere near ISA.   I think you have found an alternative method but it is unfair to dismiss the method suggested.
0
 
LVL 1

Accepted Solution

by:
Computer101 earned 0 total points
ID: 19468804
PAQed with points refunded (500)

Computer101
EE Admin
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I'm a big fan of Windows' offline folder caching and have used it on my laptops for over a decade.  One thing I don't like about it, however, is how difficult Microsoft has made it for the cache to be moved out of the Windows folder.  Here's how to …
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
In a recent question (https://www.experts-exchange.com/questions/29004105/Run-AutoHotkey-script-directly-from-Notepad.html) here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

756 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question