Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

ISA 2004 - Can't browse the webpage hosted in internal web server network

Posted on 2006-11-01
11
Medium Priority
?
383 Views
Last Modified: 2010-03-18
Hello, I have the following question. Let me first of all inform you of my home network set up.

My Network consists of the following:

Cable Modem
Router - 172.16.1.1
Primary Domain Controller Server - 192.168.0.3
Web Server - 192.168.0.4
Exchange Server - 192.168.0.5
ISA 2004 Server - 192.168.0.1
                     
I have two subnets connected to my ISA server (2 nic cards)
Nic 1 - Internal private subnet IP address - IP 192.168.0.1
Nic 2 - External connection to the internet form the ISA server 2004 - IP 172.16.1.2
Nic 2 - points to the default gateway which is the router - 172.16.1.1

Now the quesiton, everything works just fine on my network, I have told ISA 2004 to allow ports such as 80, DNS, IMAP etc... so I can browse the web, send/receive emails no problems. Except, im hosting my personal webpage on my webserver that resolves to a domain name, the problem is that I cannot view my website anymore after setting up the ISA 2004 server, for example if I type in the domain name www.mydomain.com it no longer resolves to my Primary Domain Controller where im also running the DNS service.

I did a tracert to my external DNS and it seems to hang up at the router. I have tried setting the router to a DMZ with no help, I have also forwarded the DNS ports on the router to my external Nic card in the ISA - 172.16.1.2 with no help. Im stuck here.... im not sure if I should open up any other ports on my ISA server to make this work? can anyone be of assistance?
0
Comment
Question by:Turbopp
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
11 Comments
 
LVL 43

Expert Comment

by:Steve Knight
ID: 17856939
So you are on a 192.168.0.x address and trying to get onto the web server at 192.168.0.5 through it's external domain name?  Presumably whatever you are using as DNS from that client is returning the external address so ISA would have to take the traffic and send it back out on the same interface?  Not impossible but might be easier if you just run a seperate primary DNS zone internally for your external domain name and point your client PC at your internal DNS server using a www A record with your internal address?

Is that about right or have I misunderstood?

Steve
0
 

Author Comment

by:Turbopp
ID: 17857276
Hi the answers to your questions:

So you are on a 192.168.0.x address and trying to get onto the web server at 192.168.0.5 through it's external domain name?

 - Yes I am on a 192.168.0.x address, the webserver is at 192.168.0.4

Presumably whatever you are using as DNS from that client is returning the external address so ISA would have to take the traffic and send it back out on the same interface?

 - The DNS service is installed on my Primary Domain Controller and is returning the external IP address. So for some reason it gets stuck at my router... when I do the tracert of the external dns. At first I taught its the router, but I set the router to DMZ and I also told it to forward all the ports to the external nic of the ISA server.. but still no go.

Not impossible but might be easier if you just run a seperate primary DNS zone internally for your external domain name and point your client PC at your internal DNS server using a www A record with your internal address?

 - well that might work internally only, but outside users still will not be able to view my site right?
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 17857310
Outside users may be working anyway.  Many routers won't allow access to the external interface from outside, effectviely you want some loopback in the router.  The easiest way is to resolve to the internal address inside.

Does it work from outisde or not?  My email is in my EE profile if you want to send me an IP or domain name I can try it from here if you want - or post it here if not a problem
0
Veeam Task Manager for Hyper-V

Task Manager for Hyper-V provides critical information that allows you to monitor Hyper-V performance by displaying real-time views of CPU and memory at the individual VM-level, so you can quickly identify which VMs are using host resources.

 

Author Comment

by:Turbopp
ID: 17857670
Hi I will give you a feedback on this issue tonight, im at work now so I cant try it... but just to recap on what you said

currently my DNS resolves the domain name to the external IP which is like for eg: 10.25.26.145
so you are saying to resolve it to the internal like for example 192.168.0.4 correct?

but just to let you know, I can succesfully ping from the client machine both the external ip address of the second nic and the ip address of the router, so technically speaking it should be allowing access to the external interafce without any problems, but I will try it tonight. Thanks
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 17857914
Not necessarily - the router may respond to PING from inside on external interface but not route traffic through it's firewall back in through a port forward rule.

Steve
0
 

Author Comment

by:Turbopp
ID: 17868244
Hi i tried what you suggesed but it did not work, however I fugured what the issue was... in ISA there is an option in the Policy section to Publish a Web server and that is all i had to do so im up and running. Im sorry but i cannot accept your answers as it did not address Publishing the webserver in ISA. Thank you for your help anyway.
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 17868720
I am qukite aware of web publishing through ISA but that would be irrelevant if dns correctly gave the internal address of the server which would therefore not go anywhere near ISA.   I think you have found an alternative method but it is unfair to dismiss the method suggested.
0
 
LVL 1

Accepted Solution

by:
Computer101 earned 0 total points
ID: 19468804
PAQed with points refunded (500)

Computer101
EE Admin
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Greetings, Experts! First let me state that this website is top notch. I thoroughly enjoy the community that is shared here; those seeking help and those willing to sacrifice their time to help. It is fantastic. I am writing this article at th…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
This course is ideal for IT System Administrators working with VMware vSphere and its associated products in their company infrastructure. This course teaches you how to install and maintain this virtualization technology to store data, prevent vuln…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question