Website not visible externally, but ok internally ISA 2004

Posted on 2007-07-26
Last Modified: 2011-09-20

Hope someone can help.

Here's the setup first.
We have a web server with multiple websites. An ISA server with multiple IP addresses.
I created a rule in the ISA server to listen on an external IP (the IP is only for use with the website) and forward to the web server which shows the website.
The website is set up on port 2080 and the ISA rule translates port 80 to 2080.

So i guess first question is, does this sound like the right set up? We're going to be hosting about 3 websites which will all need SSL and from what i've read that means they need their own IP addresses. Also from what i've read, the IP address that the websites use will be lost once ISA passes the request to the webserver so they have to be set up on the webserver to use the internal IP address on different ports with ISA rules to forward everything correctly.

The problem then assuming the set up is correct is i can access the website on the internal network but not  externally. DNS was changed about 2 days ago but it's not pinging externally(it's ok internally).
As a test i put it through the google translator as i guess that will act as exteral access and got ..

# Error Code 1460: Timeout
# Background: The gateway could not receive a timely response from the website you are trying to access, a DNS server, or another gateway server. This might indicate that the network is congested or that the website is experiencing technical difficulties.

Is it the case that ISA is either not configured correctly or blocking it for some reason?

Any help would be appreciated. Thanks for reading.

Question by:m4cc4
    LVL 51

    Expert Comment

    by:Keith Alabaster
    The setup sounds fine.

    You have published the web server and selected the specific external IP that it is listening on.
    You have amended the forwarding section in the rule to redirect to the IIS listening port.
    You have checked that the internal IIS box is listing on the same port number that you have set in the ISA listener.

    Are other web sites published through your ISA working on on the same web server?
    Is the external dns translation for this url pointing to the correct IP?
    If you open the ISA gui, select monitoring - logging - click start query, what do you see in the isa log when an access attempt is made?

    Author Comment

    There are other sites published on the server but they all use the same IP which has never changed. I've had a look at monitoring as you've suggested and when i look at the site internally i get results, but externally shows nothing.
    The site is pointed at the correct IP address.
    I'm guessing there could be a firewall or router somewhere that i don't know about.
    I'm going to have a look around.

    LVL 51

    Accepted Solution

    Although it is annoying but one way to test ould be (out of hours) to disconnect ISA from the internet. Use a crossover cable from the ISA external nic to a standalone workstation. Put a static ip on the pc and set the default gatewa to the ISA external nic. try to get to the web site (using the ip, not the url). If the traffic appears in the ISA log then it would suggest there is something outside casuing the block.

    Author Comment

    Turns out the IP address that we were using wasn't in use(even though it was on our paperwork). So i guess ISA didn't care about it not working externally.
    Thanks for your suggestions on how to track the problem downl.
    LVL 51

    Expert Comment

    by:Keith Alabaster
    Thanks :)

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Why You Should Analyze Threat Actor TTPs

    After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

    Suggested Solutions

    Common practice undertaken by most system administrators is to document the configurations and final solutions of anything performed by them for their future use and reference. So here I am going to explain how to export ISA Server 2004 Firewall pol…
    Are you one of those front-line IT Service Desk staff fielding calls, replying to emails, all-the-while working to resolve end-user technological nightmares? I am! That's why I have put together this brief overview of tools and techniques I use in o…
    To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
    how to add IIS SMTP to handle application/Scanner relays into office 365.

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    10 Experts available now in Live!

    Get 1:1 Help Now