Proxying single web site

Hello experts

We have an IIS web server (Windows Server 2008 R2) on the other side of a VPN (192.168.12.1). Our Workstations do not have access to this VPN, only our main server(192.168.4.1), which is a SBS 2011 Server.

We would like our workstations to access the remote web server over our local server for just one single URL, let's say http://192.168.4.1/company1/default.aspx?param=x should be proxied to http://192.168.12.1/company1/default.aspx?param=x

We tried this with iis redirection, but it does not seem work, because ist still seems not to have access to the VPN (originator of request is probably still the workstation).

Would there be a simple way to let our server be the originator of the page request so it will be able to access the remote web server (proxying)?

Many thanks in advance for your advice.
mangojerryAsked:
Who is Participating?
 
David Johnson, CD, MVPOwnerCommented:
192.168.12.0 === 192.168.4.0
                    === 192.168.12.0

you need a gateway to the 192.168.12.0 network from the 192.168.4.x network

you could use a route 192.168.12.4 with a machine with 2 network cards one for each network
on the webserver you could add a rule to allow only 192.168.12/24

on the 192.168.4.x network use dns to setup a cname i.e. xray == 192.168.4.x network goes to the machine with 2 network cards and in its webserver have a 301 redirect to 192.168.12.4


on the 192.168.12.0 network setup the cname to point to 192.168.12.4

this way on either network it is just http:\\xray


0
 
Cris HannaCommented:
How are you accomplishing the access by the SBS Server and not the workstations?
SBS 2011 uses a single nic and uses the Firewall/Router as it's gateway and all workstations do the same.

once we understand that, there might be something that can be done in DNS to get them to the correct location.
0
 
Larry Struckmeyer MVPCommented:
I must be missing something.... a web server where the only access is via VPN and then from only an SBS 2011?  Can you help us understand why not either put that web server on the same subner (assuming it's inside the same perimeter as the rest), or if not inside the same perimeter,, setup hardware VPN's between the routers, or just make it a real webserver, hosted locally or at a hosted location, with or without limited access.
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
mangojerryAuthor Commented:
ok, here some more details to clarify:

The web server is not ours, it's from Philips. It is an internal web server which allows to view x-ray images in a web browser. The server is for internal use, only. It is not public. But we have two branches of the same company connected by VPN, let's say 192.168.4.0 and 192.168.12.0 (where the Philips server is located). All workstations from 192.168.12.0 have VPN access to the main server (to exchange server) 192.168.4.1, but only the main server has VPN access to the 192.168.12.0. subnet, not the workstations of the 192.168.4.0 subnet.

Now we had the idea, instead of giving all 192.168.4.0 workstations VPN access to the 192.168.12.0 subnet, to access our local main server 192.168.4.1 from the workstation by browser and let it proxying the request to the Philips server in the 192.168.12.0 subnet.

But we never have done somthing like this. We tried an iis redirect, but it did not work, because the originator of the http request is probably still the workstation. And also the solution should be simple, otherwise we will have to think about another solution.

Many thanks in advance.
0
 
mangojerryAuthor Commented:
We have finally decided to leave the idea with the proxy and have opened the VPN tunnel to the 192.168.12.0 subnet for every computer in the 192.168.4.0 subnet. Additionally we have added a route to the firewall wich directs all requests from the workstations directly to the Philips server and have restricted the port of the route to 80.

ve3ofa: As your solution comes nearest to what we have done, you get the points fromm us.

Many thanks to all!
0
 
mangojerryAuthor Commented:
Used different way to solve the task.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.