Re: New Thread for Tony Su

From: cjobes (cjobes_at_nova-tech.org)
Date: 06/26/04

• Next message: Boris Merryweather: "Re: ISA inaccessible / no internet or intranet"
• Previous message: ali paracha: "yahoo messenger"
• In reply to: Tony Su: "Re: New Thread for Tony Su"
• Messages sorted by: [ date ] [ thread ]

Date: Sat, 26 Jun 2004 11:16:18 -0400

I run another set of tests. First let me recap the setup. It is a box with
SBS2000. The WAN interface has 2 public IPs xxx.197 and xxx.251. All general
company trafic (main web site, Exchange OWA etc) runs over the 197 interface
and is working fine. In the IIS the setting is "All Unasigned".

I have the need to publish a website on the server that is totally unrelated
to the company. So I added the 251 IP to the WAN interface for that, created
a website pointing to 251 and told the ISA to listen on that interface as
well. When that didn't work, I asked the newsgroup for help.

As per your suggestion I made the following changes:
I added a private IP to the LAN interface 192...50 and changed the Website
Prop. in the IIS to that IP address. Then I added a publishing rule to the
ISA to forward all HTTP traffic on 251 to this LAN interface. The publishing
rule is the first rule, followed by the SBS rule and the default rule.

As I mentioned in a previous post, there are no logfiles WEBEXTNDxxx there
are only logfiles WEBEXTDxxx. There are no errors in any of these files.

>From the LAN I can ping and telnet (80) to the 197 and the 251 interface.
>From the DMZ (that's where both public IPs are connected) I can only telnet
into 197. The real puzzling thing that I just discovered is that when I use
the private IP ...50 in the browser, the new website comes up but when I use
the public IP ...251, the normal company site comes up. That doesn't make
any sense to me as the first rule in the ISA publishing is to redirect all
traffic to ...50.

I hope that I didn't confuse the issue totally now.

Claus

"Tony Su" <anonymous@discussions.microsoft.com> wrote in message
news:21b1a01c45b41$c533e190$a101280a@phx.gbl...
> First, as Jim suggests...
> I am going to assume that access to your website from the
> Internet will be on port 80. If you intend to access your
> website from the Internet on port 443 (SSL), then run the
> Telnet test on that port.
>
> Run your Telnet test again against your WAN IP address (or
> FQDN if you're deploying more than one website on the WAN
> IP address). Do not connect from a remote box outside your
> Internet router to avoid possible filtering in that box.
>
> If successful, then test from outside your Internet
> Gateway router.
>
> If not successful, then you need to inspect your Web
> Publishing rule. A candidate for problems might be the
> bridging tab. Another candidate might be how you're
> referencing your interior website... try referencing your
> website by IP address or if you must reference the site by
> FQDN, then verify your LAN name resolution is accurate.
>
> And, review your Incoming Web Listener. If ISA isn't
> listening, your Web Publishing rule won't be applied.
>
> As always, stop/restart the FW and Web Proxy services if
> you modify anything.
>
> If you <still> can't find the problem, if you haven't
> already check your ISA WEBEXTND logfiles. The error code
> can be a big clue what your problem is.
>
> Tony Su
>
>
>
>
>
>
> >-----Original Message-----
> >Toni,
> >
> >Telenet port 80 from behind the ISA works fine.
> >
> >Claus
> >"Tony Su" <anonymous@discussions.microsoft.com> wrote in
> message
> >news:209b401c4595f$737e78d0$a501280a@phx.gbl...
> >> Telnet on port 80 is a fundamental test you have to
> pass.
> >>
> >> Run the same test from behind ISA to the website. If it
> >> still fails, then the WWW service and/or website
> >> configuration is faulty. If it passes, then you can
> verify
> >> that ISA should be able to pass requests to an actively
> >> listening service, so can then focus on ISA.
> >>
> >> Tony Su
> >>
> >>
> >>
> >>
> >> >-----Original Message-----
> >> >Toni,
> >> >
> >> >I was called away for an emergency in Canada and just
> >> came back. I thought
> >> >it might be easier to start a new thread on this. Even
> >> though I'm hosting
> >> >the website in question currently on another server, I
> >> still would like to
> >> >resolve the problem on the original ISA and appreciate
> >> your help.
> >> >
> >> >Here is your last post to the old thread:
> >> >
> >> ><Do this test
> >> >
> >> ><telnet [WAN IP] 80
> >> >
> >> ><Do you get a blank screen?
> >> >
> >> ><Also, after a failure,
> >> ><Look in the WEBEXTNDxxxxx ISA logfile for the specific
> >> ><entry where the connection failed, copy that one entry
> >> and
> >> ><send it to me.
> >> >
> >> ><Tony Su
> >> >
> >> >The telnet fails and there are no WEBEXTNDxxxx files -
> >> only WEBEXTDxxxx are
> >> >present. There are no entries relating to the
> connection
> >> failure.
> >> >
> >> >Any idea what I can do next?
> >> >
> >> >Thanks,
> >> >Claus
> >> >
> >> >
> >> >.
> >> >
> >
> >
> >.
> >

• Next message: Boris Merryweather: "Re: ISA inaccessible / no internet or intranet"
• Previous message: ali paracha: "yahoo messenger"
• In reply to: Tony Su: "Re: New Thread for Tony Su"
• Messages sorted by: [ date ] [ thread ]

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint