Re: ISA and IIS on the same server?
From: Tony Su (anonymous_at_discussions.microsoft.com)
Date: 07/09/04
- Next message: Tony Su: "Re: Using ISA for 1 IP Address on net with hardware firewall on ot"
- Previous message: LMooreSC: "RE: Aborting Long Web Sessions"
- In reply to: A Klimkin: "Re: ISA and IIS on the same server?"
- Next in thread: Thomas W Shinder [MVP]: "Re: ISA and IIS on the same server?"
- Messages sorted by: [ date ] [ thread ]
Date: Fri, 9 Jul 2004 08:50:18 -0700
Unfortunately, I don't see in the referenced isaserver.org
article the most critical issues I believe are unique to
IIS and ISA on the same box, and I don't recognize a "Part
1" of this article.
Important considerations:
- Web Socket Pooling. When IIS is on the box and
unconfigured or configured with websites on "all
available" IP addresses, IIS expects to be "the"
application which listens for incoming traffic. When ISA
is installed, ISA wants to be "the application listening
for incoming traffic also... Conflict!
Resolving Web Socket Pooling requires different methods
depending in the version of Windows you are running...
- Win2K. There is a KB article using a commandline, but I
have not found it reliable. I use MetaEdit2.2 instead.
- Win2K3. You use a commandline tool called httpcfg which
is part of the Server Tools. Configuring an IP address
disables Socket Pooling.
- SBS2K3. A variation on Win2K3, Web Socket Pooling is
disabled but through an API call instead of through the
metabase.xml. I published a procedure for disabling this
configuration to enable normal Win2K3 methods in my "Web
Publishing Companyweb" paper at
www.su-networking.com/faq/
(click on first link)
- A lesser issue is whether you decide to expose the Web
Site through Packet Filtering, Server Publishing or Web
Publishing. Although the isaserver.org article describes
the recommended and best procedure for Web Publishing,
there can be certain situations where the other methods
might be more appropriate.
Regarding the last question, I agree largely with Andrew
that your objectives will determine the most appropriate
configuration.
Tony Su
>-----Original Message-----
>See inline answers.
>
>"Gary" <gary123@123iplynx123.com123> wrote in message
>news:KtkHc.50$jJ.24@fed1read07...
>> Can ISA and IIS co-exsist? Or will the the website
publishing features
>(ISA)
>> and webhosting features (IIS) "step" on each other?
>
>In spite of some interference between ISA and IIS
services it is possible to
>run them on the same server (but it's not recommended
though if you want to
>achieve maximum security). Review the following tutorial
by Tom Shinder to
>find some configuration tips:
>http://www.isaserver.org/tutorials/Publishing_A_Web_Site_U
sing_ISA_Server_Part_2.html
>
>>
>> A. I have a PIX firewall hosting 1 DMZ network and 1
private, corperate
>> network.
>>
>> B. If i am currently hosting a website on a server in a
DMZ, how can I
>> configure this same server to proxy a different website
from the private,
>> corperate network to the public (without losing access
to the existing DMZ
>> website)?
>
>Let's clarify the things you're asking for...
>You want the IIS server to be a proxy? OK, we all know
that our old fellow
>Proxy 2's web proxy service was somehow based on IIS's
www service. But this
>doesn't mean that IIS itself is capable to proxy
anything. (By saying
>'proxy' I mean the process of breaking current client
connection and
>establishing new one with destination from the proxy
server itself).
>At this point you should make yourself clearer, what the
goal of your
>configuration attempts. Where is the place for the ISA
server here - do you
>want to replace the PIX with ISA, or maybe you going to
put the ISA behind
>the PIX?
>Depending on the planned configuration, suggestions may
vary.
>
>>
>> Thanks for the help!
>>
>> -Gary
>>
>>
>
>Regards,
>Andrew
>
>
>.
>
- Next message: Tony Su: "Re: Using ISA for 1 IP Address on net with hardware firewall on ot"
- Previous message: LMooreSC: "RE: Aborting Long Web Sessions"
- In reply to: A Klimkin: "Re: ISA and IIS on the same server?"
- Next in thread: Thomas W Shinder [MVP]: "Re: ISA and IIS on the same server?"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
