Re: ISA2000 config for Netgear FVS328

From: Les Connor [SBS MVP] (les.connor_at_DEL.cfive.ca)
Date: 06/08/04 

Date: Mon, 7 Jun 2004 21:03:33 -0500

I don't quite follow you on the connection.

But if you are using https://24.85.42.241/remote, then your certificate
should be 24.85.42.241, not sbs.company.local.
Is 192.168.0.2 the SBS internal IP? I don't think so, that would be your
external nic. 

-- 
Les Connor [SBS MVP]
-------------------------------------
SBS Rocks !
<idaniel99@hotmail.com> wrote in message
news:1941901c44cf1$9ee2ceb0$a301280a@phx.gbl...
> Hi Les,
> Thanks for your reply.
> I tried Direct Broadband and I get same error message.
> This is done on a test system, and it does not have an
> Internet DNS, just an internal company.local, so I use
> the Netgear IP 24.85.42.241 (please note that this worked
> fine before ISA installation).
> In CEICW I chose to publish the business web page so no
> SSL required, but not even port 80 works, same error
> messages on all ports https://24.85.42.241/remote
> or /exchange (again this worked fine before ISA install)
> The web certificate has the same name as the server
> sbs.company.local on port 192.168.0.2. Should this port
> different. It's greyed out, can't change.
> Thanks for your help.
> Daniel
> PS: this test server will be on till 6:30PM Pacific Time,
> if you'd like to have a look at it.
>
> >-----Original Message-----
> >Hi Daniel,
> >
> >With two nics (both static IPs') and a router (with a
> static lan side ip)
> >like you have, the correct selection in CEICW is "Direct
> Broadband
> >Connection".
> >
> >The local router option might seem like the right choice
> at first, but it's
> >not local (ip is not in the lat). Local router device
> with IP address would
> >be correct choice for a single nic SBS.
> >
> >You have the recommended setup with two nics and a
> router.
> >
> >The rest of your settings look OK so far.
> >
> >What url do you enter when attempting a connection from
> the outside ?
> >https://????/remote or /exchange. i.e. what's in
> the ????? part exactly, and
> >does that match the name you used for your certificate
> generation ?
> >
> >
> >-- 
> >Les Connor [SBS MVP]
> >-------------------------------------
> >SBS Rocks !
> >
> >
> >
> >"Daniel" <anonymous@discussions.microsoft.com> wrote in
> message
> >news:193aa01c44ce3$7cfb7d00$a301280a@phx.gbl...
> >> As a first line of defence I tried installing Netgear
> >> Firewall with NAT enabled and configured the required
> >> ports to be forwarded to the SBS2k3 with ISA enabled.
> The
> >> outbound traffic works fine, but when tried to connect
> >> from outside I'm getting the following error:
> >> "403 Forbidden - The server denies the specified
> Uniform
> >> Resource Locator (URL). Contact the server
> administrator.
> >> (12202) Internet Security and Acceleration Server"
> >> So on a demo system I dumped the image of SBS2k3
> without
> >> ISA2000 and the inbound traffic worked fine. Then I
> >> installed ISA2000, ran CEICW and selected "A local
> router
> >> device with an IP address" the inbound doesn't work
> >> anymore (outbound is fine). If I remove Netgear and
> >> Connect SBS2k3 directly to ISP, rerun CEICW with "A
> direct
> >> broadband connection" it works fine.
> >> More info: Netgear has NAT enabled, (internal ip
> >> 192.168.0.1) forwarding ports (25, 80, 443, 444, 3389,
> >> 4125 ) to a private static ip of SBS2k3 (192.168.0.2).
> >> Second card for Internal LAN has 192.168.16.2
> >> I tried to creat a new web server certificate, didn't
> >> help. Currently under ISA/Servers and
> >> Arrays /Properties /Incoming Web Requests/ si set to
> >> Configure listeners individually per IP address, and
> the
> >> certificate is selected under Use a server certificate
> to
> >> authenticate to WEB Clients.
> >> What am I missing?
> >> Your help is appreciated.
> >>
> >
> >
> >.
> >

Relevant Pages

  • RE: Help with Internet and Email wizard
    ... Thank you for posting in the SBS newsgroup. ... On SBS Server, run the CEICW, go through "Connection Type" page, on ... Since we don't want to set up an external internet access, ... We can select Option one "Create a new Web server certificate" to ...
    (microsoft.public.windows.server.sbs)
  • Re: Urgent! New router and big disaster
    ... Set the 'external' interface of SBS to get it's IP via DHCP from the router ... If the ws does not get an IP from DHCP check the event log on the server, ... They can go one day with out internet, ...
    (microsoft.public.windows.server.sbs)
  • Re: ICMP error when trying to access OWA on SBS 2003 Premium
    ... The Default Web Site is set to listen on the internal IP of the SBS server ... OWA publish rule or IIS manually. ... entire Web site from the Internet" is selected. ...
    (microsoft.public.windows.server.sbs)
  • RE: ActiveSync and T-Mobile Treo 650
    ... Thank you for posting in the SBS newsgroup. ... Generally, to publish ActiveSync, you just need to run the CEICW and enable ... Method 2 - Replace your Exchange Web Publishing rule with a Server ... new certificate on the Exchange server to match the new url being used to ...
    (microsoft.public.windows.server.sbs)
  • Re: SBS 2003 IIS BASED SERVICES FAIL INTERMITTENTLY
    ... If I read your post correctly, you have a switch where the SBS ... Run DHCP server on your SBS, and set all client machine nics to dynamic. ... Once you have your nics configured, run the Connect to the Internet wizard, ... QUESTION1 - what is REFUSING CONNECTIONS? ...
    (microsoft.public.windows.server.sbs)