Can't access /Exchange or /Remote after ISA 2004 installed
- From: "Andrew Meador - ASCPA, MCSE, MCP+I, Network+, A+" <ameador1@xxxxxxxxxxxxxxx>
- Date: 1 Mar 2006 08:02:21 -0800
I had the network setup like this:
internet
..
(dynamicIP)router(10.0.0.1)
..
MyComputer(10.0.0.11)
..
(10.0.0.200)router(10.1.1.1)
..
(10.1.1.2)SBS2003(10.1.2.1)
I configured the hosts file on MyComputer and set
access.mydomain.com to 10.0.0.200. With this configuration, I could go
to IE and enter http://access.mydomain.com/Remote or
http:/access.mydomain.com/Exchange and gain access to these sites on
the SBS2003 server. I could also access
https://access.mydomain.com:444. I then installed ISA 2004. I re-ran
CIEW on SBS2003 and re-ran Remote Access Configuration Wizard. Now,
from MyComputer, I can get access to https://access.mydomain.com:444,
but I can't get access to /Remote or /Exchange.
I have the following ports forwarded on the router (Netgear FVS114) to
10.1.1.2:
1 SMTP (tcp port 25) ALLOW always -> 10.1.1.2
2 HTTPS (tcp port 443) ALLOW always -> 10.1.1.2
3 HTTP (tcp port 80) ALLOW always -> 10.1.1.2
4 CompanyWeb (tcp port 444) ALLOW always -> 10.1.1.2
5 RemoteDesktp (tcp port 4125) ALLOW always -> 10.1.1.2
6 TerminalServ (tcp port 3389) ALLOW always -> 10.1.1.2
7 PPTP (tcp port 1723) ALLOW always -> 10.1.1.2
8 FTP (tcp port 21) BLOCK always
9 All others BLOCK always
Now, as a test, I connected MyComputer between the
(10.0.0.200)router(10.1.1.1) and (10.1.1.2)SBS2003(10.1.2.1) and gave
MyComputer an IP of 10.1.1.10. With MyComputer setup like this, I can
connect to all the sites listed above.
The error I was getting when on the outside of the router was 'The
page cannot be displayed...Cannot find server or DNS Error Internet
Explorer'. I have no experience with ISA server - any version. I did
manage to get a log (from Monitoring...Logging...Start Query...Attempt
Access from MyComputer...Stop Querry). It looks basically as follows (I
cut it down some):
Dest Dest Protocol Action Rule Client IP
Client User URL
IP Port
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------
10.1.2.1 80 http allowed SBS RWW WPR 10.0.0.11
anonymous http://publishing.mydomain.local/remote
10.1.1.2 80 HTTP initiated
10.1.1.2 80 HTTP closed
10.1.1.2 443 HTTPS initiated
end log.
Is there some other port that needs to be open on the router? This
router is UPNP compatible and before installing ISA 2004, SBS2003 was
actually recognizing this and configuring the router. Basically through
the SBS2003 setup, and looking at the rules that UPNP had setup, I
manually added those IP forwarding rules so they stay there all the
time. The router is still setup to allow UPNP configuration, but I
noticed when I re-ran CIEW (after installing ISA 2004) that it did not
say it found a UPNP compatible router as it had prior to the ISA
install. Is ISA settinging up the wrong network topology and thus not
working with the router properly, or is this normal? I think I'd have
to create a custom network in ISA to match my setup exactly, yes?
I appreciate your help on this matter - thanks!
.
- Follow-Ups:
- RE: Can't access /Exchange or /Remote after ISA 2004 installed
- From: "Crina Li"
- RE: Can't access /Exchange or /Remote after ISA 2004 installed
- Prev by Date: Re: SBS 2003 standard and MSDE or othe SQL DB
- Next by Date: Re: Resolve domain names internally
- Previous by thread: Controlling HTTP Access in Terminal Services
- Next by thread: RE: Can't access /Exchange or /Remote after ISA 2004 installed
- Index(es):
Relevant Pages
|
|
