Re: ISA Server 2004 doesn't allow external SSL connections
- From: "Merv Porter [SBS-MVP]" <mwport@xxxxxxxxxxxxxxxxxxx>
- Date: Wed, 15 Mar 2006 14:15:24 -0500
Hi Sid,
You should use your (public) static WAN IP adddress that your router is
getting from your ISP for the Web Server Certitificate. The re-run CEICW,
enable the firewall, select your services, complete the web certificate
(using your static public IP) and finish the wizard.
Have you forwarded port 4125 from the router to the (static) external NIC?
For ISA, do you have ISA 2004 SP1, SP2 or no SP installed?
To check RWW functionality, connect a laptop or spare workstation to a port
on the router and give it a static IP address in the same subnet as the LAN
side of the router. Then give it a gateway of the router IP. If you can
RWW into the SBS server from there, the problem may be in the router
configuration.
Also, please post the results of an ipconfig /all for the server.
Maybe a little better picture of what you're doing withthe network config...
----------------------------
For security reasons, you want to isolate your internal SBS NIC &
workstations from the router. Basically, you want to end up with three
separate networks:
+ The Internet which includes the router's (public) WAN side
+ A network that includes the router's (private) LAN side and the SBS
external NIC
+ A network that includes the SBS (private) LAN - i.e., the SBS internal
NIC and the workstations
To separate these, each has it's own subnet (IP address scheme).
There will be two firewalls established: one between the Internet and the
router's LAN (created by the router itself), and one between the router's
LAN and the SBS server (created by the firewall that comes with SBS - either
ISA or the Windows Basic Firewall). The router itself is the "bridge" for
the first firewall and the SBS external NIC is the "bridge" for the second.
So, the only thing that should be connected to the router is the external
NIC. This way, all LAN traffic headed for the Internet goes through the
server, out the external NIC and then out through the router. Conversely,
all Internet traffic comes in through the router and is forwarded to the
external SBS NIC where it is authenticated and processed by either ISA or
the Basic Firewall (depending on whether you have SBS 2003 Premium or
Standard) . If the firewall OKs the Internet traffic, it's allowed into the
LAN and forwarded to its final destination. If authentication fails, the
traffic is stopped at the external NIC.
----------------------------
--
Merv Porter [SBS MVP]
===================================
"SBS_NOOb" <sidjohri@xxxxxxxxx> wrote in message
news:1142447134.452468.45860@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Merv,
I tried what you suggested and looked at your diagram on the link on
smallbizserver website. My configuration now matches your diagram but I
still cannot access the RWW off-site. Based on your diagram would I be
using the WAN Gateway IP for my certificate or the 192.168.1.x IP I
have assigned as the static IP on my external NIC? I've tried it both
ways and neither seems to work. I looked through Event Viewer and I am
not generating any errors when I try to connect on any IP address. The
ISA connection limit per client is set at 160. I keep getting the Page
Cannot be displayed message when I try to connect. Do I need to change
something manually under the ISA Server Management console? Maybe the
SBS_Port_4125_Listener?
Thanks for your help.
-- Sid.
.
- References:
- ISA Server 2004 doesn't allow external SSL connections
- From: SBS_NOOb
- Re: ISA Server 2004 doesn't allow external SSL connections
- From: Merv Porter [SBS-MVP]
- Re: ISA Server 2004 doesn't allow external SSL connections
- From: SBS_NOOb
- ISA Server 2004 doesn't allow external SSL connections
- Prev by Date: Re: Client Exchange Server Connection
- Next by Date: Re: ISA 2004 - Microsoft Firewall Event ID 14147
- Previous by thread: Re: ISA Server 2004 doesn't allow external SSL connections
- Next by thread: Re: Open Licence
- Index(es):
Relevant Pages
|
