Re: Possible newbie mistake...publishing
- From: Jim Harrison <jim@xxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Mon, 26 Apr 2004 06:19:41 -0700
#1 - don't test publishing rules from inside.
#2 - the data in teh destination set MUST account for any valid method the
external user may request from the site. If you intend to support
"www.domain.tld", then the destination set must include "www.domain.tld".
#3 - Do not use the protocol prefix *http://, ftp://) in teh destination set
domain data
#4 - for testing purposes, leave teh path field blank. Once you get a
connection through ISA, you can limit it to valid paths on your web server.
#5 - 12202 is specific to a destination-based rule failure; your request is not
matching any "allowed" destination
HTH,
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/Jim_Harrison/
http://isatools.org
Read the help / books / articles!
On Mon, 26 Apr 2004 02:30:29 -0400
"nu be" <nube04mc@xxxxxxxxxxx> wrote:
http://www.ISAserver.org
Thanks
I'm testing this from inside my network. On the external interface of the ISA
server I have an IP for the server itself, one that points to the web server
and one that points to the mail server. This makes a total of 3 static IP's on
the external interface.
The "redirect location" in the web publishing rules is the IP of the internal
web server, which is seperate from the ISA server. I have 2 web sites that I'm
trying to publish right now so I've created a destination set and web
publishing rule for each site. I wasn't sure about the path because each site
is usually accessible by typing their names:
www.nusolutions.biz
www.nubiint.com
but for the sake of testing I added "/index.html" as the path for nusolutions
and "/*." for nubiint. This in itself is confusing because if I type in
www.nusolutions.biz I get the following error:
403 Forbidden - The server denies the specified Uniform Resource Locator (URL).
Contact the server administrator. (12202)
Internet Security and Acceleration Server
If I type www.nusolutions.biz/index.html I get the following page not found
error:
HTTP 400 - Bad Request
Internet Explorer
This is the same for the other site. Users normally can just type the names
without the /index.html to access the home page of the sites.
Using the "Troubleshooting_Web_Publishing" doc it states that this could be a
web publishing or IIS issue. I don't have IIS installed and running on the ISA
server so I'm assuming the problem is either with IIS on the web server itself
or something else related to the rule so I proceed down the checklist as
follows:
1. Does the Web site name on the Internet resolve to an IP address on ISA
Server computer?s external network adapter?
I had the ISP point my host records to 205.179.209.100 and this is what the
websites resolve to on the internet. I also added this IP to the external
interface of the ISA server.
2. Is the value in the destination set used in the Web publishing rule the same
as what a user would type into a browser?
The value destination for each site is as follows:
www.nusolutions.biz
www.nubiint.com
3. In the Action tab of a Web publishing rule, is the internal server specified
by the IP address or the fully qualified domain name (FQDN)?
The internal server is specified by IP.
4. Is the destination set name identical to the FQDN of the hosted Web server?
Nope! It's set to the IP.
5. Are the SSL bridging settings appropriate for your Web publishing setup?
Not using SSL
6. Is there a routing rule that redirects to an upstream server requests for
the Web publishing destination set (or requests for all destination sets)?
Not really sure but if they're referring to the publishing rule then it
redirects to the internal web server.
7. Are you requiring authentication on both the ISA Server computer and the Web
server?
Nope.
8. Can Web responses bypass ISA Server when returned to the external client?
Running tracert www.nusolutions.biz on the web server returns the following:
C:\>tracert www.nusolutions.biz
Tracing route to nusolutions.biz [205.179.209.100]
over a maximum of 30 hops:
1 <1 ms <1 ms <1 ms 205-179-209-100.client.dsl.net
[205.179.209.100]
Trace complete.
C:\>
At this point I could use some more input on troubleshooting this issue.
Any responses are appreciated.
Thanks
>From: Jim Harrison <jim@xxxxxxxxxxxx>
>Reply-To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
>To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
>Subject: [isalist] Re: Possible newbie mistake...publishing
>Date: Sat, 24 Apr 2004 17:41:34 -0700
>
>http://www.ISAserver.org
>
>Q1 - where aer you testing this from; outside or inside the LAN?
>Q2 - Have you addede all the external IPs to the ISA server?
>Q3 - What is the "redirect" location specified in teh web publishing rule?
>
> Jim Harrison
> MCP(NT4, W2K), A+, Network+, PCG
> http://isaserver.org/Jim_Harrison/
> http://isatools.org
> Read the help / books / articles!
>
>
>On Sat, 24 Apr 2004 10:13:19 -0400
> "nu be" <nube04mc@xxxxxxxxxxx> wrote:
>http://www.ISAserver.org
>
>I've managed to get ISA 2000 installed on a W2K3 server but I think I made a
>newbie mistake and could use some guidance. I have an SDSL connection with
>static IP's. The IP on the external interface of the ISA server is set at lets
>say 205.179.209.98. I have seperate static IP's that I want to assign to my
>web and email servers. Since the ISP's are hosting my zone files I had them
>assign the IP's as follows:
>Email Server: 205.179.209.99
>Web Server: 205.179.209.100
>
>I go and attempt to publish my web server according to the
>"Publish_Internal_Web.doc" and find that I can't access the site. One of the
>steps in the "Troubleing_Web_Publishing" doc ask
>"Does the Web site name on the internet resolve to an IP address on the ISA
>Server computer?s external network adapter?"
>When trying to access one of the websites I get the following error:
>
>10060 - Connection timeout
>Internet Security and Acceleration Server
>
>Technical Information (for support personnel)
>
>Background:
>When the server, while acting as a gateway or proxy, contacted the upstream
>content server, it did not receive a timely response.
>
>nslookup on the websites, www.nubiint.com and www.nusolutions.biz return
>205.179.209.100 instead of the ISA servers external interface of
>205.179.209.98. Is this a situation where I have to call and have the ISP
>point everything to 205.179.209.98? Or could it be a DNS issue? I don't have
>internet access or IIS installed on the ISA server and I plan on addressing
>that in another post.
>Any responses on this issue is appreciated.
>
>Thanks
>
>_________________________________________________________________
>Test your ?Travel Quotient? and get the chance to win your dream trip!
>http://travel.msn.com
>
>
>------------------------------------------------------
>List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
>ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
>ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
>------------------------------------------------------
>Other Internet Software Marketing Sites:
>Leading Network Software Directory: http://www.serverfiles.com
>No.1 Exchange Server Resource Site: http://www.msexchange.org
>Windows Security Resource Site: http://www.windowsecurity.com/
>Network Security Library: http://www.secinf.net/
>Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
>------------------------------------------------------
>You are currently subscribed to this ISAserver.org Discussion List as:
>jim@xxxxxxxxxxxx
>To unsubscribe send a blank email to $subst('Email.Unsub')
>
>------------------------------------------------------
>List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
>ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
>ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
>------------------------------------------------------
>Other Internet Software Marketing Sites:
>Leading Network Software Directory: http://www.serverfiles.com
>No.1 Exchange Server Resource Site: http://www.msexchange.org
>Windows Security Resource Site: http://www.windowsecurity.com/
>Network Security Library: http://www.secinf.net/
>Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
>------------------------------------------------------
>You are currently subscribed to this ISAserver.org Discussion List as:
>nube04mc@xxxxxxxxxxx
>To unsubscribe send a blank email to $subst('Email.Unsub')
_________________________________________________________________
Watch LIVE baseball games on your computer with MLB.TV, included with MSN
Premium!
http://join.msn.com/?page=features/mlb&pgmarket=en-us/go/onm00200439ave/direct/01/
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
Other related posts:
