RE: Q: Cannot access published web server from inte rnal network
- From: "Anthony Michaud" <anthonym@xxxxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Fri, 5 Oct 2001 12:13:26 +1000
I published the website, and can access it via the one method (ISA
redirect). I'm still attempting to get the ISA server to pass the
correct client IP to the website (eg: send 123.456.789.123 instead of
isa IP address). Is that even possible?
--
Anthony Michaud
Network Administrator
Act! Certified Consultant
eLogix Corporation Pty Ltd
In theory, there is no difference between theory and practice. But in
practice, there is.
> -----Original Message-----
> From: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
> Sent: Friday, 5 October 2001 11:33
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: Q: Cannot access published web server from inte
> rnal network
>
>
> http://www.ISAserver.org
>
>
> Which "this"; the workaround or leaving it be?
>
>
> Jim Harrison
> MCP(2K), A+, Network+, PCG
>
>
> ----- Original Message -----
> From: "Anthony Michaud" <anthonym@xxxxxxxxxxxxxx>
> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> Sent: Thursday, October 04, 2001 18:21
> Subject: [isalist] RE: Q: Cannot access published web server
> from inte rnal
> network
>
>
> http://www.ISAserver.org
>
>
> Hi Guys,
>
> I'd like to confirm that this does work - I've now just got to get
> multiple virtuals working ... *sighs*
> --
> Anthony Michaud
> Network Administrator
> Act! Certified Consultant
> eLogix Corporation Pty Ltd
>
> In theory, there is no difference between theory and practice. But in
> practice, there is.
>
>
> > -----Original Message-----
> > From: Thor@xxxxxxxxxxxxxxx [mailto:Thor@xxxxxxxxxxxxxxx]
> > Sent: Friday, 28 September 2001 10:39
> > To: [ISAserver.org Discussion List]
> > Subject: [isalist] RE: Q: Cannot access published web
> server from inte
> > rnal network
> >
> >
> > http://www.ISAserver.org
> >
> >
> > This already works... With Server Publishing, anyway. I have
> > not tried it
> > with just Web Publishing.
> >
> > My www.domain.com site resolves to an external IP (DNS
> > maintained by ISP).
> > That IP is Server Published to an internal box. If an
> internal client
> > (using FW client or Web Proxy) goes to www.domain.com, it
> does indeed
> > re-route them to the internal site just like an external
> > client. The only
> > rub, like Jim said, is that it writes an event log saying
> > that there is a
> > conflict in the LAT blah blah blah. However, it does work...
> > I do it all
> > the time.
> >
> >
> >
> > ----- Original Message -----
> > From: "Jim Harrison" <jim@xxxxxxxxxxxx>
> > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> > Sent: Thursday, September 27, 2001 5:19 PM
> > Subject: [isalist] RE: Q: Cannot access published web server
> > from inte rnal
> > network
> >
> >
> > > http://www.ISAserver.org
> > >
> > >
> > > Yes, I understood that, and even once thought that it
> should happen
> > > "transparently", but after fighting my way through it and
> > learning a bit
> > > about ISA, I came to understand that it just doesn't make
> > sense to ask the
> > > NAT process to "double-NAT" the packet when a direct
> > connection is not
> > only
> > > possible, but more efficient.
> > >
> > > Essentially, the packet travels like this:
> > > 1. the client at 192.168.0.2 gets the external IP for the
> > requested name,
> > > say 123.123.123.123.
> > > 2. the client then proceeds to ask ISA to proxy the request
> > to that IP
> > > address
> > > 3. ISA receives the request and attempts to route the
> > request to the NAT
> > > editor, who then realizes that the original source IP and the new
> > > destination IP are in both the LAT. At this point the ISA
> > logic asks "why
> > > are we even trying to do this?" and drops the communication
> > while making
> > an
> > > event log entry.
> > >
> > > It's an effect I like to refer to as "isotropic IP bounce"
> > (with a smirk)
> > > and it's just doesn't make sense in the grand scheme of things.
> > >
> > > Jim Harrison
> > > MCP(2K), A+, Network+, PCG
> > >
> > >
> > > ----- Original Message -----
> > > From: "Anthony Michaud" <anthonym@xxxxxxxxxxxxxx>
> > > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> > > Sent: Thursday, September 27, 2001 16:58
> > > Subject: [isalist] RE: Q: Cannot access published web
> > server from inte
> > rnal
> > > network
> > >
> > >
> > > http://www.ISAserver.org
> > >
> > >
> > > Hi Jim,
> > >
> > > I think what Andrew is attempting is as follows (I can see
> > his logic,
> > > and wouldn't mind replicating :)
> > >
> > > + External user connects to http://my.web.site
> > > - Resolves to ISA external IP address
> > > - ISA proxies the request, and passes data back to external user
> > >
> > > He wants to do the same, except substituting external
> with internal,
> > > giving one url for one address - it seems logical to do it
> > this way, as
> > > you don't have to manage two DNS servers, and attempt to keep the
> > > mappings current and up to date.
> > >
> > > > -----Original Message-----
> > > > From: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
> > > > Sent: Thursday, 27 September 2001 23:55
> > > > To: [ISAserver.org Discussion List]
> > > > Subject: [isalist] RE: Q: Cannot access published web
> > server from inte
> > > > rnal network
> > > >
> > > >
> > > > http://www.ISAserver.org
> > > >
> > > >
> > > > You want to translate www.externalname.com to an internal IP,
> > > > but you don't
> > > > want to provide name resolution with that capability?
> > > > Ok, you have to take the freeway to work, but you have to
> > > > ride your kid's
> > > > tricycle and you have to maintain the speed limit.
> > > >
> > > > Reality check, here; no host connects to another by using
> > > > names. That's
> > > > strictly for us dumb humans that can't remember a 32-bit number.
> > > > Speaking of which, do you think IPv6 is going to make it
> > any easier?
> > > > Every TCP/IP connection that one host makes to another is
> > through IP
> > > > addresses and, if they're on the same routed subnet, MAC
> > addresses.
> > > > FQDN (DNS) resolution services allows hosts to talk to each
> > > > other *_ in
> > > > spite of _* the "friendly names" we use.
> > > >
> > > > Two choices; stop trying to "beat the system" and
> > > > 1. set up an internal DNS solution
> > > > or
> > > > 2. quit trying to connect internally using an external name
> > >
> > >
> > > ------------------------------------------------------
> > > You are currently subscribed to this ISAserver.org
> > Discussion List as:
> > > jim@xxxxxxxxxxxx
> > > To unsubscribe send a blank email to
> > $subst('Email.Unsub')
> > >
> > >
> > >
> > > ------------------------------------------------------
> > > You are currently subscribed to this ISAserver.org
> > Discussion List as:
> > thor@xxxxxxxxxxxxxxx
> > > To unsubscribe send a blank email to
> > $subst('Email.Unsub')
> >
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org Discussion
> > List as: anthonym@xxxxxxxxxxxxxx
> > To unsubscribe send a blank email to
> > $subst('Email.Unsub')
> >
>
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> jim@xxxxxxxxxxxx
> To unsubscribe send a blank email to
> $subst('Email.Unsub')
>
>
>
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion
> List as: anthonym@xxxxxxxxxxxxxx
> To unsubscribe send a blank email to
> $subst('Email.Unsub')
>
Other related posts:
