RE: Tracert shows different IP Resolve
- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Thu, 4 Sep 2003 18:18:57 -0500
Hi William,
If the only DNS server you have configured on the firewall is the
internal DNS server, then it will query that server for the name
resolution. Whatever answer it gives the Web Proxy service is the IP
address it'll use. If that server authoritative for the domain in
quesiton? If not, then it will send the query to the forwarder for
resolution.
HTH,
Tom
Thomas W Shinder
www.isaserver.org/shinder
ISA Server and Beyond: http://tinyurl.com/1jq1
Configuring ISA Server: http://tinyurl.com/1llp
-----Original Message-----
From: William Robertson
[mailto:robertson.william@xxxxxxxxxxxxxx]
Sent: Thursday, September 04, 2003 8:38 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] Tracert shows different IP Resolve
http://www.ISAserver.org
Hi there
I am trying to access a website on the "public" side of my ISA
Firewall, but it's actually not public because it is then "routed" (I
have a PIX managing my DMZ's) over a WAN link to another company where I
then access the private IP Address of their web server.
I am also hosting a secondary DNS Zone of this other company to
allow me to access their private addresses.
When I do an NSLOOKUP of the website from my workstation, it
returns the private IP Address (172.16.x.x) just fine. When I do a
TRACERT it also works fine.
BUT
When I do a TRACERT on the ISA Firewall, it all of a sudden
tries to access the Public IP Address of this web server. (The NSLOOKUP
from the ISA also returns the private address correctly). This then
explains why I cannot access this website from my IExplorer, but I would
like to know how to fix it.
The DNS of my ISA is setup as follows:
Internal Interface
- Use my own internal DNS with Forwarders set to my ISP
External Interface
- Nothing, both DNS entries are empty
Does anyone have any ideas on how to address such an issue?
Other related posts:
