Re: E-Commerce Using Web Publishing on ISA
- From: "Jim Harrison" <jim@xxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Tue, 4 Dec 2001 09:24:36 -0800
You need to allow 1139 as an SSL port:
http://support.microsoft.com/default.aspx?scid=kb;EN-US;Q283284
Jim Harrison
MCP(NT4, 2K), A+, Network+, PCG
http://isaserver.org/authors/harrison/
----- Original Message -----
From: Colter Bowman
To: [ISAserver.org Discussion List]
Sent: Tuesday, December 04, 2001 09:15
Subject: [isalist] E-Commerce Using Web Publishing on ISA
http://www.ISAserver.org
To All,
I have a network setup with one ISA Server Stand Alone, using SecureNAT for
the internal clients. I have a SQL 2000 Server internally as well as a Windows
2000 Adv Server for my Webserver. I have multiple sites published from the
internal server with no problems; everything that is static seems to work fine.
I have websites that work in conjunction with the database server that
function correctly. I have now run into an error that prevents me from having
any kind of e-commerce website on my internal machine. When processing
e-commerce as you may know you will need to communicate through SSL as well as
send data to your credit card authorization company. I have put this box
completely on the outside and it seems to work fine, it's when I bring it
inside that I have errors. I need to have this on the inside for protection
and security. The only other port that I will be using is port 1139. In all I
will be using port 80, 443, and 1139. I cannot get 1139 to run or process which
then stops me in my tracks when trying to place an order on the website. I
have a firewall client on this machine as well, but am unsure how to make a
custom ip bind since the ecommerce tag is a .dll and not an application, should
I use the firewall client at all to publish this 1139 port. If I have multiple
scenarios, ip packet filters and protocol rules, can they conflict? Scenarios
I have tried for the internal webserver to work with the outside authorization:
Server Properties - Outgoing Web Requests, use the same listener
configuration for all internal ip addresses, tcp port 8080, ssl port 8443,
checked enable ssl listeners
Server Publishing - publish 1139 protocol rule, using external NIC of
ISA Server, points to the internal address of the webserver, any request
Internal Web Requests - use the same listener configuration for all internal
ip addresses, tcp port 80, ssl port 443, checked enable ssl listeners
Protocol Rule - Scope is Array, Protocol 1139 with inbound as the primary
connection, applies to any request
IP Packet Filter - Custom Filter, 1139 fixed, both directions, any remote
computer
Would I be better off trying to allow full rights to my credit card
authorization company domain, and give them complete rights, would that resolve
this issue, if so how do give all rights to a domain?
Would I be better putting this on a DMZ, would that prove any different, if
so what is the best scenario
ISA Server - Live IP 66.5.4.3
Internal IP, 192.168.1.1
DMZ, 66.5.4.2
Webserver, 66.5.4.8
Then should I make the ip of the external box 66.5.4.8 so it can make it to
the outside world.
I am open to any options or ideas anyone has so I can get this port to work
correctly. I have 3 nic cards in the ISA box now, so to use DMZ would not be
hard.
Any ideas would be greatly appreciated..are there anymore questions?
Thanks in advance
Colter
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
Other related posts:
