How to Enable Translating Client Source Address in Server Publish ing
- From: Yoel Valiente Napoles <Yoel@xxxxxxxxxxxxx>
- To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
- Date: Thu, 10 Jul 2003 09:54:19 -0400
I solved that problem with this I articulate of microsoft for that it didn't
work me any publication rule
How to Enable Translating Client Source Address in Server Publishing
The information in this article applies to:
Microsoft Internet Security and Acceleration Server 2000
Microsoft Internet Security and Acceleration Server 2000 SP1
This article was previously published under Q311777
IMPORTANT: This article contains information about modifying the registry.
Before you modify the registry, make sure to back it up and make sure that
you understand how to restore the registry if a problem occurs. For
information about how to back up, restore, and edit the registry, click the
following article number to view the article in the Microsoft Knowledge
Base:
256986 Description of the Microsoft Windows Registry
SUMMARYThis article describes how to enable the translation of the client
source address in server publishing. This feature is provided by Internet
Security and Acceleration (ISA) Server 2000 Service Pack 1.
Note: This feature allows Server publishing to work correctly when using
Network Load Balancing (NLB) on the external Interface of ISA. Without this
change, server publishing is not supported when using NLB on the external
interface.
MORE INFORMATIONWARNING: If you use Registry Editor incorrectly, you may
cause serious problems that may require you to reinstall your operating
system. Microsoft cannot guarantee that you can solve problems that result
from using Registry Editor incorrectly. Use Registry Editor at your own
risk.
To enable the translation of the client source address in server publishing:
Obtain and install ISA Server 2000 Service Pack 1.For additional information
about how to obtain the latest ISA Server service pack, click the article
number below to view the article in the Microsoft Knowledge Base:
313139 How to Obtain the latest Internet Security and Acceleration Server
2000 Service Pack
Edit the registry:
Start Registry Editor (Regedt32.exe), and then locate and click the
following registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Fwsrv\Parameters
On the Edit menu, click Add Value, and then add the following registry
value:
Value name: UseISAAddressInPublishing
Data type: REG_DWORD
Radix: Binary
Value data: 1
Quit Registry Editor.
Restart the Firewall service from the Services tool in Control Panel.
In typical server publishing with ISA Server, incoming packets are received
by the Firewall service and the destination address is changed in the new
request that is sent to the internal server. The original destination
address was the ISA server's external IP address, and the new destination
address is the IP address of the internal published server. However, this
new packet that was sent from the ISA Server computer to the internal server
still has the original source address of the external client where the
packet originated.
This requires that the internal server have a default route to the Internet
through ISA Server for reply packets to be returned back to the source
(after being appropriately translated by ISA Server on the way out).
Some large corporate networks do not have default routes out to the
Internet, and in those environments, this can be a problem.
A feature has been introduced in ISA Server 2000 Service Pack 1 allows you
to set a registry value that causes ISA Server to also replace the source
address of these incoming requests so that the packets that are sent to the
internal server have the source address of the ISA Server computer. This
allows the normal IP routing configuration in these large networks to route
these packets back to the ISA Server computer which can then NAT these
packets back to the original external host where the request originated.
Note: This feature works only if the published protocol does not require an
application filter (there were no secondary connections in the protocol) and
for publishing FTP and RPC servers (only FTP and RPC application filters
have this support).
Last Reviewed: 1/18/2003
Keywords: kbhowto kbISAServ2000sp1fix kbnetwork KB311777
Other related posts:
