RE: Publish Internal Terminal Server which is behind layer 3 switch

• From: "Carson Tu" <ctu@xxxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Tue, 12 Nov 2002 14:09:34 -0500

Shawn:

Thanks you very much for your reply. I think it is helpful.
I previously have 192.168.0.0-192.168.255.255 entry in my LAT. I think that 
cover 192.168.5.x subnet. Anyway, I add another entry for 5.x.
Things seems wired right now. The publishing of TS from 5.x sometimes work. But 
it is not stable, sometime it doesn't work. 
Right now, I have "allow all" package filter disabled, and didn't add any new 
package filter rule. I have 5.x entry in LAT. TS publishing works in 90% of 
chance. But it fail 2 times. Once it fail, it will fail within 1-5 minites. 
Then it back to work without any reason. I delete the 5.x entry in LAT for 
testing. It is the same story, sometime works, sometime is doesn't. I am keep 
on trying. But didn't have a conclusion yet. I will keep tracking this problem 
and post the result if I have. Right now, it is working. If it doesn't fail 
within 1 day. I will say the publishing success.

Thanks.

Carson

-----Original Message-----
From: Quillman Shawn (RBNA/CIT7) [mailto:Shawn.Quillman@xxxxxxxxxxxx]
Sent: Tuesday, November 12, 2002 12:38 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Publish Internal Terminal Server which is behind
la yer 3 switch


http://www.ISAserver.org



Do you have 192.168.5.x in your LAT?

-Shawn

-----
Shawn R. Quillman
Robert Bosch Corporation RBNA/CIT7
38000 Hills Tech Drive
Farmington Hills, MI  48331
(248) 553-1164 (P)     (248) 848-2855 (F)
shawn.quillman@xxxxxxxxxxxx


-----Original Message-----
From: Carson Tu [mailto:ctu@xxxxxxxxxxxx]
Sent: Tuesday, November 12, 2002 12:33 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Publish Internal Terminal Server which is behind
layer 3 switch


http://www.ISAserver.org


I don't mean to ask everybody back to previous discussion of TS publish. But
my case is different. Because there is a layer 3 switch in this picture. 

I have ISA server connecting to public network and internally 192.168.2.x
network. There is another internal subnet, 192.168.5.x, in which we have a
win2K server with TS need to be publish into internet. The 2 internal subnet
are connected by Exterme Summit48 switch with VLAN. We do add route to both
the switch and our ISA server. Routing is working fine.
I have successfully publish some server on 192.168.2.x subnet with
alternative port. But when I do the same to the server on 5.x subnet, I
cannot connect it through external network. The interesting thing is, if I
eliminate the IP package filter on ISA by enable the "Allow ALL" rule. The
publishing of 5.x subnet works! If I disable "allow all" rule, just have the
default rule plus enable "allow TCP 33xx/both direction" rule, the TS
publish doesn't work for 192.168.5.x subnet. But, it work for 192.168.2.x
subnet. So, I believe, I must have to setup a new IP package filter for 5.x
subnet TS publishing. 

Does anybody have idea about what kind of IP package filter I need to setup?
This filter must not need for 2.x subnet, which is connecting to ISA
internal NIC directly. How does the layer 3 switch make a different IP
package?

Thanks.

Carson 

List Sponsored by Aspelle
Aspelle's Microsoft-centric, Aspelle Everywhere, leverages ISA server and
the Internet to quickly and cost-effectively manage and deliver secure,
client-less access to all corporate applications (Web, Unix, Windows and
legacy systems), for all users.
More info at http://www.aspelle.com/info

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
shawn.quillman@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

List Sponsored by Aspelle
Aspelle's Microsoft-centric, Aspelle Everywhere, leverages ISA server and the 
Internet to quickly and cost-effectively manage and deliver secure, client-less 
access to all corporate applications (Web, Unix, Windows and legacy systems), 
for all users.
More info at http://www.aspelle.com/info

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as: 
ctu@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

Other related posts:

• » Publish Internal Terminal Server which is behind layer 3 switch
• » RE: Publish Internal Terminal Server which is behind layer 3 switch
• » Re: Publish Internal Terminal Server which is behind layer 3 switch
• » RE: Publish Internal Terminal Server which is behind layer 3 switch

1. Home
2. isalist
3. Archive
4. 11-2002

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---