RE: Q: Cannot access published web server from inte rnal network
- From: "Anthony Michaud" <anthonym@xxxxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Fri, 5 Oct 2001 12:17:41 +1000
(damn send button got pressed before i'd thought :)
Its a Web Publishing rule, I wasn't aware that you could do http through
server publishing?
--
Anthony Michaud
Network Administrator
Act! Certified Consultant
eLogix Corporation Pty Ltd
In theory, there is no difference between theory and practice. But in
practice, there is.
> -----Original Message-----
> From: Mark Strangways [mailto:strangconst@xxxxxxxx]
> Sent: Friday, 5 October 2001 12:13
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: Q: Cannot access published web server from inte
> rnal network
>
>
> http://www.ISAserver.org
>
>
> How is it published ? Web rule or server rule ?
>
> ----- Original Message -----
> From: "Anthony Michaud" <anthonym@xxxxxxxxxxxxxx>
> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> Sent: Thursday, October 04, 2001 10:13 PM
> Subject: [isalist] RE: Q: Cannot access published web server
> from inte rnal network
>
>
> http://www.ISAserver.org
>
>
> I published the website, and can access it via the one method (ISA
> redirect). I'm still attempting to get the ISA server to pass the
> correct client IP to the website (eg: send 123.456.789.123 instead of
> isa IP address). Is that even possible?
>
> --
> Anthony Michaud
> Network Administrator
> Act! Certified Consultant
> eLogix Corporation Pty Ltd
>
> In theory, there is no difference between theory and practice. But in
> practice, there is.
>
>
> > -----Original Message-----
> > From: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
> > Sent: Friday, 5 October 2001 11:33
> > To: [ISAserver.org Discussion List]
> > Subject: [isalist] RE: Q: Cannot access published web
> server from inte
> > rnal network
> >
> >
> > http://www.ISAserver.org
> >
> >
> > Which "this"; the workaround or leaving it be?
> >
> >
> > Jim Harrison
> > MCP(2K), A+, Network+, PCG
> >
> >
> > ----- Original Message -----
> > From: "Anthony Michaud" <anthonym@xxxxxxxxxxxxxx>
> > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> > Sent: Thursday, October 04, 2001 18:21
> > Subject: [isalist] RE: Q: Cannot access published web server
> > from inte rnal
> > network
> >
> >
> > http://www.ISAserver.org
> >
> >
> > Hi Guys,
> >
> > I'd like to confirm that this does work - I've now just got to get
> > multiple virtuals working ... *sighs*
> > --
> > Anthony Michaud
> > Network Administrator
> > Act! Certified Consultant
> > eLogix Corporation Pty Ltd
> >
> > In theory, there is no difference between theory and
> practice. But in
> > practice, there is.
> >
> >
> > > -----Original Message-----
> > > From: Thor@xxxxxxxxxxxxxxx [mailto:Thor@xxxxxxxxxxxxxxx]
> > > Sent: Friday, 28 September 2001 10:39
> > > To: [ISAserver.org Discussion List]
> > > Subject: [isalist] RE: Q: Cannot access published web
> > server from inte
> > > rnal network
> > >
> > >
> > > http://www.ISAserver.org
> > >
> > >
> > > This already works... With Server Publishing, anyway. I have
> > > not tried it
> > > with just Web Publishing.
> > >
> > > My www.domain.com site resolves to an external IP (DNS
> > > maintained by ISP).
> > > That IP is Server Published to an internal box. If an
> > internal client
> > > (using FW client or Web Proxy) goes to www.domain.com, it
> > does indeed
> > > re-route them to the internal site just like an external
> > > client. The only
> > > rub, like Jim said, is that it writes an event log saying
> > > that there is a
> > > conflict in the LAT blah blah blah. However, it does work...
> > > I do it all
> > > the time.
> > >
> > >
> > >
> > > ----- Original Message -----
> > > From: "Jim Harrison" <jim@xxxxxxxxxxxx>
> > > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> > > Sent: Thursday, September 27, 2001 5:19 PM
> > > Subject: [isalist] RE: Q: Cannot access published web server
> > > from inte rnal
> > > network
> > >
> > >
> > > > http://www.ISAserver.org
> > > >
> > > >
> > > > Yes, I understood that, and even once thought that it
> > should happen
> > > > "transparently", but after fighting my way through it and
> > > learning a bit
> > > > about ISA, I came to understand that it just doesn't make
> > > sense to ask the
> > > > NAT process to "double-NAT" the packet when a direct
> > > connection is not
> > > only
> > > > possible, but more efficient.
> > > >
> > > > Essentially, the packet travels like this:
> > > > 1. the client at 192.168.0.2 gets the external IP for the
> > > requested name,
> > > > say 123.123.123.123.
> > > > 2. the client then proceeds to ask ISA to proxy the request
> > > to that IP
> > > > address
> > > > 3. ISA receives the request and attempts to route the
> > > request to the NAT
> > > > editor, who then realizes that the original source IP
> and the new
> > > > destination IP are in both the LAT. At this point the ISA
> > > logic asks "why
> > > > are we even trying to do this?" and drops the communication
> > > while making
> > > an
> > > > event log entry.
> > > >
> > > > It's an effect I like to refer to as "isotropic IP bounce"
> > > (with a smirk)
> > > > and it's just doesn't make sense in the grand scheme of things.
> > > >
> > > > Jim Harrison
> > > > MCP(2K), A+, Network+, PCG
> > > >
> > > >
> > > > ----- Original Message -----
> > > > From: "Anthony Michaud" <anthonym@xxxxxxxxxxxxxx>
> > > > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> > > > Sent: Thursday, September 27, 2001 16:58
> > > > Subject: [isalist] RE: Q: Cannot access published web
> > > server from inte
> > > rnal
> > > > network
> > > >
> > > >
> > > > http://www.ISAserver.org
> > > >
> > > >
> > > > Hi Jim,
> > > >
> > > > I think what Andrew is attempting is as follows (I can see
> > > his logic,
> > > > and wouldn't mind replicating :)
> > > >
> > > > + External user connects to http://my.web.site
> > > > - Resolves to ISA external IP address
> > > > - ISA proxies the request, and passes data back to
> external user
> > > >
> > > > He wants to do the same, except substituting external
> > with internal,
> > > > giving one url for one address - it seems logical to do it
> > > this way, as
> > > > you don't have to manage two DNS servers, and attempt
> to keep the
> > > > mappings current and up to date.
> > > >
> > > > > -----Original Message-----
> > > > > From: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
> > > > > Sent: Thursday, 27 September 2001 23:55
> > > > > To: [ISAserver.org Discussion List]
> > > > > Subject: [isalist] RE: Q: Cannot access published web
> > > server from inte
> > > > > rnal network
> > > > >
> > > > >
> > > > > http://www.ISAserver.org
> > > > >
> > > > >
> > > > > You want to translate www.externalname.com to an internal IP,
> > > > > but you don't
> > > > > want to provide name resolution with that capability?
> > > > > Ok, you have to take the freeway to work, but you have to
> > > > > ride your kid's
> > > > > tricycle and you have to maintain the speed limit.
> > > > >
> > > > > Reality check, here; no host connects to another by using
> > > > > names. That's
> > > > > strictly for us dumb humans that can't remember a
> 32-bit number.
> > > > > Speaking of which, do you think IPv6 is going to make it
> > > any easier?
> > > > > Every TCP/IP connection that one host makes to another is
> > > through IP
> > > > > addresses and, if they're on the same routed subnet, MAC
> > > addresses.
> > > > > FQDN (DNS) resolution services allows hosts to talk to each
> > > > > other *_ in
> > > > > spite of _* the "friendly names" we use.
> > > > >
> > > > > Two choices; stop trying to "beat the system" and
> > > > > 1. set up an internal DNS solution
> > > > > or
> > > > > 2. quit trying to connect internally using an
> external name
> > > >
> > > >
> > > > ------------------------------------------------------
> > > > You are currently subscribed to this ISAserver.org
> > > Discussion List as:
> > > > jim@xxxxxxxxxxxx
> > > > To unsubscribe send a blank email to
> > > $subst('Email.Unsub')
> > > >
> > > >
> > > >
> > > > ------------------------------------------------------
> > > > You are currently subscribed to this ISAserver.org
> > > Discussion List as:
> > > thor@xxxxxxxxxxxxxxx
> > > > To unsubscribe send a blank email to
> > > $subst('Email.Unsub')
> > >
> > > ------------------------------------------------------
> > > You are currently subscribed to this ISAserver.org Discussion
> > > List as: anthonym@xxxxxxxxxxxxxx
> > > To unsubscribe send a blank email to
> > > $subst('Email.Unsub')
> > >
> >
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org
> Discussion List as:
> > jim@xxxxxxxxxxxx
> > To unsubscribe send a blank email to
> > $subst('Email.Unsub')
> >
> >
> >
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org Discussion
> > List as: anthonym@xxxxxxxxxxxxxx
> > To unsubscribe send a blank email to
> > $subst('Email.Unsub')
> >
>
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion
> List as: strangconst@xxxxxxxx
> To unsubscribe send a blank email to
> $subst('Email.Unsub')
>
>
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion
> List as: anthonym@xxxxxxxxxxxxxx
> To unsubscribe send a blank email to
> $subst('Email.Unsub')
>
Other related posts:
