(damn send button got pressed before i'd thought :) Its a Web Publishing rule, I wasn't aware that you could do http through server publishing? -- Anthony Michaud Network Administrator Act! Certified Consultant eLogix Corporation Pty Ltd In theory, there is no difference between theory and practice. But in practice, there is. > -----Original Message----- > From: Mark Strangways [mailto:strangconst@xxxxxxxx] > Sent: Friday, 5 October 2001 12:13 > To: [ISAserver.org Discussion List] > Subject: [isalist] RE: Q: Cannot access published web server from inte > rnal network > > > http://www.ISAserver.org > > > How is it published ? Web rule or server rule ? > > ----- Original Message ----- > From: "Anthony Michaud" <anthonym@xxxxxxxxxxxxxx> > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> > Sent: Thursday, October 04, 2001 10:13 PM > Subject: [isalist] RE: Q: Cannot access published web server > from inte rnal network > > > http://www.ISAserver.org > > > I published the website, and can access it via the one method (ISA > redirect). I'm still attempting to get the ISA server to pass the > correct client IP to the website (eg: send 123.456.789.123 instead of > isa IP address). Is that even possible? > > -- > Anthony Michaud > Network Administrator > Act! Certified Consultant > eLogix Corporation Pty Ltd > > In theory, there is no difference between theory and practice. But in > practice, there is. > > > > -----Original Message----- > > From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] > > Sent: Friday, 5 October 2001 11:33 > > To: [ISAserver.org Discussion List] > > Subject: [isalist] RE: Q: Cannot access published web > server from inte > > rnal network > > > > > > http://www.ISAserver.org > > > > > > Which "this"; the workaround or leaving it be? > > > > > > Jim Harrison > > MCP(2K), A+, Network+, PCG > > > > > > ----- Original Message ----- > > From: "Anthony Michaud" <anthonym@xxxxxxxxxxxxxx> > > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> > > Sent: Thursday, October 04, 2001 18:21 > > Subject: [isalist] RE: Q: Cannot access published web server > > from inte rnal > > network > > > > > > http://www.ISAserver.org > > > > > > Hi Guys, > > > > I'd like to confirm that this does work - I've now just got to get > > multiple virtuals working ... *sighs* > > -- > > Anthony Michaud > > Network Administrator > > Act! Certified Consultant > > eLogix Corporation Pty Ltd > > > > In theory, there is no difference between theory and > practice. But in > > practice, there is. > > > > > > > -----Original Message----- > > > From: Thor@xxxxxxxxxxxxxxx [mailto:Thor@xxxxxxxxxxxxxxx] > > > Sent: Friday, 28 September 2001 10:39 > > > To: [ISAserver.org Discussion List] > > > Subject: [isalist] RE: Q: Cannot access published web > > server from inte > > > rnal network > > > > > > > > > http://www.ISAserver.org > > > > > > > > > This already works... With Server Publishing, anyway. I have > > > not tried it > > > with just Web Publishing. > > > > > > My www.domain.com site resolves to an external IP (DNS > > > maintained by ISP). > > > That IP is Server Published to an internal box. If an > > internal client > > > (using FW client or Web Proxy) goes to www.domain.com, it > > does indeed > > > re-route them to the internal site just like an external > > > client. The only > > > rub, like Jim said, is that it writes an event log saying > > > that there is a > > > conflict in the LAT blah blah blah. However, it does work... > > > I do it all > > > the time. > > > > > > > > > > > > ----- Original Message ----- > > > From: "Jim Harrison" <jim@xxxxxxxxxxxx> > > > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> > > > Sent: Thursday, September 27, 2001 5:19 PM > > > Subject: [isalist] RE: Q: Cannot access published web server > > > from inte rnal > > > network > > > > > > > > > > http://www.ISAserver.org > > > > > > > > > > > > Yes, I understood that, and even once thought that it > > should happen > > > > "transparently", but after fighting my way through it and > > > learning a bit > > > > about ISA, I came to understand that it just doesn't make > > > sense to ask the > > > > NAT process to "double-NAT" the packet when a direct > > > connection is not > > > only > > > > possible, but more efficient. > > > > > > > > Essentially, the packet travels like this: > > > > 1. the client at 192.168.0.2 gets the external IP for the > > > requested name, > > > > say 123.123.123.123. > > > > 2. the client then proceeds to ask ISA to proxy the request > > > to that IP > > > > address > > > > 3. ISA receives the request and attempts to route the > > > request to the NAT > > > > editor, who then realizes that the original source IP > and the new > > > > destination IP are in both the LAT. At this point the ISA > > > logic asks "why > > > > are we even trying to do this?" and drops the communication > > > while making > > > an > > > > event log entry. > > > > > > > > It's an effect I like to refer to as "isotropic IP bounce" > > > (with a smirk) > > > > and it's just doesn't make sense in the grand scheme of things. > > > > > > > > Jim Harrison > > > > MCP(2K), A+, Network+, PCG > > > > > > > > > > > > ----- Original Message ----- > > > > From: "Anthony Michaud" <anthonym@xxxxxxxxxxxxxx> > > > > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> > > > > Sent: Thursday, September 27, 2001 16:58 > > > > Subject: [isalist] RE: Q: Cannot access published web > > > server from inte > > > rnal > > > > network > > > > > > > > > > > > http://www.ISAserver.org > > > > > > > > > > > > Hi Jim, > > > > > > > > I think what Andrew is attempting is as follows (I can see > > > his logic, > > > > and wouldn't mind replicating :) > > > > > > > > + External user connects to http://my.web.site > > > > - Resolves to ISA external IP address > > > > - ISA proxies the request, and passes data back to > external user > > > > > > > > He wants to do the same, except substituting external > > with internal, > > > > giving one url for one address - it seems logical to do it > > > this way, as > > > > you don't have to manage two DNS servers, and attempt > to keep the > > > > mappings current and up to date. > > > > > > > > > -----Original Message----- > > > > > From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] > > > > > Sent: Thursday, 27 September 2001 23:55 > > > > > To: [ISAserver.org Discussion List] > > > > > Subject: [isalist] RE: Q: Cannot access published web > > > server from inte > > > > > rnal network > > > > > > > > > > > > > > > http://www.ISAserver.org > > > > > > > > > > > > > > > You want to translate www.externalname.com to an internal IP, > > > > > but you don't > > > > > want to provide name resolution with that capability? > > > > > Ok, you have to take the freeway to work, but you have to > > > > > ride your kid's > > > > > tricycle and you have to maintain the speed limit. > > > > > > > > > > Reality check, here; no host connects to another by using > > > > > names. That's > > > > > strictly for us dumb humans that can't remember a > 32-bit number. > > > > > Speaking of which, do you think IPv6 is going to make it > > > any easier? > > > > > Every TCP/IP connection that one host makes to another is > > > through IP > > > > > addresses and, if they're on the same routed subnet, MAC > > > addresses. > > > > > FQDN (DNS) resolution services allows hosts to talk to each > > > > > other *_ in > > > > > spite of _* the "friendly names" we use. > > > > > > > > > > Two choices; stop trying to "beat the system" and > > > > > 1. set up an internal DNS solution > > > > > or > > > > > 2. quit trying to connect internally using an > external name > > > > > > > > > > > > ------------------------------------------------------ > > > > You are currently subscribed to this ISAserver.org > > > Discussion List as: > > > > jim@xxxxxxxxxxxx > > > > To unsubscribe send a blank email to > > > $subst('Email.Unsub') > > > > > > > > > > > > > > > > ------------------------------------------------------ > > > > You are currently subscribed to this ISAserver.org > > > Discussion List as: > > > thor@xxxxxxxxxxxxxxx > > > > To unsubscribe send a blank email to > > > $subst('Email.Unsub') > > > > > > ------------------------------------------------------ > > > You are currently subscribed to this ISAserver.org Discussion > > > List as: anthonym@xxxxxxxxxxxxxx > > > To unsubscribe send a blank email to > > > $subst('Email.Unsub') > > > > > > > ------------------------------------------------------ > > You are currently subscribed to this ISAserver.org > Discussion List as: > > jim@xxxxxxxxxxxx > > To unsubscribe send a blank email to > > $subst('Email.Unsub') > > > > > > > > ------------------------------------------------------ > > You are currently subscribed to this ISAserver.org Discussion > > List as: anthonym@xxxxxxxxxxxxxx > > To unsubscribe send a blank email to > > $subst('Email.Unsub') > > > > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion > List as: strangconst@xxxxxxxx > To unsubscribe send a blank email to > $subst('Email.Unsub') > > > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion > List as: anthonym@xxxxxxxxxxxxxx > To unsubscribe send a blank email to > $subst('Email.Unsub') >