Re: SSL Bridging Fun - SOLVED!
- From: Tony Lou <lout@xxxxxxxxxx>
- To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
- Date: Tue, 16 Jul 2002 16:03:28 +1000
Thanks Jim,
What a fantastic document.
As it turns out, my DNS is set up as per your scenario 2 "External-Only
DNS".
The key to my problem was the local DNS cache which I was completely unaware
of.
There was no problem externally all along. Had I issued "ipconfig /flushdns"
on my internal testing machine, I would have found that all was OK.
I now have SSL Bridging for both internal and external clients, as
configured according to your document; "DNS for ISA Server", and Shobha
Sharma's document; "Configuring SSL Bridging".
I'd like to present you guys with the award of "Legend".
Please accept with my gratitude :)
Thanks heaps,
Tony Lou
-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
Sent: Tuesday, 16 July 2002 11:59 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: SSL Bridging Fun
http://www.ISAserver.org
RE: [isalist] Re: SSL Bridging FunActually, you already have my favorite
choice in place; the internal domain name is based on the public domain
name. This allows you to register only one name and still have two different
cakes to eat.. http://isaserver.org/pages/articles.asp?art=64 should get you
started on the split DNS question.
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/authors/harrison/
Read the books!
----- Original Message -----
From: Tony Lou
To: [ISAserver.org Discussion List]
Sent: Monday, July 15, 2002 5:24 PM
Subject: [isalist] Re: SSL Bridging Fun
http://www.ISAserver.org
Hi Jim,
Thanks for your response.
In answer to your question, sort of.
Our external domain name is "fpa.asn.au",
Our internal is "nt.fpa.asn.au".
Also, I do have an entry in the hosts file on the ISA server pointing to the
internal address of the web server. A ping from the command prompt on the
ISA server confirms that it resolves to the internal address. Thinking about
it last night, I've come to realise that it may in fact be working for the
outside world, but not for us internally because all of our clients point to
the ISA server for DNS, (which then forwards external bound to our ISP's DNS
servers). Therefore an internal client will see the "loop" error, whereas
the outside presumably wouldn't? This is what I'll be testing in the next
hour. Would appreciate a pointer to information on "split DNS structures".
Particularly as we'll be moving to active directory and Exchange 2000 soon
which, as I understand it, will require the use of our external domain name
internally as well. Cheers, and Thanks, Tony Lou
This message contains privileged and confidential information. If you are not
the intended recipient you must not disseminate, copy or take any action in
reliance on it, and we request that you notify the FPA immediately. Any views
expressed in this message are those of the individual sender, except where they
are specifically stated to be the views of the FPA. For information about how
the FPA deals with personal information see the FPA Statement of Privacy Policy
on www.fpa.asn.au
This e-mail message has been scanned for Viruses and Content and cleared
by MailMarshal
For more information please visit www.marshalsoftware.com
Other related posts:
