RE: Which "Network Template" to apply?
- From: "Marty Nelson" <MNelson@xxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Mon, 5 Dec 2005 14:20:33 -0800
I swear it must be me that makes things harder than they need to be.
Seriously, this kind of stuff always happens to me.
That being said, I've had a breakthrough. What I was trying to do was
have any requests for www.whatever.com/folder reverse proxy back to my
internal site. Now let me say this, www.whatever.com is being hosted on
the ISA box, and no matter what I did I could not get the /folder to
reverse proxy. What I did as a test was shutdown www.whatever.com and
create a publishing rule that directed any traffic to the whatever.com
IP address to my internal site, and it worked!
Now, all of that being said, can I not do what I was trying to do
originally? Meaning, can I not have ISA listen for requests to
www.whatever.com/folder, and reverse only those requests?
Thanks again,
Marty
-----Original Message-----
From: Steve Moffat [mailto:steve@xxxxxxxxxx]
Sent: Monday, December 05, 2005 2:03 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Which "Network Template" to apply?
http://www.ISAserver.org
It isn't....normally
-----Original Message-----
From: Marty Nelson [mailto:MNelson@xxxxxxxxxxxx]
Sent: Monday, December 05, 2005 5:23 PM
To: ISA Mailing List
Subject: [isalist] RE: Which "Network Template" to apply?
http://www.ISAserver.org
Steve while I appreciate the post, what I don't think I've conveyed is
that I've done what you've suggested, and I just cannot get it to work.
What I am trying to do here is figure out what exactly I'm doing wrong
so I can remedy it. Believe me; I had no idea that setting up a reverse
proxy in ISA was this difficult.
-----Original Message-----
From: Steve Moffat [mailto:steve@xxxxxxxxxx]
Sent: Monday, December 05, 2005 12:56 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Which "Network Template" to apply?
http://www.ISAserver.org
Geez...
forward port 80 from the BSD FW to the ISA, publish your website using
the web publishing wizard.
From the external nic (10.) to the published website, which can be an IP
address or an fqdn if you have it in your dns and isa has an allow rule
for dns, or by hosts file.
S
Looks like a lot of reading is required beforehand first of almmend
buying Tom's books on ISA.
________________________________
From: Marty Nelson [mailto:MNelson@xxxxxxxxxxxx]
Sent: Monday, December 05, 2005 4:43 PM
To: ISA Mailing List
Subject: [isalist] RE: Which "Network Template" to apply?
http://www.ISAserver.org
Thanks Tom.
Your paper on "Playing well with others" all but describes what I'm
trying to do in the section titled "The ISA Firewall in a PIX DMZ
Configuration". What I am so utterly unclear on is how to implement it.
Like I mentioned earlier, I have two interfaces. One on the 10. range
which is in my BSD's DMZ and one in the 192. range that's in my internal
network.
When I view my Networks, what should I have under the "Internal
Networks"? I would assume just my 192.168 range? That's not even
getting into successfully publishing my internal web server.
________________________________
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
Sent: Monday, December 05, 2005 11:21 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Which "Network Template" to apply?
http://www.ISAserver.org
Hi Marty,
Edge firewall is what I would use. Then search the ISAserver.org site
for PIX for deployment scenario info.
HTH,
Tom
Thomas W Shinder, M.D.
Site: www.isaserver.org <http://www.isaserver.org/>
Blog: http://spaces.msn.com/members/drisa/
Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7>
MVP -- ISA Firewalls
**Who is John Galt?**
________________________________
From: Marty Nelson [mailto:MNelson@xxxxxxxxxxxx]
Sent: Monday, December 05, 2005 1:17 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Which "Network Template" to apply?
http://www.ISAserver.org
Hi Tom;
I only have two NIC's installed, so I take it that I'm using the
wrong template, and have switched it back to the default, which was
"Edge Firewall". Which is the best to use if I'm trying to reverse
proxy an internal server?
Here's how my server's currently setup:
NIC1: 10.100.2.15 (in DMZ, although still behind main OpenBSD
firewall)
NIC2: 192.168.2.29 (in company's internal network, behind
OpenBSD firewall)
Thanks,
Marty
________________________________
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
Sent: Monday, December 05, 2005 10:59 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Which "Network Template" to apply?
http://www.ISAserver.org
Hi Marty,
For reverse proxy, I'd only do two NICs. What's the third NIC
for?
tom
Thomas W Shinder, M.D.
Site: www.isaserver.org <http://www.isaserver.org/>
Blog: http://spaces.msn.com/members/drisa/
Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7>
MVP -- ISA Firewalls
**Who is John Galt?**
________________________________
From: Marty Nelson
[mailto:MNelson@xxxxxxxxxxxx]
Sent: Monday, December 05, 2005 12:41 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Which "Network Template" to apply?
http://www.ISAserver.org
Good Monday all. I'm wondering which template should I
be using in the following configuration? Currently it's setup using the
"3-Leg Perimeter" template.
My ISA server is in my DMZ, behind my company's main
OpenBSD firewall. Ideally it will be used strictly as a reverse proxy
(if I can ever get it to work! Feel free to see my other thread on that
bugger).
Thanks,
Marty
------------------------------------------------------
List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other
sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org
Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion
List as: mnelson@xxxxxxxxxxxx
To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion
List as: tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
mnelson@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
isalist@xxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
mnelson@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
isalist@xxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
mnelson@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
Other related posts:
