Addicted to blogging
posted by Helge Olav Helgsen @ 11:19
0 comments
links to this post
The world seen from an IT consultant's perspective
What I care about...
Saturday, March 01, 2008
Tuesday, January 29, 2008
Publishing ports on ISA server when single-NIC template is used
A well known fact on the ISA servers is that to do web publishing well but is not very good on other applications. Today I was given the task to publish an arbitrarily port on an existing ISA server used only for web publishing.
The ISA server was originally configured with the single-NIC template. To do port forwarding you need at least two NIC's whatever your network looks like.
In my scenario I have one edge firewall (not ISA) handling all firewall stuff and I only want minimal impact on the existing network. The existing ISA server is configured with a single NIC.
To handle non-web publishing you will need to add a second NIC to the ISA server and some way have the ISA server contact the participating server using the second NIC. The servers do not need to be directly connected, but the route between the servers can not be through the public Interface on the ISA server. (For simplicity, keep the ISA server and the backend server on the same LAN.
When this is done you will need to do some things before you create a new publishing rule;
- Change the definition on the Internal network to only reflect the IP addresses on the inside LAN of the ISA server (and the backend server). Apply your changes.
- Change the network settings on all your existing web listeners. Until now - with the single NIC template you only had to use the Internal network as listening network. You now have to change all listeners to listen to the external instead of the internal network. If you have bound a listener to a specific IP address you will have to configure these addresses in addition to changing the network.
When this is done you can create the publishing rules you need.
Labels: ISA
posted by Helge Olav Helgsen @ 18:29
0 comments
links to this post
Monday, January 28, 2008
ISA server publishing hitting default rule
When you publish a web site with ISA Server and it doesn't work, even though you believe you have done it right - here is one solution.
As you can see from the log the published web site only reaches the default rule. My rule seems to be all right as it matches HTTPS traffic.
The cause of this was that the ISA server was running IIS that captured port 80 and blocked web publishing.
Labels: ISA
posted by Helge Olav Helgsen @ 16:12
0 comments
links to this post
About Me
- Name: Helge Olav Helgesen
- Location: Oslo, Norway
I am an IT consultant with focus on network infrastructure, security and web technology.
Links
Previous Posts
- Addicted to blogging
- Publishing ports on ISA server when single-NIC tem...
- ISA server publishing hitting default rule
- Star Wars II walkthrough
- Troubleshoot IIS, kerberos and SPN
- How to set file permissions on an MSI package
- Navision 5 on Citrix 4.5
- AC3 and DTS encoder
- DVD authoring tools
- How to make DVD-ROM
Archives
- October 2006
- November 2006
- December 2006
- January 2007
- February 2007
- March 2007
- April 2007
- May 2007
- June 2007
- August 2007
- September 2007
- October 2007
- December 2007
- January 2008
- March 2008
