Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Unbale to seperate port 443 on two different external IP's to two servers
5 views
Skip to first unread message
Scooty
May 12, 2012, 9:59:56 PM5/12/12
to
Hi all
Hope someone can point me in the right direction. First a quick run
down on how it worked. Client has ISA Server 2006. Original config was
fibre connected, straight to the Server NIC with a /30 supplied by the
ISP. Also on the external facing NIC was another public IP. Port 80
and 443 traffic needs to come from the outside to two different
sources so the second public IP on the server NIC achieved this. The
seperation came in the firewall rule under the Network tab.
We have since removed the fibre. The DSL modem is configured in
Bridged mode. There is a dial up connection ont he ISA server. This
dials the ISP and becomes the External interface. Everything coming in
on this IP is OK. On the LAN adapter I have configured the other
public IP.
I can ping this IP without issue when it's configured on the NIC.
In ISA when selecting the network under the Networks tab in the
firewall rule, the External network is selected and if you drill down
the IP is available.
But I cannot get traffic to pass thru the IP to the internal network.
The F/W rule is as follows (and it's the first rule in the list)
Rule name: Fwd 443 to Exchange
Action: Allow
Traffic: 443 TCP Inbound & 443 UDP Receive Send
From: Anywhere
To: 10.10.10.20
(Request appears to come from the original client)
Network: External
(Specified IP address on the ISA server computer in the selected
network)
The IP selected is the IP on NIC
The logging shows the following error
Denied Connection ITQUOTER 13/05/2012 9:50:34 AM
Log type: Firewall service
Status:
Rule: Default rule
Source: External (58.6.16.204:53413)
Destination: External (203.161.111.182:443)
Protocol: SSL
External is me but destination is also showing as external.
I suspect it has something to do with the fact a dialup connection is
being used and I have two external interfaces. Even thou I can ping
them all and even thou they are appearing as available IP's in the
external network, I just cannot get traffic to pass through it, just
to it.
Any suggestions would be very welcome. Any further info required let
me know.
Hope someone can point me in the right direction. First a quick run
down on how it worked. Client has ISA Server 2006. Original config was
fibre connected, straight to the Server NIC with a /30 supplied by the
ISP. Also on the external facing NIC was another public IP. Port 80
and 443 traffic needs to come from the outside to two different
sources so the second public IP on the server NIC achieved this. The
seperation came in the firewall rule under the Network tab.
We have since removed the fibre. The DSL modem is configured in
Bridged mode. There is a dial up connection ont he ISA server. This
dials the ISP and becomes the External interface. Everything coming in
on this IP is OK. On the LAN adapter I have configured the other
public IP.
I can ping this IP without issue when it's configured on the NIC.
In ISA when selecting the network under the Networks tab in the
firewall rule, the External network is selected and if you drill down
the IP is available.
But I cannot get traffic to pass thru the IP to the internal network.
The F/W rule is as follows (and it's the first rule in the list)
Rule name: Fwd 443 to Exchange
Action: Allow
Traffic: 443 TCP Inbound & 443 UDP Receive Send
From: Anywhere
To: 10.10.10.20
(Request appears to come from the original client)
Network: External
(Specified IP address on the ISA server computer in the selected
network)
The IP selected is the IP on NIC
The logging shows the following error
Denied Connection ITQUOTER 13/05/2012 9:50:34 AM
Log type: Firewall service
Status:
Rule: Default rule
Source: External (58.6.16.204:53413)
Destination: External (203.161.111.182:443)
Protocol: SSL
External is me but destination is also showing as external.
I suspect it has something to do with the fact a dialup connection is
being used and I have two external interfaces. Even thou I can ping
them all and even thou they are appearing as available IP's in the
external network, I just cannot get traffic to pass through it, just
to it.
Any suggestions would be very welcome. Any further info required let
me know.
0 new messages