ISA firewall/Webmail

F

flboad

Limp Gawd
Joined
Feb 3, 2004
Messages
142
OK guys, I need some help.

Here is my situation. I have an ISA2000 Firewall, and i want to publish a webmail server behind it. Currently the firewall has external ip of x.x.234.65, then bound to it are

x.x.234.74
x.x.234.67
and so on.

I have the destination sets. setup.
and i've done the web publishing useing the destination set

from an internal machine it pings useing webmail, 10.1.2.15, and it's external ip adderss x.x.234.74, they all work. But when i ping from a machine outside of the firewall i get nothing. ??? So where am i going wrong. Even if DNS isn't setup properly shouldn't i be able to put in http://x.x.234.74:80 and get throught the firewall..

Anyone have any thoughts on this?
 
http://www.isaserver.org

http://forums.isaserver.org

They're you're best bet for troubleshooting ISA. Just follow the web publishing rule, using the external IP and the internal IP. ISA can absorb ping requests and pretend like it isn't even there.

edit: not trying to blow you off, but there's step by step walkthroughs over there. i know isa pretty well from working with it for the past 3 years, but I still use isaserver.org as my number one resource. follow the steps over there, there's a greater concentration of knowledge about the product over there than anywhere else.
 
Da sponge gave some wise answers. Make isaserver.org your friend.

As to you last question...

I think when you create destination sets, don't you create them by the full URL? rather than by IP?

The ISA FW checks the request to see if the proper request is done (full URL, rather than IP) and may drop the IP request because it doesn't match the destination set.

My memory is fuzzy on my multiple ISA FW's, but i'll check them tomorrow to be sure.
 
da sponge said:
http://www.isaserver.org

http://forums.isaserver.org

They're you're best bet for troubleshooting ISA. Just follow the web publishing rule, using the external IP and the internal IP. ISA can absorb ping requests and pretend like it isn't even there.

edit: not trying to blow you off, but there's step by step walkthroughs over there. i know isa pretty well from working with it for the past 3 years, but I still use isaserver.org as my number one resource. follow the steps over there, there's a greater concentration of knowledge about the product over there than anywhere else.
Click to expand...


Yeah i know this place very well. And have been reading everything there for a quite a while. He's the scary looking guy who know's everything about ISA.


As for DarthKim.

I believe you can do both because it uses DNS to resolve names. But i'll change it to give it a go. I only put it as IP because if DNS ever went down it would still directly go to it. But i'll try it out.

Thanks for the replies.
 
You must log in or register to reply here.
Back
Top