move of internal website.

[Guest]

Archived from groups: microsoft.public.isa.configuration,microsoft.public.win2000.dns (More info?)

Sorry for the X Post but this involves both DNS and ISA.

Up until last week I hosted a website at www.myschool.co.uk which also
happens to be my AD Domain name. This website was hosted on an internal IIS
server and ISA had a rule published to allow access though the firewall.

Last week I had to change the DNS at our ISP to point www.myschool.co.uk to
an external IP address. I can resolve to the new site from outside of
school but on any computer inside of school domain.

I turnned off IIS and repointed the DNS record to the external IP where the
site is hosted but ISA denies access. I tried IPCONFIG /FLUSHDNS but that
makes no difference.

I understand the situation - I want to resolve an internal DNS name to an
external IP address however I have spent 3 hours on it and I am tearing my
hair out!!

any ideas?

Regards

Mark

 

[Guest]

Archived from groups: microsoft.public.win2000.dns (More info?)

On Tue, 20 Jul 2004 17:02:58 +0100, "Mark Scott"
<m@rk-5c0tt@8lu3y0nd3r.c0.uk> wrote:

>Sorry for the X Post but this involves both DNS and ISA.

Not according to your statement:

>I turnned off IIS and repointed the DNS record to the external IP where the
>site is hosted but ISA denies access.

If ISA denies access, then it's an ISA issue, not a DNS one.

Jeff

 

[Guest]

Archived from groups: microsoft.public.win2000.dns (More info?)

Thanks Jeff, but is it an issue hosting an "internal" website externally?
ie www is not actually part of the domain space but is hosted somewhere
else?

"Jeff Cochran" <jeff.nospam@zina.com> wrote in message
news:41037e6d.196627655@msnews.microsoft.com...
> On Tue, 20 Jul 2004 17:02:58 +0100, "Mark Scott"
> <m@rk-5c0tt@8lu3y0nd3r.c0.uk> wrote:
>
>>Sorry for the X Post but this involves both DNS and ISA.
>
> Not according to your statement:
>
>>I turnned off IIS and repointed the DNS record to the external IP where
>>the
>>site is hosted but ISA denies access.
>
> If ISA denies access, then it's an ISA issue, not a DNS one.
>
> Jeff

 

[Guest]

Archived from groups: microsoft.public.isa.configuration,microsoft.public.win2000.dns (More info?)

>>>Last week I had to change the DNS at our ISP to point www.myschool.co.uk
to
an external IP address

So, you have 2 different DNS servers. One internally, and one at your ISP.
This is good. So, now you need to ensure that on the INTERNAL DNS server,
www.myschool.co.uk is pointed to the INTERNAL IP address of the site, not
the PUBLISHED IP address.

Second, you want to ensure that ALL your internal clients are using ONLY
your INTERNAL DNS server in their TCP/IP (or DHCP) configuration.

--
Sincerely,

Dèjì Akómöláfé, MCSE MCSA MCP+I
Microsoft MVP - Directory Services
www.readymaids.com - COMPLETE SPAM Protection
www.akomolafe.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon


"Mark Scott" <m@rk-5c0tt@8lu3y0nd3r.c0.uk> wrote in message
news:#IJAEMnbEHA.1356@TK2MSFTNGP09.phx.gbl...
> Sorry for the X Post but this involves both DNS and ISA.
>
> Up until last week I hosted a website at www.myschool.co.uk which also
> happens to be my AD Domain name. This website was hosted on an internal
IIS
> server and ISA had a rule published to allow access though the firewall.
>
> Last week I had to change the DNS at our ISP to point www.myschool.co.uk
to
> an external IP address. I can resolve to the new site from outside of
> school but on any computer inside of school domain.
>
> I turnned off IIS and repointed the DNS record to the external IP where
the
> site is hosted but ISA denies access. I tried IPCONFIG /FLUSHDNS but that
> makes no difference.
>
> I understand the situation - I want to resolve an internal DNS name to an
> external IP address however I have spent 3 hours on it and I am tearing my
> hair out!!
>
> any ideas?
>
> Regards
>
> Mark
>
>
>

 

[Guest]

Archived from groups: microsoft.public.isa.configuration,microsoft.public.win2000.dns (More info?)

Thanks but you misunderstood my question. The (ex) Internal website is now
housed externally about 50 miles away from the domain. My ISA server is
kicking up because I have to send www.myschool.co.uk through the firewall
whereas before it was internal.

ISA pops up a login box when I try to browse to the site, it won't accept
any logins I give it and then gives up with a forbidden error.

"Deji Akomolafe" <deji@REMOVEPADDINGakomolafedotcom> wrote in message
news:etzWS2zbEHA.2520@TK2MSFTNGP12.phx.gbl...
>>>>Last week I had to change the DNS at our ISP to point www.myschool.co.uk
> to
> an external IP address
>
> So, you have 2 different DNS servers. One internally, and one at your ISP.
> This is good. So, now you need to ensure that on the INTERNAL DNS server,
> www.myschool.co.uk is pointed to the INTERNAL IP address of the site, not
> the PUBLISHED IP address.
>
> Second, you want to ensure that ALL your internal clients are using ONLY
> your INTERNAL DNS server in their TCP/IP (or DHCP) configuration.
>
> --
> Sincerely,
>
> Dèjì Akómöláfé, MCSE MCSA MCP+I
> Microsoft MVP - Directory Services
> www.readymaids.com - COMPLETE SPAM Protection
> www.akomolafe.com
> Do you now realize that Today is the Tomorrow you were worried about
> Yesterday? -anon
>
>
> "Mark Scott" <m@rk-5c0tt@8lu3y0nd3r.c0.uk> wrote in message
> news:#IJAEMnbEHA.1356@TK2MSFTNGP09.phx.gbl...
>> Sorry for the X Post but this involves both DNS and ISA.
>>
>> Up until last week I hosted a website at www.myschool.co.uk which also
>> happens to be my AD Domain name. This website was hosted on an internal
> IIS
>> server and ISA had a rule published to allow access though the firewall.
>>
>> Last week I had to change the DNS at our ISP to point www.myschool.co.uk
> to
>> an external IP address. I can resolve to the new site from outside of
>> school but on any computer inside of school domain.
>>
>> I turnned off IIS and repointed the DNS record to the external IP where
> the
>> site is hosted but ISA denies access. I tried IPCONFIG /FLUSHDNS but
>> that
>> makes no difference.
>>
>> I understand the situation - I want to resolve an internal DNS name to an
>> external IP address however I have spent 3 hours on it and I am tearing
>> my
>> hair out!!
>>
>> any ideas?
>>
>> Regards
>>
>> Mark
>>
>>
>>
>
>

 

[Guest]

Archived from groups: microsoft.public.isa.configuration,microsoft.public.win2000.dns (More info?)

You probably need to re-describe the problem then. You said earlier that you
published the Website in ISA. IF the webserver is OUTSIDE (50 miles away),
the the ISA is NOT protecting it. If that's the case, then there is nothing
for you to publish in ISA.

You just need to create a www A record in your INTERNAL myschool.co.uk DNS
zone and give it the PUBLIC IP address of www.myschool.co.uk (the one that
is used externally by everyone else)

--
Sincerely,

Dèjì Akómöláfé, MCSE MCSA MCP+I
Microsoft MVP - Directory Services
www.readymaids.com - COMPLETE SPAM Protection
www.akomolafe.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon


"Mark Scott" <m@rk-5c0tt@8lu3y0nd3r.c0.uk> wrote in message
news:#7aKcL1bEHA.3788@TK2MSFTNGP10.phx.gbl...
> Thanks but you misunderstood my question. The (ex) Internal website is
now
> housed externally about 50 miles away from the domain. My ISA server is
> kicking up because I have to send www.myschool.co.uk through the firewall
> whereas before it was internal.
>
> ISA pops up a login box when I try to browse to the site, it won't accept
> any logins I give it and then gives up with a forbidden error.
>
> "Deji Akomolafe" <deji@REMOVEPADDINGakomolafedotcom> wrote in message
> news:etzWS2zbEHA.2520@TK2MSFTNGP12.phx.gbl...
> >>>>Last week I had to change the DNS at our ISP to point
www.myschool.co.uk
> > to
> > an external IP address
> >
> > So, you have 2 different DNS servers. One internally, and one at your
ISP.
> > This is good. So, now you need to ensure that on the INTERNAL DNS
server,
> > www.myschool.co.uk is pointed to the INTERNAL IP address of the site,
not
> > the PUBLISHED IP address.
> >
> > Second, you want to ensure that ALL your internal clients are using ONLY
> > your INTERNAL DNS server in their TCP/IP (or DHCP) configuration.
> >
> > --
> > Sincerely,
> >
> > Dèjì Akómöláfé, MCSE MCSA MCP+I
> > Microsoft MVP - Directory Services
> > www.readymaids.com - COMPLETE SPAM Protection
> > www.akomolafe.com
> > Do you now realize that Today is the Tomorrow you were worried about
> > Yesterday? -anon
> >
> >
> > "Mark Scott" <m@rk-5c0tt@8lu3y0nd3r.c0.uk> wrote in message
> > news:#IJAEMnbEHA.1356@TK2MSFTNGP09.phx.gbl...
> >> Sorry for the X Post but this involves both DNS and ISA.
> >>
> >> Up until last week I hosted a website at www.myschool.co.uk which also
> >> happens to be my AD Domain name. This website was hosted on an
internal
> > IIS
> >> server and ISA had a rule published to allow access though the
firewall.
> >>
> >> Last week I had to change the DNS at our ISP to point
www.myschool.co.uk
> > to
> >> an external IP address. I can resolve to the new site from outside of
> >> school but on any computer inside of school domain.
> >>
> >> I turnned off IIS and repointed the DNS record to the external IP where
> > the
> >> site is hosted but ISA denies access. I tried IPCONFIG /FLUSHDNS but
> >> that
> >> makes no difference.
> >>
> >> I understand the situation - I want to resolve an internal DNS name to
an
> >> external IP address however I have spent 3 hours on it and I am tearing
> >> my
> >> hair out!!
> >>
> >> any ideas?
> >>
> >> Regards
> >>
> >> Mark
> >>
> >>
> >>
> >
> >
>
>

 

[Guest]

Archived from groups: microsoft.public.isa.configuration,microsoft.public.win2000.dns (More info?)

In news:%237aKcL1bEHA.3788@TK2MSFTNGP10.phx.gbl,
Mark Scott <m@rk-5c0tt@8lu3y0nd3r.c0.uk> asked for help and I offered my
suggestions below:
> Thanks but you misunderstood my question. The (ex) Internal website
> is now housed externally about 50 miles away from the domain. My ISA
> server is kicking up because I have to send www.myschool.co.uk
> through the firewall whereas before it was internal.
>
> ISA pops up a login box when I try to browse to the site, it won't
> accept any logins I give it and then gives up with a forbidden error.
>

Did you create a rule in ISA to allow this sort of traffic and apply it?
From what you said earlier, you couldn't resolve it. Now you're saying it
does resolve it? If its note resolving and assuming that ISA is allowing
access to the old internal machine that you said you turned off the website
on it, then that would explain the login box.

Its not resolving externally since from what I'm surmizing (assuming) is
that it won't be able to because your internal and external names are the
same (split horizon zone). So that said, have you tried to manually create
the www record on your internal DNS and manually give it the actual new IP
address of the new webserver?

--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services

Security Is Like An Onion, It Has Layers
HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.
--
=================================