• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

Sbs 2003 with ISA2004

K

Kevin

#1
ISA 2004 question: How can I configure port forwarding in ISA2004
Need to have MyDomainName.com:8001 to forward to 192.168.16.5 in order to
see internal webcamera via out side the domain.
Thank you...
 

My Computer

A

Ace Fekay [MCT]

#2
"Kevin" <Kevin@newsgroup> wrote in message
news:91ABA165-F685-44C9-BB29-6C0B9FCA0BE4@newsgroup

> ISA 2004 question: How can I configure port forwarding in ISA2004
> Need to have MyDomainName.com:8001 to forward to 192.168.16.5 in order to
> see internal webcamera via out side the domain.
> Thank you...
That's a question best for the ISA group, unless someone of course in SBS
will want to walk you through it.

I cross-posted it to the following groups. Just check back here for
responses.
microsoft.public.isa
microsoft.public.isa.configuration,


--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Please reply back to the newsgroup or forum for collaboration benefit among
responding engineers, and to help others benefit from your resolution.

Ace Fekay, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE & MCSA
2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer

For urgent issues, please contact Microsoft PSS directly. Please check
http://support.microsoft.com for regional support phone numbers.
 

My Computer

R

Robbin Meng [MSFT]

#3
Hi Kevin,

Thanks for your post and Ace's input. It's nice to cross-post this issue in ISA newsgroup : )

Just for your reference, web publishing rules map incoming requests to the appropriate Web servers behind the ISA Server computer. This can be done by "Publish a Web
Server" via Firewall Policy. Please refer to the below articles for detailed steps:

Publishing Web Servers Using ISA Server 2004
http://technet.microsoft.com/en-us/library/cc302545.aspx

How to Configure an ISA Server 2004 Firewall on Small Business Server for System Center Essentials(please refer to the "To publish the WSUS Web server" part)
http://technet.microsoft.com/en-us/library/bb422892.aspx

Hope this helps. Also, if you have any questions or concerns, please do not hesitate to let me know.



Best regards,
Robbin Meng(MSFT)
Microsoft Online Newsgroup Support

==================================================================
Please post your SBS 2008 related questions to the SBS newsgroup on Connect website:
https://connect.microsoft.com/sbs08/community/discussion/richui/default.aspx

Please post your EBS related questions to the EBS newsgroup on Connect website:
https://connect.microsoft.com/ebs08/community/discussion/richui/default.aspx

If you want to use a newsreader other than a web forum to access these newsgroups,
please refer to the following blog to apply NNTP password and configure a newsreader:
http://msmvps.com/blogs/bradley/archive/2008/11/02/signing-up-for-the-sbs-2008-newsgroups.aspx
==================================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
==================================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
==================================================================
 

My Computer

P

Phillip Windell

#4
There is no such thing as Port Forwarding,..it is a meaninless Marketing
"invented" term. What it really is,..is Reverse NAT or also called Static
NAT.

But even with that being so it is the wrong approach with ISA. With ISA you
want Reverse-Web-Proxying.
In the ISA "world" it is called: "Web Publishing"

Everything I say below is important,...don't "blow it off".

1. The Camera Device needs to operate as a SecureNAT Client of the ISA.
This means it either uses the ISA as its Default Gateway, or the LAN Routing
Design passes it to ISA "along-the-way" to get to the Internet.

2. Create the Web Publishng Rule after reading the documentation first. You
will publish camera1.mydomain.com (not camera1.mydomain.com:8001) to be sent
to 192.168.16.5

3. After the Publishing Rule is created go into the Bridging Tab in the
Properties of the Rule and set the:
"Redirect requests to HTTP port: 8001"

The user will not specify the port,...they will only ask for
http://camera1.mydomain.com . The ISA will redirect to 8001 transparently

I strongly suggest you come up with a valid unique public DNS name for this
that is meaningfull,...like a Host Record called "camera1". When the FQDN
is built from that with the Zone name it becomes "camera1.mydomain.com"

Then in the To Tab in the properties of the rule make sure it says......
"This rule applies to this published site: camera1.mydomain.com"

Make sure it also says "camera1.mydomain.com" in the Public Name Tab of the
publshing Rule

Also on the To Tab in the properties of the rule,..look at the last item.
If request appear to come from the original Client, then the Web
Server/Device must be a SecureNAT Client of the ISA. But if it is set to
requests appear to come from the ISA then the Web Server/Device does not
have to be a SecureNAT Client of the ISA, however you will loose the record
keeping ability to know what IP the user came from since it will look like
the source was always the ISA. That is probably not a problem with a Camera
Device, but can be important with a real web site where record keeping and
other site functionality might be more important.

By doing it this way you can run a gazillion HTTP web sites off of the same
External IP and same External Port 80 all at the same time. The actual FQDN
(aka HostsHeader) is what distinguishes one site from another.

--
Phillip Windell

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------
Technet Library
ISA2004
http://technet.microsoft.com/en-us/library/cc302436(TechNet.10).aspx
ISA2006
http://technet.microsoft.com/en-us/library/bb898433(TechNet.10).aspx

Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html

Troubleshooting Client Authentication on Access Rules in ISA Server 2004
http://download.microsoft.com/download/9/1/8/918ed2d3-71d0-40ed-8e6d-fd6eeb6cfa07/ts_rules.doc

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.mspx

Microsoft ISA Server Partners: Partner Hardware Solutions
http://www.microsoft.com/forefront/edgesecurity/partners/hardwarepartners.mspx
-----------------------------------------------------




"Ace Fekay [MCT]" <aceman@newsgroup> wrote in message
news:eDRPw9JYKHA.3428@newsgroup

> "Kevin" <Kevin@newsgroup> wrote in message
> news:91ABA165-F685-44C9-BB29-6C0B9FCA0BE4@newsgroup

>> ISA 2004 question: How can I configure port forwarding in ISA2004
>> Need to have MyDomainName.com:8001 to forward to 192.168.16.5 in order
>> to
>> see internal webcamera via out side the domain.
>> Thank you...
>
> That's a question best for the ISA group, unless someone of course in SBS
> will want to walk you through it.
>
> I cross-posted it to the following groups. Just check back here for
> responses.
> microsoft.public.isa
> microsoft.public.isa.configuration,
>
>
> --
> Ace
>
> This posting is provided "AS-IS" with no warranties or guarantees and
> confers no rights.
>
> Please reply back to the newsgroup or forum for collaboration benefit
> among responding engineers, and to help others benefit from your
> resolution.
>
> Ace Fekay, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE & MCSA
> 2003/2000, MCSA Messaging 2003
> Microsoft Certified Trainer
>
> For urgent issues, please contact Microsoft PSS directly. Please check
> http://support.microsoft.com for regional support phone numbers.
>
>
>
 

My Computer

Users Who Are Viewing This Thread (Users: 1, Guests: 0)