Announcement

Collapse
No announcement yet.

Cannot Access Default Web Site of IIS from Internal network

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Cannot Access Default Web Site of IIS from Internal network

    Setup: Windows 2003 server w/ Exchange 2003 (I know it's not a recommended config but it's what was here when I arrived); SonicWall Firewall device set to forward port 80 and 443 to Exchange server; RPC over https configured; OWA configured and works externally; OMA and PocketPC ActiveSync works only over externally over the internet.


    Problem: We are unable to access OWA or use PocketPC ActiveSync while on the internal network.

    In an IE Browser from the internal network, http://externalFQDN comes up with "Page cannot be displayed" "DNS Error" "Server cannot be found".

    In an IE Broswer from the external network, http://externalFQDN works great.

    When pinging externalFQDN from the internal network, the domain name is resolved to our external IP as it should.

    The only recent changes have been to our DNS. I had originally put in a externalFQDN forward look-up zone, with a A name entries of mail.externalFQDN and www.externalFQDN; but that caused a lot of problems with e-mails and other programs and we had to delete it.

    **Where is the hang-up with accessing the default web site internally?? If the DNS is resolving correctly internally, what's stopping it from connecting to the server?


    Thanks much,
    Chris

  • #2
    Re: Cannot Access Default Web Site of IIS from Internal network

    Hi Chris

    Originally posted by chrispogi05 View Post
    Setup: Windows 2003 server w/ Exchange 2003 (I know it's not a recommended config but it's what was here when I arrived);
    Who doesn't recommend this setup? Unless you forgot to say that the server was also a DC...

    Anyways, has it always behaved like this? It may be that your firewall doesn't let traffic out and then return on the same interface. (isn't there a term for that? ) I know that other firewalls have that safety feature.
    Regards,
    Jeremy

    Network Consultant/Engineer
    Baltimore - Washington area and beyond
    www.gma-cpa.com

    Comment


    • #3
      Re: Cannot Access Default Web Site of IIS from Internal network

      Yes, the Server is also a DC. (sorry forgot to put that in )

      No, this is a recent problem, and last week everything worked fine. Besides some configuration to the registry to allow for ActiveSync synchronization with Exchange and also the deletion of the Foward look-up zone as described in the first post, nothing to my knowledge has changed.

      I'll continue to look at the firewall interface while i struggle for a solution. Currently I have NAT Policies in place that should also translate any requests from our LAN Interface to the PRIMARY WAN IP using HTTP to be redirected to the Exchange Server... with the intention that anyone who type http://externalFQDN would be sent to our Exchange server by the SonicWall.

      This didn't do it.

      Thanks for the post back,
      Chris
      Last edited by chrispogi05; 26th December 2006, 21:46. Reason: Add info

      Comment


      • #4
        Re: Cannot Access Default Web Site of IIS from Internal network

        Is access to internal FQDN working?
        Does the server have multiple NICs?
        Regards,
        Jeremy

        Network Consultant/Engineer
        Baltimore - Washington area and beyond
        www.gma-cpa.com

        Comment


        • #5
          Re: Cannot Access Default Web Site of IIS from Internal network

          OK. Case finally closed... So I searched through the SonicWall forum and found how to create a local loopback rule that would do the following translation:

          Original Source: LAN Subnets
          Translated Source: Primary WAN IP
          Original Destination: Primary WAN IP
          Translated Destination: ServerPrivateAddress
          Original Service: Any
          Translated Service: Original
          Inbound Interface: LAN
          Outbound Interface: Any

          This seems to have done the trick.

          Thanks for the posts JeremyW

          Comment


          • #6
            Re: Cannot Access Default Web Site of IIS from Internal network

            Thanks for sharing how you solved the issue.
            Glad you got it sorted.
            Regards,
            Jeremy

            Network Consultant/Engineer
            Baltimore - Washington area and beyond
            www.gma-cpa.com

            Comment

            Working...
            X