+ Post New Thread
Results 1 to 6 of 6
Internet Related/Filtering/Firewall Thread, Access Internal Website from External Website in Technical; Hi We already have a public ip address which points to e.g. www.ourdomain.ac.uk . We don't want to purchase additional ...
  1. #1

    Join Date
    Sep 2009
    Location
    Northern Ireland
    Posts
    32
    Thank Post
    3
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Access Internal Website from External Website

    Hi

    We already have a public ip address which points to e.g. www.ourdomain.ac.uk. We don't want to purchase additional public ip addresses as:
    1) we've been told we don't have to by our sharepoint engineers
    2) we have to purchase them from our supplier in blocks of a certain number

    We have created internal subdomains in the example sharepoint.ourdomain.ac.uk and staff.ourdomain.ac.uk. Both of the subdomains point to websites on internal webservers. The domain www.ourdomain.ac.uk points to our webserver on the dmz.

    Is it possible, using host headers and DNS to allow the subdomains to be accessible from the internet without purchasing additional public ip's, and if so how do we go about implementing the solution?

    We use Microsoft servers running the latest version of IIS.

    Thanks

  2. #2

    glennda's Avatar
    Join Date
    Jun 2009
    Location
    Sussex
    Posts
    7,799
    Thank Post
    272
    Thanked 1,134 Times in 1,030 Posts
    Rep Power
    349
    Are the sub-domains and domain on the same server? of so you can put it behind an ISA server which will - on the same ip address send data for sub.domain.ac.uk to one server and domain.ac.uk to another - but they have to sit behind the isa server e.g they have internal addresses 192.168.*.* and then the ISA has the public address.

    Any request on the pubic ip for sub.domain.ac.uk gets sent to 192.168.0.2 and and traffic for www.domain.ac.uk gets sent to 192.168.0.3

    Is that the kind of this you are after??

    Also it might be able to forward them to the same internal ip but different ports

    Toby

  3. Thanks to glennda from:

    william-swc (22nd September 2010)

  4. #3
    ascott2's Avatar
    Join Date
    Nov 2007
    Posts
    181
    Thank Post
    18
    Thanked 37 Times in 29 Posts
    Rep Power
    20
    +1 on the ISA route. That is our setup. Only one external IP address, which goes to the ISA box. The ISA then determines where to send the internal request to, using web listeners and firewall rules.

  5. Thanks to ascott2 from:

    william-swc (22nd September 2010)

  6. #4

    Join Date
    Sep 2009
    Location
    Northern Ireland
    Posts
    32
    Thank Post
    3
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Hi Toby,

    That's sounds like a plan! The subdomains are on two different internal servers and then www.ourdomain.ac.uk is on a different server again on the DMZ.

    If I have picked you up correctly you would recommend bringing the server on the dmz back in to the internal network, forward the current public ip address to the ISA server and let the ISA server decide where to send the traffic?

    What about security? how will that work? The Sharepoint servers on the subdomain use integrated authentication to validate users, the website on the dmz uses anonymous.

    Also is the ISA server on the dmz or is it also internal?

    Sorry for all the qu's,

    Thanks for your help so far
    William

  7. #5
    wesleyw's Avatar
    Join Date
    Dec 2005
    Location
    Kingswinford
    Posts
    2,205
    Thank Post
    223
    Thanked 50 Times in 44 Posts
    Blog Entries
    1
    Rep Power
    30
    ISA should be in the DMZ as for Sharepoint when publishing it through ISA you can use any authentication method you wish and this will pass those login credentials through. You will need to setup sub domain names with your provider this may cost though. e.g. www.school.ac.uk you've got pointing to 200.200.200.200 sharepoint.school.ac.uk will also need to be resolved to this IP address ISA then translates the header to an internal server works really well and it means if you are using 443 then one wildcard SSL is all thats needed!

    Wes

  8. Thanks to wesleyw from:

    william-swc (22nd September 2010)

  9. #6

    glennda's Avatar
    Join Date
    Jun 2009
    Location
    Sussex
    Posts
    7,799
    Thank Post
    272
    Thanked 1,134 Times in 1,030 Posts
    Rep Power
    349
    Basicly your isa server needs two network cards 1. External address 2. internal address have all your subdomains plus actual domain sent to that one external address. All webservers have internal addresses only and sit behind the isa as such. ISA then does all the work with sending to the right servers on the inside - the ports etc should make a difference aswell as the need to login

    Toby

SHARE:
+ Post New Thread

Similar Threads

  1. Replies: 2
    Last Post: 5th January 2012, 10:57 AM
  2. Replies: 0
    Last Post: 15th May 2009, 09:13 AM
  3. External Access for Internal DB
    By gmiller in forum Web Development
    Replies: 7
    Last Post: 3rd December 2008, 03:41 PM
  4. Access Control Of Website
    By SYSMAN_MK in forum Web Development
    Replies: 5
    Last Post: 15th April 2008, 09:37 PM
  5. Multiple internal website access with one ip from the net
    By binky in forum Wireless Networks
    Replies: 2
    Last Post: 5th November 2006, 05:14 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •