There is no such thing as Port Forwarding,..it is a meaninless Marketing
"invented" term. What it really is,..is Reverse NAT or also called Static
NAT.
But even with that being so it is the wrong approach with ISA. With ISA you
want Reverse-Web-Proxying.
In the ISA "world" it is called: "Web Publishing"
Everything I say below is important,...don't "blow it off".
1. The Camera Device needs to operate as a SecureNAT Client of the ISA.
This means it either uses the ISA as its Default Gateway, or the LAN Routing
Design passes it to ISA "along-the-way" to get to the Internet.
2. Create the Web Publishng Rule after reading the documentation first. You
will publish camera1.mydomain.com (not camera1.mydomain.com:8001) to be sent
to 192.168.16.5
3. After the Publishing Rule is created go into the Bridging Tab in the
Properties of the Rule and set the:
"Redirect requests to HTTP port: 8001"
The user will not specify the port,...they will only ask for
http://camera1.mydomain.com . The ISA will redirect to 8001 transparently
I strongly suggest you come up with a valid unique public DNS name for this
that is meaningfull,...like a Host Record called "camera1". When the FQDN
is built from that with the Zone name it becomes "camera1.mydomain.com"
Then in the To Tab in the properties of the rule make sure it says......
"This rule applies to this published site: camera1.mydomain.com"
Make sure it also says "camera1.mydomain.com" in the Public Name Tab of the
publshing Rule
Also on the To Tab in the properties of the rule,..look at the last item.
If request appear to come from the original Client, then the Web
Server/Device must be a SecureNAT Client of the ISA. But if it is set to
requests appear to come from the ISA then the Web Server/Device does not
have to be a SecureNAT Client of the ISA, however you will loose the record
keeping ability to know what IP the user came from since it will look like
the source was always the ISA. That is probably not a problem with a Camera
Device, but can be important with a real web site where record keeping and
other site functionality might be more important.
By doing it this way you can run a gazillion HTTP web sites off of the same
External IP and same External Port 80 all at the same time. The actual FQDN
(aka HostsHeader) is what distinguishes one site from another.
--
Phillip Windell
The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------
Technet Library
ISA2004
http://technet.microsoft.com/en-us/library/cc302436(TechNet.10).aspx
ISA2006
http://technet.microsoft.com/en-us/library/bb898433(TechNet.10).aspx
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html
Troubleshooting Client Authentication on Access Rules in ISA Server 2004
http://download.microsoft.com/download/9/1/8/918ed2d3-71d0-40ed-8e6d-...
Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.mspx
Microsoft ISA Server Partners: Partner Hardware Solutions
http://www.microsoft.com/forefront/edgesecurity/partners/hardwarepart...
-----------------------------------------------------
"Ace Fekay [MCT]" <ace...@mvps.RemoveThisPart.org> wrote in message
news:eDRPw9JYKHA.3428@TK2MSFTNGP06.phx.gbl...
> "Kevin" <Ke
...@discussions.microsoft.com> wrote in message
>
news:91ABA165-F685-44C9-BB29-6C0B9FCA0BE4@microsoft.com...
>> ISA 2004 question: How can I configure port forwarding in ISA2004
>> Need to have MyDomainName.com:8001 to forward to 192.168.16.5 in order
>> to
>> see internal webcamera via out side the domain.
>> Thank you...
> That's a question best for the ISA group, unless someone of course in SBS
> will want to walk you through it.
> I cross-posted it to the following groups. Just check back here for
> responses.
> microsoft.public.isa
> microsoft.public.isa.configuration,
> --
> Ace
> This posting is provided "AS-IS" with no warranties or guarantees and
> confers no rights.
> Please reply back to the newsgroup or forum for collaboration benefit
> among responding engineers, and to help others benefit from your
> resolution.
> Ace Fekay, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE & MCSA
> 2003/2000, MCSA Messaging 2003
> Microsoft Certified Trainer
> For urgent issues, please contact Microsoft PSS directly. Please check
> http://support.microsoft.com for regional support phone numbers.
|
