IIS and Routing???

[David Lozzi]

Howdy,

I apologize for the cross group posting. Not sure what this applies to.

I have an interesting scenario for you to contemplate and hopefully advise
on.

I develop ASP.Net applications on my local machine, WinxpProsp2, and VPN
into customer networks to gain access to databases. My workstation is behing
a ISA 2004 server. When VPNd into most customers, IIS can access their SQL
or IBM databases without a problem. I have one customer that when I VPN in,
IIS cannot connect to the database. The database is IBM RedBack (port 8352).
When it tries to connect, IIS seeks the database through the local
connection and local firewall, not the remote connection. I can view the
attempted connections in ISA Monitor. However, if I Remote Desktop (port
3389), Telnet (port 23), or FTP (port 21) to this server, Windows routes
through the remote connection properly and never appears on my local ISA
monitor, as designed.

So, what does IIS use to know where to route? Any other ideas?

Thanks a ton!!!


--
D a v i d L o z z i
Data & Web Technology Specialist
Delphi Technology Solutions, Inc.
Wilmington, MA
dlozzi@(remove this)delphi-ts.com - www.delphi-ts.com

 

[Egbert Nierop \(MVP for IIS\)]

Howdy,

I apologize for the cross group posting. Not sure what this applies to.

I have an interesting scenario for you to contemplate and hopefully advise
on.

I develop ASP.Net applications on my local machine, WinxpProsp2, and VPN
into customer networks to gain access to databases. My workstation is
behing a ISA 2004 server. When VPNd into most customers, IIS can access
their SQL or IBM databases without a problem. I have one customer that
when I VPN in, IIS cannot connect to the database. The database is IBM
RedBack (port 8352). When it tries to connect, IIS seeks the database
through the local connection and local firewall, not the remote
connection. I can view the attempted connections in ISA Monitor. However,
if I Remote Desktop (port 3389), Telnet (port 23), or FTP (port 21) to
this server, Windows routes through the remote connection properly and
never appears on my local ISA monitor, as designed.

So, what does IIS use to know where to route? Any other ideas?

Thanks a ton!!!

IIS knows nothing about routing. It's the TCP/IP stack, that knows where to
forward packets, that are not from the local domain, that is, the gateway
address.

Success

 

[ZVR]

Are you running the firewall client on your workstation? That may explain
why certain types of traffic go through the VPN while others don't.

Another possibility is that the VPN connection for this particular
connection does not specify that all traffic should be routed through the
VPN gateway; as such packets still leave through your network's default
gateway (ISA). Do an "ipconfig /all" at the command prompt while connected
to their VPN to confirm this.

And as the previous poster said, IIS has nothing to do with routing. It does
not "know" about the underlying network topology, routes etc - that is
handled in the TCP/IP stack.

Virgil

 

[David Lozzi]

that helps.... any ideas to fix this?

--
D a v i d L o z z i
Data & Web Technology Specialist
Delphi Technology Solutions, Inc.
Wilmington, MA
dlozzi@(remove this)delphi-ts.com - www.delphi-ts.com

 

[David Lozzi]

I disable the ISA 2004 client on my workstation before connecting to the
VPN. When I do a ipconfig/all I get the following response:

Windows IP Configuration

Host Name . . . . . . . . . . . . : gossamer
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 MTW Network
Connection
Physical Address. . . . . . . . . : 00-0B-DB-5C-3E-85
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.7.3
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.7.1
DNS Servers . . . . . . . . . . . : 192.168.7.1
Primary WINS Server . . . . . . . : 192.168.7.1

PPP adapter Customer:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
Physical Address. . . . . . . . . : 00-53-45-00-00-00
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.10.220.3
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . : 10.10.220.3
DNS Servers . . . . . . . . . . . : 172.17.1.2
172.17.1.2


And I have a static route to get to the server in question:

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 0b db 5c 3e 85 ...... Intel(R) PRO/1000 MTW Network Connection -
Deter
ministic Network Enhancer Miniport
0xa0004 ...00 53 45 00 00 00 ...... WAN (PPP/SLIP) Interface
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.10.220.3 10.10.220.3 1
0.0.0.0 0.0.0.0 192.168.7.1 192.168.7.3 11
10.10.220.3 255.255.255.255 127.0.0.1 127.0.0.1 50
10.255.255.255 255.255.255.255 10.10.220.3 10.10.220.3 50
66.152.206.21 255.255.255.255 192.168.7.1 192.168.7.3 10
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 10.10.220.3 10.10.220.3 1
192.168.7.0 255.255.255.0 192.168.7.3 192.168.7.3 10
192.168.7.3 255.255.255.255 127.0.0.1 127.0.0.1 10
192.168.7.255 255.255.255.255 192.168.7.3 192.168.7.3 10
224.0.0.0 240.0.0.0 192.168.7.3 192.168.7.3 10
224.0.0.0 240.0.0.0 10.10.220.3 10.10.220.3 1
255.255.255.255 255.255.255.255 10.10.220.3 10.10.220.3 1
255.255.255.255 255.255.255.255 192.168.7.3 192.168.7.3 1
Default Gateway: 10.10.220.3 ****** this is the gateway of the VPN,
everything should route through there.
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
192.168.1.0 255.255.255.0 10.10.220.3 1


Thanks!!


--
D a v i d L o z z i
Data & Web Technology Specialist
Delphi Technology Solutions, Inc.
Wilmington, MA
dlozzi@(remove this)delphi-ts.com - www.delphi-ts.com

 

[David Lozzi]

I disable the ISA 2004 client on my workstation before connecting to the
VPN. When I do a ipconfig/all I get the following response:

Windows IP Configuration

Host Name . . . . . . . . . . . . : gossamer
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 MTW Network
Connection
Physical Address. . . . . . . . . : 00-0B-DB-5C-3E-85
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.7.3
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.7.1
DNS Servers . . . . . . . . . . . : 192.168.7.1
Primary WINS Server . . . . . . . : 192.168.7.1

PPP adapter Customer:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
Physical Address. . . . . . . . . : 00-53-45-00-00-00
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.10.220.3
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . : 10.10.220.3
DNS Servers . . . . . . . . . . . : 172.17.1.2
172.17.1.2


And I have a static route to get to the server in question:

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 0b db 5c 3e 85 ...... Intel(R) PRO/1000 MTW Network Connection -
Deter
ministic Network Enhancer Miniport
0xa0004 ...00 53 45 00 00 00 ...... WAN (PPP/SLIP) Interface
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.10.220.3 10.10.220.3 1
0.0.0.0 0.0.0.0 192.168.7.1 192.168.7.3 11
10.10.220.3 255.255.255.255 127.0.0.1 127.0.0.1 50
10.255.255.255 255.255.255.255 10.10.220.3 10.10.220.3 50
66.152.206.21 255.255.255.255 192.168.7.1 192.168.7.3 10
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 10.10.220.3 10.10.220.3 1
192.168.7.0 255.255.255.0 192.168.7.3 192.168.7.3 10
192.168.7.3 255.255.255.255 127.0.0.1 127.0.0.1 10
192.168.7.255 255.255.255.255 192.168.7.3 192.168.7.3 10
224.0.0.0 240.0.0.0 192.168.7.3 192.168.7.3 10
224.0.0.0 240.0.0.0 10.10.220.3 10.10.220.3 1
255.255.255.255 255.255.255.255 10.10.220.3 10.10.220.3 1
255.255.255.255 255.255.255.255 192.168.7.3 192.168.7.3 1
Default Gateway: 10.10.220.3 ****** this is the gateway of the VPN,
everything should route through there.
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
192.168.1.0 255.255.255.0 10.10.220.3 1


Thanks!!


--
D a v i d L o z z i
Data & Web Technology Specialist
Delphi Technology Solutions, Inc.
Wilmington, MA
dlozzi@(remove this)delphi-ts.com - www.delphi-ts.com

 

[Jeff Cochran]

that helps.... any ideas to fix this?

It's not IIS. Stop crossposting to the IIS group. You probably have
the right group in ISA, but there's also a routing group where this
might be apprpriate.

Jeff