|
Home > Archive > IIS Server Security > July 2007 > IIS SSL spoof detected by firewall
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
IIS SSL spoof detected by firewall
|
|
| Bob Jones 2007-07-16, 7:20 pm |
| Hi all,
I'm supporting an external web site with IIS6 and SSL on a server with
Windows 2003 (dual nic cards). There is an internal web application on the
same box using one of the NIC cards, which is behind the firewall and not
accessible to the net. The external site is using the other card, which has
an internet address, and is sitting in a DMZ on the firewall.
I'm having trouble activating the web site because the firewall detects a
spoof during login. It appears like the response is going out the primary
nic card (mac address reported by the firewall) instead of the correct card.
NLB is not installed on the primary nic card. Each card has it own DNS
specific connection suffix.
The NIC cards are both on the Netserver lp1000 motherboard.
I'm out of ideas, can anyone help or point me in the right direction?
Thanks,
rljones39
| |
| Ken Schaefer 2007-07-17, 1:23 am |
| Do you have "default gateways" configured on both NICs?
you should have only a single default gateway (on one of the NICs), and
configure static routes for all other non-local subnets and have them routed
through the other NIC
Cheers
Ken
"Bob Jones" <rljones39@hotmail.com> wrote in message
news:uM8OoVAyHHA.748@TK2MSFTNGP04.phx.gbl...
> Hi all,
>
> I'm supporting an external web site with IIS6 and SSL on a server with
> Windows 2003 (dual nic cards). There is an internal web application on
> the same box using one of the NIC cards, which is behind the firewall and
> not accessible to the net. The external site is using the other card,
> which has an internet address, and is sitting in a DMZ on the firewall.
>
> I'm having trouble activating the web site because the firewall detects a
> spoof during login. It appears like the response is going out the primary
> nic card (mac address reported by the firewall) instead of the correct
> card.
>
> NLB is not installed on the primary nic card. Each card has it own DNS
> specific connection suffix.
>
> The NIC cards are both on the Netserver lp1000 motherboard.
>
> I'm out of ideas, can anyone help or point me in the right direction?
>
> Thanks,
>
> rljones39
>
>
>
|
|
|
|
|