In a three leg perimeter network, I'm trying to publish a internal FTP Server to external.
I've tried everything, including al the tips from existing topics. The server is published with a server publishing rule, there is a NAT network relationship between the external network and the server and the FTP Access filter is enabled.
When I check with netstat -an, ISA doesn't seem to listen at port 21 on any of the network interfaces.
When I'm trying to acces the FTP the ISA logs return a Denied 0xc004000d Default rule, so it seems that the server publishing rule somehow doesn't apply.
I can't get it to work. The configuration is as follows, in a three leg perimeter situation.
Internet || Router 192.168.2.1 || ISA External 192.168.2.60 --------------------------- ISA Internal 10.0.0.13 || FTP Server 10.0.0.241
Network Rules NAT from External and perimeter to FTP server Non Web-Server publishing Rule From anywhere, to 10.0.0.241, Selected networks, External and Perimeter, Protocol FTP and access filter is on.
Access Rule From all networks, to Computer FTP, FTP and FTP server.
The funny thing is, when using the traffic simulator everything looks ok. But it uses the access rule, instead of the server publishing rule. When disabling the access rule, access is denied.
Also, when using FWENGMON, the socket is listening from 0.0.0.0:21 to 10.0.0.241:21.
When I try to reach the FTP server from external, it gives an Access denied by the default rule. I can reach the ftp server from ISA and from internal.
Serveral web sites have been published on the same internal server and work correctly.
I'm sure I'm missing something, but can't figure out what exactly.
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Printable Version
All Forums >> [ISA 2006 Publishing] >> Server Publishing >> FTP Publishing (again) 
FTP Publishing (again) - 
New Messages
No New Messages
Hot Topic w/ New Messages
Hot Topic w/o New Messages
Locked w/ New Messages
Locked w/o New Messages
Post New Thread