FTP Publishing (again) (Full Version)

All Forums >> [ISA 2006 Publishing] >> Server Publishing



Message


xander2 -> FTP Publishing (again) (5.Sep.2008 3:19:55 AM)

Hi,

In a three leg perimeter network, I'm trying to publish a internal FTP Server to external.

I've tried everything, including al the tips from existing topics. The server is published with a server publishing rule, there is a NAT network relationship between the external network and the server and the FTP Access filter is enabled.

When I check with netstat -an, ISA doesn't seem to listen at port 21 on any of the network interfaces.

When I'm trying to acces the FTP the ISA logs return a Denied 0xc004000d Default rule, so it seems that the server publishing rule somehow doesn't apply.

Thanks in advance,

Xander





paulo.oliveira -> RE: FTP Publishing (again) (8.Sep.2008 7:55:52 AM)

Hi,

check this tools FWENGMON and see if the socket is listening for the new connection.
http://blogs.technet.com/isablog/archive/2008/06/24/server-publishing-with-isa-server-2004-2006-and-route-relationship-between-networks.aspx

If Im not mistaken, ISA sometimes have a little delay to apply the new configurations.

Regards,
Paulo Oliveira.




xander2 -> RE: FTP Publishing (again) (25.Sep.2008 3:12:39 AM)

Hi Paulo,

I can't get it to work. The configuration is as follows, in a three leg perimeter situation.

Internet
||
Router 192.168.2.1
||
ISA External 192.168.2.60
---------------------------
ISA Internal 10.0.0.13
||
FTP Server 10.0.0.241

Network Rules
NAT from External and perimeter to FTP server

Non Web-Server publishing Rule

From anywhere, to 10.0.0.241, Selected networks, External and Perimeter, Protocol FTP and access filter is on.

Access Rule
From all networks, to Computer FTP, FTP and FTP server.

The funny thing is, when using the traffic simulator everything looks ok. But it uses the access rule, instead of the server publishing rule. When disabling the access rule, access is denied.

Also, when using FWENGMON, the socket is listening from 0.0.0.0:21 to 10.0.0.241:21.

When I try to reach the FTP server from external, it gives an Access denied by the default rule. I can reach the ftp server from ISA and from internal.

Serveral web sites have been published on the same internal server and work correctly.

I'm sure I'm missing something, but can't figure out what exactly.

Thanks,

Xander




Page: [1]