• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Issue with ISA 2004 and SSH FTP

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 Firewall] >> Access Policies >> Issue with ISA 2004 and SSH FTP Page: [1]
Login
Message << Older Topic   Newer Topic >>
Issue with ISA 2004 and SSH FTP - 18.May2005 4:47:00 PM   
SteveCDN

 

Posts: 11
Joined: 2.Mar.2005
Status: offline
I've got a dual homed ISA 2004 on Windows 2003 server. Server 2003 has security updates but SP1 not installed; also SP1 has not been installed for ISA 2004.

I'm trying to connect to a secure FTP server using SecureFX by VanDyke Software.

I've got an all access rule for all sites and all protocols. SSH is using port 22 and it just stalls out when trying to access the FTP server. The monitoring shows it trying to access the server, but then just disconnects.

I can use regular FTP and connect to the site, but I need to be able to connect using SSH, port 22.

Any ideas where to start troubleshooting?

I know ISA has trouble with FTP over SSL, but I thought that FTP over SSH should be fine.

Thanks.
Post #: 1
RE: Issue with ISA 2004 and SSH FTP - 18.May2005 4:52:00 PM   
spouseele

 

Posts: 12830
Joined: 1.Jun.2001
From: Belgium
Status: offline
Hi Steve,

if FTP is tunneled inside SSH, then all you need todo is allowing the SSH protocol (TCP port 22 outbound). Can you telnet to the destination on TCP port 22?

Also, analyze the ISA logs. They will tell you exactly what connections are used.

BTW --- for more info about FTP, check out my article http://www.isaserver.org/articles/How_the_FTP_protocol_Challenges_Firewall_Security.html .

HTH,
Stefaan

(in reply to SteveCDN)
Post #: 2
RE: Issue with ISA 2004 and SSH FTP - 18.May2005 6:47:00 PM   
SteveCDN

 

Posts: 11
Joined: 2.Mar.2005
Status: offline
Hi Stefaan,

I was thinking it should be so simple as well..currently I'm allowing all ports, so it shouldn't be an issue.

I cannot telnet to that IP on port 22. It returns the error,

Could not open a connection to host on port 22 :
Connect failed

I can connect on port 21 though, so the server is OK and I can access this site via SSH with our MS Proxy 2.0 server. I want to migrate from this box though, soon.

I'm logging with the default MSDE..how do I go about viewing these mdf files?

Thanks.

(in reply to SteveCDN)
Post #: 3
RE: Issue with ISA 2004 and SSH FTP - 20.May2005 3:31:00 PM   
spouseele

 

Posts: 12830
Joined: 1.Jun.2001
From: Belgium
Status: offline
Hi Steve,

if you cannot telnet to that IP on TCP port 22 you should investigate that first! Also, check out your DNS resolving [Wink]

Come on, don't tell me you never have looked at the ISA logs. I suggest you start reading the ISA help file, particular the chapter about Monitoring.

HTH,
Stefaan

(in reply to SteveCDN)
Post #: 4

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 Firewall] >> Access Policies >> Issue with ISA 2004 and SSH FTP Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts