Re: FTP publishing in ISA 2006
- From: Bruno S <Bruno S@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 6 Jul 2007 08:26:07 -0700
I have been reading about publishing ftp on isa 2006 for the last 2 days, and
I followed several guides and instructions closely, they are pretty straight
forward, but my problem is that I can't even get the client (IE7) to open the
FTP site from the network or from external. I have a NAT relationship between
our internal FTP server the the external network and a ROUTE between the FTP
server and the internal network client.
I create a publishing rule for the external client and a access rule for the
internal client, but no go. The FTP site open fine on the server itself, but
I get "IE cannot display the webpage" message from both clients.
When checking the ISA log I see the following:
For the internal client: Client > FTP server "Failed connection attempt"
For the external client: FTP Server > external client "Denied Connection" on
some random port like 16519 using "Unidentified IP Traffic". There were no
entries for "Client>FTP server"
My setting is pretty straitght forward and I got all other servers like
smtp, Exchange, websites and RDP published and working securely, but FTP
seems to be a whole different monster.
Any idea of what could be the issue?
thanks
"Phillip Windell" wrote:
Ok, sounds good..
I didn't know the publishing would work over a routed relationship at all.
--
Phillip Windell
www.wandtv.com
The views expressed, are my own and not those of my employer, or Microsoft, or
anyone else associated with me, including my cats.
-----------------------------------------------------
"Jim Harrison (ISA SE)" <jmharr@xxxxxxxxxxxxxxxxxxxx> wrote in message
news:B6FA8E15-6192-43FF-8CF5-C6BC16AC4854@xxxxxxxxxxxxxxxx
One point of clarification; you can use a server publishing rule across a
routed relationship and in some cases, you must; Exch RPC (MAPI) is one such
example.
The difference between NAT and Route for server publishing is that:
- Route: the client attempts to connect to the published server IP
- NAT: the client attempts to connect to the ISA server publishing IP
--
Jim Harrison (ISA SE)
This posting implies no warranty and confers no rights.
"Phillip Windell" <philwindell@xxxxxxxxxxx> wrote in message
news:%23JFfcIVnHHA.4516@xxxxxxxxxxxxxxxxxxxxxxx
If the Network Relationship between External and DMZ is "routing" then it is
just an access rule for the regular FTP from External to <name of DMZ
network
object>.
If the Network Relationship between External and DMZ is "NAT", then it is a
Server Publishing Rule for the server variant of FTP (FTP Server) from
External
to <IP# of the FTP Server>.
I haven't done that from a DMZ leg like that, so it is a bit of a guess for
me.
It also may be possible that the FTP Protocol used in the first option may
have
to be the server variant as well,...you may have to experiment.
--
Phillip Windell
www.wandtv.com
The views expressed, are my own and not those of my employer, or Microsoft,
or
anyone else associated with me, including my cats.
-----------------------------------------------------
"James" <james.austin.cabbage@xxxxxxxxxxxxx> wrote in message
news:135827ggdskqcf6@xxxxxxxxxxxxxxxxxxxxx
Internet ---------ISA2006----------LAN
|
|
|
DMZ
- Follow-Ups:
- Re: FTP publishing in ISA 2006
- From: Bruno S
- Re: FTP publishing in ISA 2006
- Prev by Date: Re: owa and outlook anywhere
- Next by Date: Re: FTP publishing in ISA 2006
- Previous by thread: Re: owa and outlook anywhere
- Next by thread: Re: FTP publishing in ISA 2006
- Index(es):
Relevant Pages
|
