Re: VPN to ISA server, can't FTP through it
- From: "Phillip Windell" <philwindell@xxxxxxxxxxx>
- Date: Mon, 10 Mar 2008 12:31:01 -0500
"jogdial" <jogdial@xxxxxxxxx> wrote in message
news:492cb425-7f3e-4b52-b58e-dd9e76d41ad2@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Hi, thanks for the reply. I've been trying to watch the monitoring,
but so far haven't seen anything coming through. This is a VERY busy
firewall, I've tried not putting any filters on the monitoring at all
thought and I don't see any rule being applied to the FTP upload, or
FTP connection for that matter.
Set the Log filter to show traffic where the Destination IP# is the FTP
Server.
Repeat the monitoring with the filter set to Client IP# as the FTP Server.
As the requests are coming and going
through a VPN, will they not be encrypted anyway?
No. The Tunnel terminates "at" the ISA,...it doesn't go "through it". It is
normal traffic going through the ISA.
publishing new web applications mostly. So, if there isn't a specific
rule for FTP to this specific server, and it's coming from a VPN, is
there still an application filter for all traffic?
The VPN would use a "routed" relationship instead of NAT,...but the Access
Rules still control the traffic flow. If the VPN is a Remote Access VPN
then the Source Network is "VPN Clients",....if the VPN is a Site-2-Site VPN
then the Source Network would be the "created" Network that ws created when
the Site-2-Site VPN was setup. I believe yours is a Site-2-Site from what
you earlier post says. Protocols are all treated as "outbound" no matter
what.
You should already have an Access Rule in place or nothing would be working
over the VPN at all,...so just make sure that Rule allows FTP, has the FTP
Application Filter applied and has the Filter's "read-only" box *unchecked*.
Typically the Rule would look something like this:
Source Network: Internal, <VPN Network Name>
Destination Network: Internal, <VPN Network Name>
Protocol: <whatever>
Configure FTP, "Read-only" Unchecked
Users: <whatever>
--
Phillip Windell
www.wandtv.com
The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html
Troubleshooting Client Authentication on Access Rules in ISA Server 2004
http://download.microsoft.com/download/9/1/8/918ed2d3-71d0-40ed-8e6d-fd6eeb6cfa07/ts_rules.doc
Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.mspx
Microsoft ISA Server Partners: Partner Hardware Solutions
http://www.microsoft.com/forefront/edgesecurity/partners/hardwarepartners.mspx
-----------------------------------------------------
.
- Follow-Ups:
- Re: VPN to ISA server, can't FTP through it
- From: jogdial
- Re: VPN to ISA server, can't FTP through it
- References:
- VPN to ISA server, can't FTP through it
- From: jogdial
- Re: VPN to ISA server, can't FTP through it
- From: Phillip Windell
- Re: VPN to ISA server, can't FTP through it
- From: jogdial
- VPN to ISA server, can't FTP through it
- Prev by Date: Re: VPN to ISA server, can't FTP through it
- Next by Date: Re: vpn connection failure
- Previous by thread: Re: VPN to ISA server, can't FTP through it
- Next by thread: Re: VPN to ISA server, can't FTP through it
- Index(es):
Relevant Pages
|
