Re: VPN to ISA server, can't FTP through it
- From: jogdial <jogdial@xxxxxxxxx>
- Date: Tue, 11 Mar 2008 01:57:50 -0700 (PDT)
Thanks! this looks like the info I need to track it down now, still
having my Tee at home but as soon as I get to the office, (5 minute
walk to next room ;-) I'll have a look.
Thanks again for going through the filters etc. Not sure why I didn't
filter on the FTP server first. I was trying client and I'm unsure
what the client IP address might be, but I do know what the server IP
is an once I concentrate on that server and FTP I should see the
client IP as well and can go from there.
Cheers
Bill
On 10 Mar, 17:31, "Phillip Windell" <philwind...@xxxxxxxxxxx> wrote:
"jogdial" <jogd...@xxxxxxxxx> wrote in message
news:492cb425-7f3e-4b52-b58e-dd9e76d41ad2@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Hi, thanks for the reply. I've been trying to watch the monitoring,
but so far haven't seen anything coming through. This is a VERY busy
firewall, I've tried not putting any filters on the monitoring at all
thought and I don't see any rule being applied to the FTP upload, or
FTP connection for that matter.
Set the Log filter to show traffic where the Destination IP# is the FTP
Server.
Repeat the monitoring with the filter set to Client IP# as the FTP Server.
As the requests are coming and going
through a VPN, will they not be encrypted anyway?
No. The Tunnel terminates "at" the ISA,...it doesn't go "through it". It is
normal traffic going through the ISA.
publishing new web applications mostly. So, if there isn't a specific
rule for FTP to this specific server, and it's coming from a VPN, is
there still an application filter for all traffic?
The VPN would use a "routed" relationship instead of NAT,...but the Access
Rules still control the traffic flow. If the VPN is a Remote Access VPN
then the Source Network is "VPN Clients",....if the VPN is a Site-2-Site VPN
then the Source Network would be the "created" Network that ws created when
the Site-2-Site VPN was setup. I believe yours is a Site-2-Site from what
you earlier post says. Protocols are all treated as "outbound" no matter
what.
You should already have an Access Rule in place or nothing would be working
over the VPN at all,...so just make sure that Rule allows FTP, has the FTP
Application Filter applied and has the Filter's "read-only" box *unchecked*.
Typically the Rule would look something like this:
Source Network: Internal, <VPN Network Name>
Destination Network: Internal, <VPN Network Name>
Protocol: <whatever>
Configure FTP, "Read-only" Unchecked
Users: <whatever>
--
Phillip Windellwww.wandtv.com
The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processinghttp://www.isaserver.org/articles/ISA2004_AccessRules.html
Troubleshooting Client Authentication on Access Rules in ISA Server 2004http://download.microsoft.com/download/9/1/8/918ed2d3-71d0-40ed-8e6d-...
Microsoft Internet Security & Acceleration Server: Partnershttp://www.microsoft.com/isaserver/partners/default.mspx
Microsoft ISA Server Partners: Partner Hardware Solutionshttp://www.microsoft.com/forefront/edgesecurity/partners/hardwarepart...
-----------------------------------------------------
.
- References:
- VPN to ISA server, can't FTP through it
- From: jogdial
- Re: VPN to ISA server, can't FTP through it
- From: Phillip Windell
- Re: VPN to ISA server, can't FTP through it
- From: jogdial
- Re: VPN to ISA server, can't FTP through it
- From: Phillip Windell
- VPN to ISA server, can't FTP through it
- Prev by Date: Re: vpn connection failure
- Next by Date: Re: VPN behind NAT
- Previous by thread: Re: VPN to ISA server, can't FTP through it
- Next by thread: Re: vpn connection failure
- Index(es):
Relevant Pages
|
