Re: Pass Through FTP Port?
- From: Jim Behning SBS MVP <jimbehning@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Sat, 24 Mar 2007 20:01:25 GMT
VPN was just how things were done there. It was not a recommendation.
My ISA expert wears a Tshirt that says I Hate VPN again and again. I
did not ask why the hate. If someone is so passionate it might hurt to
listen to a long rant. At least the expert does not hate SBS.
On Sat, 24 Mar 2007 11:29:05 -0700, Richard K
<RichardK@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
Thanks Jim. I'm trying to avoid the VPN side of the world but what you have.
set up is similar otherwise. You also make some good points about testing
inside then working your way out to eliminate issues. I love with ISA can do
but sometimes it has been an absolute BEAR when it comes to
monitoring/controlling network traffic. I've seen more than enough headaches
in my lifetime and so many times I keep coming back to ISA being the killer
in any process.
-Richard K
"Jim Behning SBS MVP" wrote:
I made a Firewall Policy called SCO FTP. This was to hit a SCO box
hosting FTP in the SBS internal network. The SCO has an ip of
10.0.1.133. The SBS has an ip of 10.0.1.140. That policy happens to be
third at that account.
Protocols: FTP Server
From/Listener: Internal, Local Host, VPN Clients.
To: 10.0.1.133
Note that my config may have a few things not perfect. The company
that needed to ftp has to start with a VPN connection. I started
testing from the SBS which was blocking stuff. I went to an internal
workstation and I was able to ftp. I went back to the SBS and played
with it until I was able to ftp. Once I got the SBS to stop blocking I
went home and made my vpn connection to the office. I then tried the
ftp. I played with the Firewall Policy until it worked with the vpn. I
may have had to disconnect and reconnect the vpn after Firewall Policy
changes. I do not recall.
Note that what I have does not look correct to an ISA expert. Well it
looks ok but I may have an extra listener in the rule.
Second note. This is for a standard FTP. The secure FTP may have some
more drama. I have played with secure ftp but not behind ISA. You may
have to create a custom port.
When I tried secure ftp I started with a secure ftp client inside the
office attaching to the secure ftp server. Make sure you put or place
a file during your testing. Don't think things work just because you
can see files.
Here is a cool article. I googled ISA 2004 secure ftp
http://www.internetaccessmonitor.com/eng/products/articles/Publishing_Secure_FTP_Servers_behind_ISA_Firewalls/Publishing_Secure_FTP_Servers_behind_ISA_Firewalls.php
On Sat, 24 Mar 2007 06:16:09 -0700, Richard K
<RichardK@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
I have an SBS 2003 Prem server running 2 nics + sql and ISA 2004. Pretty
standard stuff.
I want to set up another server that will be running GlobalScape's SecureFTP
so that my clients can send/receive FTP files to me under their own private
accounts that SecureFTP will let me set up. My question is the ports and ISA
2004.
I am assuming that I need to set up a rule in my ISA 2004 that will redirect
all port 22 traffic through the SBS to the dedicated IP machine running
Windows 2003 Server + SecureFTP. How/What is the best way to do this in ISA
2004 as to not affect anything else or any client and how they interact with
the ISA? I just want to make sure I set this up properly and ISA has given
me fits at times, especially with the latest service packs and R2
installations.
Thanks!
-Richard K
- References:
- Re: Pass Through FTP Port?
- From: Jim Behning SBS MVP
- Re: Pass Through FTP Port?
- From: Richard K
- Re: Pass Through FTP Port?
- Prev by Date: Re: Exchange System Manager terminates when Help requested
- Next by Date: Re: Urgent, please help. Exchange server 2003 is down after loading sp
- Previous by thread: Re: Pass Through FTP Port?
- Next by thread: SP2.. one worked one didn't... ;-)
- Index(es):
Relevant Pages
|
