RE: FTP Access problem from internal host to development net behind ISA 2004

• From: "Surago Jones" <surago@xxxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Wed, 12 Oct 2005 15:59:15 +1300

It looks like there is a new article based on exactly what I am trying
to do, so hopefully when part two comes out I'll be able to see if I
have missed any steps.

Cheers

Title: Configure ISA 2004 as a Network Services Segment Perimeter
Firewall - Part 1: Perimeter Network Design Principles and
Considerations
Author: Thomas Shinder

Link:
http://www.ISAserver.org/tutorials/Configure-ISA-2004-Network-Services-S
egment-Perimeter-Firewall-Part1.html

-----Original Message-----
From: Surago Jones [mailto:surago@xxxxxxxxxxxx] 
Sent: Tuesday, 11 October 2005 03:16
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: FTP Access problem from internal host to
development net behind ISA 2004

http://www.ISAserver.org

Apologies, I got my wording wrong,

I have two rules created, one an Access rule which I use for outbound
ftp access (this was purely to test to see if I could run an FTP client
within the virtual network to an external source), and I have a
publishing rule for the ftp server located within the virtual network.

Hope that clears up what I have configured.

Unfortunately I still haven't managed to figure out why it won't allow
me to download from the virtual network (from the physical side), yet it
allows me to upload ok.. (I've double checked the 'read only' ftp
option, and that is not checked, though it shouldn't affect what I'm
trying to do anyways)

Cheers

Surago

-----Original Message-----
From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] 
Sent: Tuesday, 11 October 2005 02:48
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: FTP Access problem from internal host to
development net behind ISA 2004

http://www.ISAserver.org

If you do have the default installation, you can't use access rules to
allow inbound access.
You *must* use publishing rules.


-----Original Message-----
From: Surago Jones [mailto:surago@xxxxxxxxxxxx] 
Sent: Sunday, October 09, 2005 11:28 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: FTP Access problem from internal host to
development net behind ISA 2004

http://www.ISAserver.org


In regards to not seeing anything in the ISA monitor that is denied, I
meant in regards to the FTP access, as with only the 2 Access rules,
there are a heap of denied messages, but they appear to be related to
Windows networking.

 

________________________________

From: Surago Jones [mailto:surago@xxxxxxxxxxxx] 
Sent: Monday, 10 October 2005 19:25
To: [ISAserver.org Discussion List]
Subject: [isalist] FTP Access problem from internal host to development
net behind ISA 2004

 

http://www.ISAserver.org

HI All,

 

I have a problem with FTP access,  I have configured a virtual network
with VMWare, with an ISA2004 server used to firewall the virtual
network, however I am unable to download from a FTP server on the
virtual network (behind the ISA server), yet I can upload ok.

 

Here is what I have..

 

PC1 (Physical Machine)

IP:        192.168.1.65

Mask:   255.255.255.0

GW:     192.168.1.2

 

PC2 (Virtual Machine, Win2k3, ISA2k4)

Nic1 IP: 192.168.1.20     External Nic Connected to physical lan

Mask:   255.255.255.0

GW:     192.168.1.2

 

Nic2 IP: 192.168.10.2     Internal Nic Connected to virtual lan

Mask:   255.255.255.0

GW:     <blank>

 

PC3 (Virtual Machine, Win2k3, holds ftp server)

IP:        192.168.10.1

Mask:   255.255.255.0

GW:     192.168.10.2

 

On PC2 I have setup ISA2004 with a default installation, and it is
configured as an edge firewall.  I have configured 2 access rules, one
of which publishes the ftp service on PC3, and a second one that allows
for FTP client access from PC3 to PC1 (This second rule was purely for
testing, I don't need it for the FTP Service.)

 

PC1 will connect to PC3 via FTP with no problems, I can get the
directory lists, am able to upload files, however I am not able to
download files.  (It basically just times out).

 

Also...

 

PC3 is able to connect to PC1 via FTP with no problems, I can download
files from PC1, however I can't upload files to PC1, which is
interesting as it appears the network access is the same direction as
the transfers that worked in the previous example.

 

I have checked in the ISA monitor, and I don't see anything that appears
to be denied.

 

On a side note, if I open up complete access I am able to use Windows
networking for transferring files across windows shares without any
problems, but still am unable to get FTP to work correctly.

 

Any suggestions or ideas would be appreciated, as previously I had an
ISA2000 server in place of the ISA2004 server and it worked without any
problems for the network setup.

 

Cheers.

 

Surago.

 

 

 

 

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
surago@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx 

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx 

All mail to and from this domain is GFI-scanned.


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
surago@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
surago@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

Other related posts:

• » FTP Access problem from internal host to development net behind ISA 2004
• » RE: FTP Access problem from internal host to development net behind ISA 2004
• » RE: FTP Access problem from internal host to development net behind ISA 2004
• » RE: FTP Access problem from internal host to development net behind ISA 2004
• » RE: FTP Access problem from internal host to development net behind ISA 2004

1. Home
2. isalist
3. Archive
4. 10-2005

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---