We help IT Professionals succeed at work.

Limit FTP to VPN Connection?

715 Views
Last Modified: 2013-11-05
Hello and thank you for reading my question.

Is it possible to limit FTP access to a VPN connection? If so, how? (I am not bad at programming but am weak with networking, so I would appreciate a response geared toward that lower level).

Details:

IPSEC with Microsoft VPN Connection
Windows 2003 Server
VPN already configured and working with an IP range of xxx.xxx.xx.145 - xxx.xxx.xx.150

Thank you very much.

Fritz the Blank
Comment
Watch Question

In IIS you can restrict the allowable ip's for the ftp site to the internal network only, which would include the RRAS users.
Rt click ftp site, >properties, >directory security > denied access except the following....add in ap range
or allow except the following would deny a range of computers....
CERTIFIED EXPERT
Top Expert 2005

Author

Commented:
Thank you for your post. I had already configured FTP that way, but it appears that when I connect with CuteFTP Pro, it uses my DHCP IP rather than the IP from the VPN. So, I ake it that I need to modify settings somehow on the FTP client to use the VPN connection?

Thanks again,

FtB
Include your private network range in the FTP  properties and see if it still barfs.
CERTIFIED EXPERT
Top Expert 2005

Author

Commented:
If I open the range to include my IP as indicated through ipconfig everything works fine. I am just not sure how to force my FTP client to connect via the VPN.

FtB
Are you telling the FTP client to use the servers internal IP address? Maybe I haven't enough coffee yet.
CERTIFIED EXPERT
Top Expert 2005

Author

Commented:
That is what I would like to do, but am unsure how. I have a range of 5 IP addresses assigned to VPN connections. I have limited the FTP settings in IIS to allow only those 5 addresses. Now what I need to figure out is how to configure the FTP client to use the VPN IP.

Does that make sense or am I thinking about this the in the wrong way?

Thanks again,

FtB
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION
CERTIFIED EXPERT
Top Expert 2005

Author

Commented:
What you describe about the NAT and the VPN clients is exactly what is in place. For the IIS FTP setting, I have allowed the range 145 through 150 but no the server address. Is that the problem? Let me test that. As an aside, the .100 address is not part of the VPN address pool. Does that mean that the FTP transfer is not happening over VPN?

FtB
CERTIFIED EXPERT
Top Expert 2005

Author

Commented:
Okay, including the ip address of the ftp site in the allowed ip list fixed the problem, so all is well.

Thank you very much for your help,

FtB
Non-technical answer is: your attaching to the server itself, so you also need to include itself.

Yeah! I'm glad it works. :-)
CERTIFIED EXPERT
Top Expert 2005

Author

Commented:
When I examined the sessions under FTP, they indicated the IP address of the server, so your your non-technical answer confirms what I observed.

Thank you once again,

FTB

Gain unlimited access to on-demand training courses with an Experts Exchange subscription.

Get Access
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Empower Your Career
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a sample view!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.