Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 692
  • Last Modified:

Limit FTP to VPN Connection?

Hello and thank you for reading my question.

Is it possible to limit FTP access to a VPN connection? If so, how? (I am not bad at programming but am weak with networking, so I would appreciate a response geared toward that lower level).

Details:

IPSEC with Microsoft VPN Connection
Windows 2003 Server
VPN already configured and working with an IP range of xxx.xxx.xx.145 - xxx.xxx.xx.150

Thank you very much.

Fritz the Blank
0
fritz_the_blank
Asked:
fritz_the_blank
  • 6
  • 5
1 Solution
 
bkellyboulderitCommented:
In IIS you can restrict the allowable ip's for the ftp site to the internal network only, which would include the RRAS users.
Rt click ftp site, >properties, >directory security > denied access except the following....add in ap range
or allow except the following would deny a range of computers....
0
 
fritz_the_blankAuthor Commented:
Thank you for your post. I had already configured FTP that way, but it appears that when I connect with CuteFTP Pro, it uses my DHCP IP rather than the IP from the VPN. So, I ake it that I need to modify settings somehow on the FTP client to use the VPN connection?

Thanks again,

FtB
0
 
bkellyboulderitCommented:
Include your private network range in the FTP  properties and see if it still barfs.
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
fritz_the_blankAuthor Commented:
If I open the range to include my IP as indicated through ipconfig everything works fine. I am just not sure how to force my FTP client to connect via the VPN.

FtB
0
 
bkellyboulderitCommented:
Are you telling the FTP client to use the servers internal IP address? Maybe I haven't enough coffee yet.
0
 
fritz_the_blankAuthor Commented:
That is what I would like to do, but am unsure how. I have a range of 5 IP addresses assigned to VPN connections. I have limited the FTP settings in IIS to allow only those 5 addresses. Now what I need to figure out is how to configure the FTP client to use the VPN IP.

Does that make sense or am I thinking about this the in the wrong way?

Thanks again,

FtB
0
 
bkellyboulderitCommented:
Let me try again.

Internal NAT'd Server address: x.x.x.100  (like 192.168.1.100)
vpn clients x.x.x.145-150 (like 192.168.1.145 through 150)

allowed ip's for FTP 127.0.0.1, x.x.x.100, x.x.x.145-150

ftp software points to x.x.x.100

doesn't work?

It should! Is this diagram correct?  You can ftp at the command prompt ok?
0
 
fritz_the_blankAuthor Commented:
What you describe about the NAT and the VPN clients is exactly what is in place. For the IIS FTP setting, I have allowed the range 145 through 150 but no the server address. Is that the problem? Let me test that. As an aside, the .100 address is not part of the VPN address pool. Does that mean that the FTP transfer is not happening over VPN?

FtB
0
 
fritz_the_blankAuthor Commented:
Okay, including the ip address of the ftp site in the allowed ip list fixed the problem, so all is well.

Thank you very much for your help,

FtB
0
 
bkellyboulderitCommented:
Non-technical answer is: your attaching to the server itself, so you also need to include itself.

Yeah! I'm glad it works. :-)
0
 
fritz_the_blankAuthor Commented:
When I examined the sessions under FTP, they indicated the IP address of the server, so your your non-technical answer confirms what I observed.

Thank you once again,

FTB
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

  • 6
  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now