Solved

Publish LDAP Protocol through ISA 2006

Posted on 2010-11-11
6
1,695 Views
Last Modified: 2013-11-16
Hi All,

we have a3-legged ISA 2k6 server.

We have an LDAP server on the internal network.
My problems is we use an external site to host web portal which needs to connect to our LDAP server through ISA. However, all LDAP connection are Denied Connection by the default rule.

We are only expecting traffic on 389, so the protocl is published as standard through the wizzard.

I would be obliged if someone could shed some light on this problem for me. I've attached a log extract for further reference.

Many thanks,
Adam.
isalog.txt
0
Comment
Question by:adamlcohen
  • 3
  • 2
6 Comments
 
LVL 6

Expert Comment

by:Hisham_Elkouha
ID: 34110837
create a rule that allow LDAP from the desired server without any ports specified, and then tune to allow only the required port.
0
 

Author Comment

by:adamlcohen
ID: 34111218
It is only LDAP port 389 that is used, the log has all traffic from the single client IP.

So I've published the LDAP protocol on the ISA server and log files is the result.
Denied Connection by Default Rule.
0
 
LVL 51

Accepted Solution

by:
Keith Alabaster earned 500 total points
ID: 34113359
Try something for me.
Ceate a new protocol called ldap-inbound to use tcp, port 389 - 389, inbound. Edit your non-web server publishing rule and use the new user-defined protocol and retest. The default ldap protocol is outbound traffic.

Keith
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:adamlcohen
ID: 34153923
Sorry, not been back in the office since oyur last post Keith.

Have now created a new protocol and rule, allowing LDAP inbound and I am stil seeing the same error in the logs:

FWX_E_POLICY_RULES_DENIED
389      LDAP      Denied Connection      Default rule
0
 

Author Comment

by:adamlcohen
ID: 34153986
Aplogies and many thanks Keith, been away for to long. Just double checked everyhting and you solution was spot on.

Adam.
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 34157629
No problem - glad it is resolved
0

Featured Post

Live: Real-Time Solutions, Start Here

Receive instant 1:1 support from technology experts, using our real-time conversation and whiteboard interface. Your first 5 minutes are always free.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
ActiveSync issues 16 149
Cisco ASA 5505 NAT question 8 118
Cisco ASA 1 61
Looking for a web usage history tracking tool. (budget) 3 104
I have been asked to explain on many, many occasions the correct way to setup network cards and DNS settings on ISA Server 2004, 2006 and forefront Threat management gateway (FTMG) and have willing done so. I have also promised my self everytime tha…
In Africa (and potentially where you live…), reliability of ISPs is questionable.  With the increased reliance on e-mail as one of the primary forms of communication, the costs to business are significant based on interuption of ISP Connectivity.  T…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

774 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question