Solved

Publish LDAP Protocol through ISA 2006

Posted on 2010-11-11
6
1,661 Views
Last Modified: 2013-11-16
Hi All,

we have a3-legged ISA 2k6 server.

We have an LDAP server on the internal network.
My problems is we use an external site to host web portal which needs to connect to our LDAP server through ISA. However, all LDAP connection are Denied Connection by the default rule.

We are only expecting traffic on 389, so the protocl is published as standard through the wizzard.

I would be obliged if someone could shed some light on this problem for me. I've attached a log extract for further reference.

Many thanks,
Adam.
isalog.txt
0
Comment
Question by:adamlcohen
  • 3
  • 2
6 Comments
 
LVL 6

Expert Comment

by:Hisham_Elkouha
ID: 34110837
create a rule that allow LDAP from the desired server without any ports specified, and then tune to allow only the required port.
0
 

Author Comment

by:adamlcohen
ID: 34111218
It is only LDAP port 389 that is used, the log has all traffic from the single client IP.

So I've published the LDAP protocol on the ISA server and log files is the result.
Denied Connection by Default Rule.
0
 
LVL 51

Accepted Solution

by:
Keith Alabaster earned 500 total points
ID: 34113359
Try something for me.
Ceate a new protocol called ldap-inbound to use tcp, port 389 - 389, inbound. Edit your non-web server publishing rule and use the new user-defined protocol and retest. The default ldap protocol is outbound traffic.

Keith
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 

Author Comment

by:adamlcohen
ID: 34153923
Sorry, not been back in the office since oyur last post Keith.

Have now created a new protocol and rule, allowing LDAP inbound and I am stil seeing the same error in the logs:

FWX_E_POLICY_RULES_DENIED
389      LDAP      Denied Connection      Default rule
0
 

Author Comment

by:adamlcohen
ID: 34153986
Aplogies and many thanks Keith, been away for to long. Just double checked everyhting and you solution was spot on.

Adam.
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 34157629
No problem - glad it is resolved
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

Suggested Solutions

There are three types of ISA client that can be configured - these can be individual clients or multiples of a client on each PC or server SecureNAT. A SecureNAT client for ISA server is a client machine, work station or server, that has its defa…
In all versions of ISA Server and the current version of FTMG, the default https protocol uses TCP port 443 and 563 only. This cannot be changed within the ISA or FTMG GUI and must be completed from a Windows cmd prompt on the ISA Server itself. …
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now