Solved

Publish LDAP Protocol through ISA 2006

Posted on 2010-11-11
6
1,716 Views
Last Modified: 2013-11-16
Hi All,

we have a3-legged ISA 2k6 server.

We have an LDAP server on the internal network.
My problems is we use an external site to host web portal which needs to connect to our LDAP server through ISA. However, all LDAP connection are Denied Connection by the default rule.

We are only expecting traffic on 389, so the protocl is published as standard through the wizzard.

I would be obliged if someone could shed some light on this problem for me. I've attached a log extract for further reference.

Many thanks,
Adam.
isalog.txt
0
Comment
Question by:adamlcohen
  • 3
  • 2
6 Comments
 
LVL 6

Expert Comment

by:Hisham_Elkouha
ID: 34110837
create a rule that allow LDAP from the desired server without any ports specified, and then tune to allow only the required port.
0
 

Author Comment

by:adamlcohen
ID: 34111218
It is only LDAP port 389 that is used, the log has all traffic from the single client IP.

So I've published the LDAP protocol on the ISA server and log files is the result.
Denied Connection by Default Rule.
0
 
LVL 51

Accepted Solution

by:
Keith Alabaster earned 500 total points
ID: 34113359
Try something for me.
Ceate a new protocol called ldap-inbound to use tcp, port 389 - 389, inbound. Edit your non-web server publishing rule and use the new user-defined protocol and retest. The default ldap protocol is outbound traffic.

Keith
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:adamlcohen
ID: 34153923
Sorry, not been back in the office since oyur last post Keith.

Have now created a new protocol and rule, allowing LDAP inbound and I am stil seeing the same error in the logs:

FWX_E_POLICY_RULES_DENIED
389      LDAP      Denied Connection      Default rule
0
 

Author Comment

by:adamlcohen
ID: 34153986
Aplogies and many thanks Keith, been away for to long. Just double checked everyhting and you solution was spot on.

Adam.
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 34157629
No problem - glad it is resolved
0

Featured Post

How Do You Stack Up Against Your Peers?

With today’s modern enterprise so dependent on digital infrastructures, the impact of major incidents has increased dramatically. Grab the report now to gain insight into how your organization ranks against your peers and learn best-in-class strategies to resolve incidents.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Sbs2011 has been hacked. Foreign users in AD 7 168
WYSIWYG editor triggering application firewall errors 6 76
Watchguard Firewall Setup 3 102
iptables ubuntu BLOCK all 2 92
Microsoft's ISA Server has been its pre-eminent security product for about a decade and is still regarded amongst the well-informed as one of the best software firewalls and application gateways ever released, by any manufacturer. ISA Server has bee…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
In an interesting question (https://www.experts-exchange.com/questions/29008360/) here at Experts Exchange, a member asked how to split a single image into multiple images. The primary usage for this is to place many photographs on a flatbed scanner…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question