?
Solved

Publish LDAP Protocol through ISA 2006

Posted on 2010-11-11
6
Medium Priority
?
1,782 Views
Last Modified: 2013-11-16
Hi All,

we have a3-legged ISA 2k6 server.

We have an LDAP server on the internal network.
My problems is we use an external site to host web portal which needs to connect to our LDAP server through ISA. However, all LDAP connection are Denied Connection by the default rule.

We are only expecting traffic on 389, so the protocl is published as standard through the wizzard.

I would be obliged if someone could shed some light on this problem for me. I've attached a log extract for further reference.

Many thanks,
Adam.
isalog.txt
0
Comment
Question by:adamlcohen
  • 3
  • 2
6 Comments
 
LVL 6

Expert Comment

by:Hisham_Elkouha
ID: 34110837
create a rule that allow LDAP from the desired server without any ports specified, and then tune to allow only the required port.
0
 

Author Comment

by:adamlcohen
ID: 34111218
It is only LDAP port 389 that is used, the log has all traffic from the single client IP.

So I've published the LDAP protocol on the ISA server and log files is the result.
Denied Connection by Default Rule.
0
 
LVL 51

Accepted Solution

by:
Keith Alabaster earned 2000 total points
ID: 34113359
Try something for me.
Ceate a new protocol called ldap-inbound to use tcp, port 389 - 389, inbound. Edit your non-web server publishing rule and use the new user-defined protocol and retest. The default ldap protocol is outbound traffic.

Keith
0
Managing Security & Risk at the Speed of Business

Gartner Research VP, Neil McDonald & AlgoSec CTO, Prof. Avishai Wool, discuss the business-driven approach to automated security policy management, its benefits and how to align security policy management with business processes to address today's security challenges.

 

Author Comment

by:adamlcohen
ID: 34153923
Sorry, not been back in the office since oyur last post Keith.

Have now created a new protocol and rule, allowing LDAP inbound and I am stil seeing the same error in the logs:

FWX_E_POLICY_RULES_DENIED
389      LDAP      Denied Connection      Default rule
0
 

Author Comment

by:adamlcohen
ID: 34153986
Aplogies and many thanks Keith, been away for to long. Just double checked everyhting and you solution was spot on.

Adam.
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 34157629
No problem - glad it is resolved
0

Featured Post

The Lifecycle Approach to Managing Security Policy

Managing application connectivity and security policies can be achieved more effectively when following a framework that automates repeatable processes and ensures that the right activities are performed in the right order.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There are three types of ISA client that can be configured - these can be individual clients or multiples of a client on each PC or server SecureNAT. A SecureNAT client for ISA server is a client machine, work station or server, that has its defa…
Microsoft's ISA Server has been its pre-eminent security product for about a decade and is still regarded amongst the well-informed as one of the best software firewalls and application gateways ever released, by any manufacturer. ISA Server has bee…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Enter Foreign and Special Characters Enter characters you can't find on a keyboard using its ASCII code ... and learn how to make a handy reference for yourself using Excel ~ Use these codes in any Windows application! ... whether it is a Micr…
Suggested Courses
Course of the Month9 days, 22 hours left to enroll

571 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question