• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 384
  • Last Modified:

How to allow FTP Application out through ISA 2004

Hi,

I have a scenario where ISA 2004 is the default gateway for the network and has 2 NICs. The 2nd NIC is in a DMZ and the default gateway on the ISA is an ASA.

1 PC, Non-domain joined has an FTP application that connects out through the ISA and down a VPN that is terminating on the ASA. Basically, the FTP app fails and we can see that the IP address attempting to connect to the FTP server on the other side of the VPN is the IP address on the LAN side of the ISA server.

ISA is proxying the FTP connection. I want the source IP of the PC establishing the FTP connection to hit the FTP server. I have added in a route from the PC to the subnet where the ISA server sits so ISA is not NATing the connection.

I cannot install the ISA client on the PC and the default gateway on the PC is the ISA server.

Any suggestions?
0
davewex
Asked:
davewex
  • 4
  • 3
1 Solution
 
pwindellCommented:
ISA is not going to stop NATing just because you add a route.

You have to change the Network Relationship between Internal and External to Routed instead of the default "NAT".

The ASA is where you have to "add a route".
0
 
davewexAuthor Commented:
Sorry I didn't make that part clear, It is set so that it is routed instead of NAT (The ISA default gateway is the ASA - No need for a route). I have several other L2L VPNs configured in this manner with no problem.

I don't have to add any routes on the ASA as the crypto map takes care of that. The only difference between the other connections is that I have set the PC as a source instead of the subnet in the routed statement. I am going to change this an see if it makes any differenece.

I also stated that ISA is proxying the connection for FTP, when traffic hits the remote site the source address is that of the internal IP on the ISA, it is not Nating. This is what I am trying to fix. The traffic is not routing through the ASA, instead it is proxying the FTP connection.

External connections into the PC from the remote site are working as they should
0
 
davewexAuthor Commented:
No joy, looks like I will have to remove the http filter as this seems to process the traffic even though I have it configured to route.

I will try it on Monday
0
Cloud Class® Course: Microsoft Exchange Server

The MCTS: Microsoft Exchange Server 2010 certification validates your skills in supporting the maintenance and administration of the Exchange servers in an enterprise environment. Learn everything you need to know with this course.

 
pwindellCommented:
Yes,  it might do that when using the Filter,...but removing the FTP Filter will cause the FTP Communincation to fail,...the Filter is required,...except when you are using the Firewall Client.  The Firewall Client replaces the Filter's functionality with its own.
0
 
davewexAuthor Commented:
I upgraded the ASA software from 7.2.2 to 8.2.4 and this resolved the problem
0
 
pwindellCommented:
Very good.
I always prefer to blame the ASA for problems anyway  :-)
0
 
davewexAuthor Commented:
asa upgrade resolved the issue
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Introducing Cloud Class® training courses

Tech changes fast. You can learn faster. That’s why we’re bringing professional training courses to Experts Exchange. With a subscription, you can access all the Cloud Class® courses to expand your education, prep for certifications, and get top-notch instructions.

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now