Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

isa server 2006 ftp publishing

Posted on 2012-03-15
8
Medium Priority
?
669 Views
Last Modified: 2012-03-26
Hello,

I have windows 2003 r2 server and vmware workstation installed with 2 virtual machines, I have published web sites hosted on those vm's with no problem but now when I am trying to publish the ftp service on one of the vm's  ( *ubunto 11) it's not working, I understand this can be a problem and I would appreciate if someone will guide me through the process.
Thanks!

Gilad
0
Comment
Question by:Giladn
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
8 Comments
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 37727545
Nope - shouldn't be a problem.
On ISA, use the non-web publishing rule and point it at the VM's internal IP.

ISA must be the default gateway for the VM or along the default route for reeturn traffic going back out to any external clients.
0
 
LVL 11

Author Comment

by:Giladn
ID: 37737020
I have tried the following:
since the VM won't let me configure the isa server as gateway( because it's not on the same scope) I moved the nic settings to "bridge" and gave it an address on the same scope and the isa server as GW.
 web publishing works, ftp don't, I have logged the requests and when I try to publish the server using the non-web publishing role I have the option to publish only FTP SERVER protocol but the logging shows FTP protocol (outgoing) is being used, how strange, I have double checked the external and internal network settings but they seem to be valid and OK.
any suggestions?
0
 
LVL 51

Assisted Solution

by:Keith Alabaster
Keith Alabaster earned 750 total points
ID: 37737386
First off, it does not need to be on the same scope - what it needs is for the ftp to have EITHER ISA as the default gateway OR for the ISA to be on the FTP servers default path to the Internet. Think about it, most organisations have routers internally and therefore most internal servers will not be on the same scope as the ISA box.

ISA server will not work in a bridge situation between two of its own nics. Each NIC must be on its own subnet.

FTP and FTP Server protocols are the same - they are given different names to split out what they do in respect to ISA. the FTP protocol (in ISA) is for OUTBOUND TCP i.e. FTP packets that are initiated from internal and also incorporates return traffic on thoise ports. The FTP Server protocol (within ISA) is for the same ports but INBOUND i.e. FTP traffic that has been initiated on the Internet towards your internal FTP service and includes return ftp traffic back to those clients.

The FTP protocol is what you would place within an FTP access rule allowinbg your internal users to go out to an external FTP site.
The FTP Server protocol is the one you use within a non-web publishing rule to allow external FTP clients to access your internal FTP server.
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 11

Author Comment

by:Giladn
ID: 37739271
Hi Keith,

Thank you for the detailed answer, I am aware of all this, I did try all the above and only then tried bridging the vmnet nic..
I  tried both non-web server publishing and web server publishing (bridging to ftp) but for some reason
it does not work, When I look at the logging it shows that the packet is denied (last rule).
might it be something I'm missing? can I configure a more detailed logging?
what you say in fact that non-web server publishing role should do the job?
I must also mention that I am using a single nic configuration ( I read this could be the problem) even though I have 2 nic but since the server is hosted on the isp's server farm I have limited physical  access to it.

appreciate your help,

Gilad
0
 
LVL 29

Accepted Solution

by:
pwindell earned 750 total points
ID: 37748653
I must also mention that I am using a single nic configuration ( I read this could be the problem)

Being a Single Nic completely removes ISA from the process.  So the ISA is totally irrelevant to what you are trying to do.

Being a Single Nic means there is some other Firewall doing the work,....the FTP Publishing has to be done at THAT firewall,...not on the ISA.
0
 
LVL 11

Assisted Solution

by:Giladn
Giladn earned 0 total points
ID: 37749021
Thank you,

I did figure out last night how to deal with it, even though I had a single physical nic I added one VMnet nic and re-run the firewall configuration wizard for Edge Firewall (2 nics standard configuration) and this solved my problem, It seems that single nic let you publish web only and  configure the external network, edge firewall let me configure internal network ( I choose the VM nic as internal) and it works!
Thank you for the effort.

Gilad
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 37750055
:)
0
 
LVL 11

Author Closing Comment

by:Giladn
ID: 37764964
intial configuration was wrong, had to add one more nic to make all protocols being published.
0

Featured Post

How Blockchain Is Impacting Every Industry

Blockchain expert Alex Tapscott talks to Acronis VP Frank Jablonski about this revolutionary technology and how it's making inroads into other industries and facets of everyday life.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have been asked to explain on many, many occasions the correct way to setup network cards and DNS settings on ISA Server 2004, 2006 and forefront Threat management gateway (FTMG) and have willing done so. I have also promised my self everytime tha…
Forefront Threat Management Gateway 2010 or FTMG comes with some very neat troubleshooting tools built-in when trying to identify what is actually happening behind the scenes within the product when traffic is passing through its interfaces. To the …
Video by: ITPro.TV
In this episode Don builds upon the troubleshooting techniques by demonstrating how to properly monitor a vSphere deployment to detect problems before they occur. He begins the show using tools found within the vSphere suite as ends the show demonst…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question