Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Can't access FTP site

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 General ] >> ISA 2004 SBS >> Can't access FTP site Page: [1]
Login
Message << Older Topic   Newer Topic >>
Can't access FTP site - 10.Mar.2009 10:45:07 AM   
alanon

 

Posts: 12
Joined: 27.Oct.2008
Status: offline 		We have a client that has an FTP site up and from behind the ISA (SBS 2003) we can not access the site.
Here is what their network admin is telling me:

1. FTP / SSL TLS client. (Windows for the recommended client)
2. Ports 1025 - 1050 open through the firewall (Passive FTP).

They recommend using Core FTP lite, with the following settings:
AUth TLS, SSL Listings, SSL Transfers, and PASV.

I opened ports 1025-1050 on the outbound ftp rule. When I try to connect I get this:

AUTH TLS
234 Proceed with negotiation.
SSL/TLS error - 0, SSL error - 1, error:00000001:lib(0):func(0):reason(1)
SSL Connection not established

I can connect to the site from home, but there are multiple users at the office that need to connect to the site.
Any help would be greatly appreciated.
Post #: 1
RE: Can't access FTP site - 10.Mar.2009 11:01:58 AM   
SteveMoffat

 

Posts: 1104
Joined: 29.Jun.2001
From: Hamilton, Bermuda
Status: offline 		Add port 990 into the mix....

_____________________________

Thanks
Steve

ISA 2006 Book! - http://tinyurl.com/2gpoo8
TMG Bible - http://tinyurl.com/ykv85hr
www.isaserver.bm

The built in ISA help is likely the most comprehensive help built into an application anywhere. USE it!!! Search it!!! RTFM

(in reply to alanon)
Post #: 2
RE: Can't access FTP site - 10.Mar.2009 11:08:24 AM   
alanon

 

Posts: 12
Joined: 27.Oct.2008
Status: offline 		Thanks for the response.

I added that port and I get the same error.
I used Wireshark to look at the packets. Here's what I see when it can't connect:

reponse: 500 oops
response: 421 timeout

Thanks.

(in reply to SteveMoffat)
Post #: 3
RE: Can't access FTP site - 16.Mar.2009 9:27:48 PM   
SteveMoffat

 

Posts: 1104
Joined: 29.Jun.2001
From: Hamilton, Bermuda
Status: offline 		Is the FW client installed on that workstation?

_____________________________

Thanks
Steve

ISA 2006 Book! - http://tinyurl.com/2gpoo8
TMG Bible - http://tinyurl.com/ykv85hr
www.isaserver.bm

The built in ISA help is likely the most comprehensive help built into an application anywhere. USE it!!! Search it!!! RTFM

(in reply to alanon)
Post #: 4
RE: Can't access FTP site - 16.Mar.2009 9:42:07 PM   
alanon

 

Posts: 12
Joined: 27.Oct.2008
Status: offline 		Yes, I tried it from the server as well. Same problem on both.

(in reply to SteveMoffat)
Post #: 5
RE: Can't access FTP site - 17.Mar.2009 8:40:53 AM   
SteveMoffat

 

Posts: 1104
Joined: 29.Jun.2001
From: Hamilton, Bermuda
Status: offline 		Have you tried another ftp client without modifying any of the settings?

FTPS uses port 990 instead of 21 so you would use that port in the connection details. ie - ftp.site.com:990

_____________________________

Thanks
Steve

ISA 2006 Book! - http://tinyurl.com/2gpoo8
TMG Bible - http://tinyurl.com/ykv85hr
www.isaserver.bm

The built in ISA help is likely the most comprehensive help built into an application anywhere. USE it!!! Search it!!! RTFM

(in reply to alanon)
Post #: 6
RE: Can't access FTP site - 18.Mar.2009 10:15:55 AM   
alanon

 

Posts: 12
Joined: 27.Oct.2008
Status: offline 		Thanks, I just tried that as well and the connection timed out.

They also recommended using firefox with the ftp add on called FireFTP. I just tried that and got the same results.

Thanks

(in reply to SteveMoffat)
Post #: 7
RE: Can't access FTP site - 18.Mar.2009 11:24:28 AM   
SteveMoffat

 

Posts: 1104
Joined: 29.Jun.2001
From: Hamilton, Bermuda
Status: offline 		Weird....I have some of my clients backing up to a secure FTPS repository behind ISA 2006. The clients use ISA 2006 also. So I know it works...:)

You have an access rule with 990 as the main protocol (outgoing) and secondary connections on the same access rule for the dynamic ports? 

_____________________________

Thanks
Steve

ISA 2006 Book! - http://tinyurl.com/2gpoo8
TMG Bible - http://tinyurl.com/ykv85hr
www.isaserver.bm

The built in ISA help is likely the most comprehensive help built into an application anywhere. USE it!!! Search it!!! RTFM

(in reply to alanon)
Post #: 8
RE: Can't access FTP site - 18.Mar.2009 11:29:34 AM   
alanon

 

Posts: 12
Joined: 27.Oct.2008
Status: offline 		Maybe my config is wrong. I have edited the existing FTP access rule, for outbound connections, with ports 990, 1025-1050 (all outgoing) added on.

This is on ISA 2004, not sure if that makes a difference.

(in reply to SteveMoffat)
Post #: 9
RE: Can't access FTP site - 18.Mar.2009 11:31:52 AM   
SteveMoffat

 

Posts: 1104
Joined: 29.Jun.2001
From: Hamilton, Bermuda
Status: offline 		ahh...delete that & create new...

_____________________________

Thanks
Steve

ISA 2006 Book! - http://tinyurl.com/2gpoo8
TMG Bible - http://tinyurl.com/ykv85hr
www.isaserver.bm

The built in ISA help is likely the most comprehensive help built into an application anywhere. USE it!!! Search it!!! RTFM

(in reply to alanon)
Post #: 10
RE: Can't access FTP site - 18.Mar.2009 12:16:16 PM   
alanon

 

Posts: 12
Joined: 27.Oct.2008
Status: offline 		I made a custom rule with port 990 as the main and 1025-1050 as secondary. Allowed from Internal to External for all users.

When I try to connect and look at the logs I see the connection to the FTP site is getting denied by the SBS Internet Access Rule, which is about 20 rules below this new one.

(in reply to SteveMoffat)
Post #: 11
RE: Can't access FTP site - 18.Mar.2009 12:28:14 PM   
SteveMoffat

 

Posts: 1104
Joined: 29.Jun.2001
From: Hamilton, Bermuda
Status: offline 		Here's the rule on a client box...Note I have 21 as the primary...it's been a while since I set it up. Sorry.

http://www.isaserver.bm/ftps.jpg

_____________________________

Thanks
Steve

ISA 2006 Book! - http://tinyurl.com/2gpoo8
TMG Bible - http://tinyurl.com/ykv85hr
www.isaserver.bm

The built in ISA help is likely the most comprehensive help built into an application anywhere. USE it!!! Search it!!! RTFM

(in reply to alanon)
Post #: 12

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 General ] >> ISA 2004 SBS >> Can't access FTP site Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts


Follow TechGenix on Twitter