can any please help me figure out FTP connection? I have configured client to use webproxy. I only have 3 access policy? default access policy DNS lookup policy ( allows everyone) INternet access policy ( allows ftp,http,https..protocol to allusers) when user tries to connect ftp it does not work... do I have to configure on ISA server, Am I doing something wrong here>
This is the log error I get on ISA server when I try to connect to FTP using FTP client on FTP client cant connect to FTP host unreachable. ON ISA SERVER unidentified IP traffic action denied rule enterprise default rule
The rules you have defined should allow you to connect via ftp. Can anyone connect to anyftp site? I don't mean to sound flippant, but are you sure that the ftp site you are trying to connect to is available? From what your ftp client reports, it appears to be the case. Can you connect to the site below?
is the client configured as a SecureNAT client? If that's case, can the client resolve the FQDN of the external FTP server? If that works too, try the standard Microsoft FTP command line client to connect to an external FTP server. What's the result and what is the ISA log telling you?
is the client configured as a SecureNAT client? CLIENT IS CONFIGURED AS WEBPROXY BUT WHEN IT'S CONFIUGRED AS SECURE NAT IT WORKS
If that's case, can the client resolve the FQDN of the external FTP server?
If that works too, try the standard Microsoft FTP command line client to connect to an external FTP server. What's the result and what is the ISA log telling you? I TRIED FTP.MICROSOFT.COM AND IT GAVE ME AN ERROR (UNKNOWN ERROR NUMBER)
you'll have to learn to be more precise in your answers...
On one hand you said that 'WHEN IT'S CONFIUGRED AS SECURE NAT IT WORKS' and on the other hand you said 'I TRIED FTP.MICROSOFT.COM AND IT GAVE ME AN ERROR (UNKNOWN ERROR NUMBER)'.
Now, the standard Microsoft FTP command line client can only send requests as SecureNAT or Firewall client, not as Web Proxy client. So, let me rephrase the question: can you access ftp.microsoft.com with the Microsoft FTP command line client? If not, what is the client and the ISA log telling you. Please post the relevant ISA log entries.
When I configure client as SecureNAT FTP works using browser and FTp client.
When I configure client as WEBPROXY FTP works using browser BUT FTp does not work using ftp client. I tried this with client configured as webproxy ftp> open To ftp.microsoft.com > ftp: connect :Unknown error number To ftp.microsoft.com > ftp: connect :Unknown error number ftp>
I isa server I dont see any logs when I run above commands.
This is what I tried with SecNat client. C:\Documents and Settings\bpatel>ftp ftp> open To ftp.microsoft.com Connected to ftp.microsoft.com. 220 Microsoft FTP Service User (ftp.microsoft.com:(none)): anonymous 331 Anonymous access allowed, send identity (e-mail name) as password. Password: 230-Welcome to ftp.microsoft.com. Please also visit http://www.micros wnloads. 230 Anonymous user logged in. ftp> dir 200 PORT command successful. 150 Opening ASCII mode data connection for /bin/ls. dr-xr-xr-x 1 owner group 0 Nov 25 2002 bussys dr-xr-xr-x 1 owner group 0 May 21 2001 deskapps dr-xr-xr-x 1 owner group 0 Apr 20 2001 developr dr-xr-xr-x 1 owner group 0 Nov 18 2002 KBHelp dr-xr-xr-x 1 owner group 0 Jul 2 2002 MISC dr-xr-xr-x 1 owner group 0 Dec 16 2002 MISC1 dr-xr-xr-x 1 owner group 0 Feb 25 2000 peropsys dr-xr-xr-x 1 owner group 0 Jan 2 2001 Products dr-xr-xr-x 1 owner group 0 Apr 4 2003 PSS dr-xr-xr-x 1 owner group 0 Sep 21 2000 ResKit dr-xr-xr-x 1 owner group 0 Feb 25 2000 Services dr-xr-xr-x 1 owner group 0 Feb 25 2000 Softlib 226 Transfer complete. ftp: 809 bytes received in 0.00Seconds 809000.00Kbytes/sec. ftp>
So what about WebProxy? I just want to know why I cannot connect to FTP server using FTP client when configured as WP client. What are the other optioin to make this work? Dont want to configure client as use SecNat as windows groups authentication is not supported.
I suggest you re-read my article again! As explained in there, IE can act as a Web Proxy, a Firewall or a SecureNat client for FTP access. Everything depends on how IE is configured, particular the setting Enable folder view for FTP sites is very important. However, the Microsoft commandline FTP client can only act as a Firewall or SecureNAT client.
Also, take note that a Web Proxy client can only do FTP downloads by design. Therefore, if you need full FTP support then the clients must be Firewall and/or SecureNAT clients. To better understand how the different ISA clients interact with each other and the ISA server, check out my article http://www.isaserver.org/articles/IPSec_Passthrough.html section 4. Configuring ISA Clients. Maybe I should put that information in a separate article because it is so fundamental to really understand how things really work.
Another important thing to keep always in mind is that only Web Proxy and Firewall clients can authenticate against the ISA server. Therefore, if you want to use user authentication with full FTP support then the clients must be Firewall clients and you should not use IE as FTP client.
< Message edited by spouseele -- 25.Nov.2005 6:12:35 PM >
From: fort frances.on.ca
What part of Stefaan's and my answer do you not understand?
Command line FTP does not use WP, plain and simple.
Now, it is very clear by your example that you use commandline FTP and it is also clear by your response that you want the Microsoft commandline FTP to behave differently than what Microsoft intended.
As I already said, the commandline FTP does NOT use web proxy. You need to accept that and move on.
Web Proxy is an application layer proxy and while there are applications such as IE that support it, the OS at the commandline does not. The Firewall client, being a winsock replacement will support commandline FTP.
Stefaan wrote a good atricle that explains the three client types and how they work within the network OSI model. You only need to accept that the commandline FTP does not support WP. If you want that changed, you will have to ask Microsoft to change it but I'm pretty sure they cannot and will not.
< Message edited by LLigetfa -- 25.Nov.2005 6:51:45 PM >
The School of Hard Knocks is a mean teacher. She gives the exam before the lesson.