Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
FTP access issue with ISA 2004 proxy
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
FTP access issue with ISA 2004 proxy - 22.Feb.2007 7:18:08 AM
|
|
|
lavionline
Posts: 3
Joined: 10.Oct.2006
Status: offline
|
Hello ,
We are dealing with a typical problem at our end with FTP website access through ISA 2004 server. here are the details:-
We have an ISA 2004 server installed on a win2k3/SP1 server with single NIC. Single NIC template applied on it and it is running with SP2 with patch 916106. the LAT is configured properly by using the "ADD ADAPTER" option so that it automatically selects the LAT using the routing table of the NIC card. we have XP machines configured as proxy clients manually in their IE settings. All the HTTP/HTTPS websites are accessible fine without any issues.
However, when it comes to FTP access, we do have a problem. When we try to open ftp.microsoft.com from command prompt(which uses active mode), it works fine. We can login anonymously and LS command also shows the files. when we try to access the same website through IE, it gives the following error:-
Error Code: 502 Proxy Error. The File Transfer Protocol (FTP) session was terminated. The connection was closed because of either a possible attempted security violation or a time out on the remote server. Reconnect to the server or check for server availability. No further action is required. (12111)
Then we go ahead and uncheck the option "Use folder view" in IE advanced options and thus force it to use active mode rather than passive mode but with same error as result.
In ISA logging, we see that client tried to use the rule and is denied connection. We are not using any surf control or websesnse or any other 3rd party product. If we bypass ISA, it works.
the rule we are using allows clients from "Internal network" to "Internal network" for all protocols, for all users.
We would really appreciate if anyone throws some more light in it or if someone has some fix for it.
Thank you.
|
|
|
|
FTP access issue with ISA 2004 proxy - 23.Feb.2007 6:27:49 AM
|
|
|
lavionline
Posts: 3
Joined: 10.Oct.2006
Status: offline
|
I would really appreciate if anyone gives a clue about it.
BTW, network trace shows ISA throws 407: authentication required in response to client's reqest for FTP website. it happens twice and then ISA throws error : Error Code: 502 Proxy Error. The File Transfer Protocol (FTP) session was terminated. The connection was closed because of either a possible attempted security violation or a time out on the remote server. Reconnect to the server or check for server availability. No further action is required. (12111)
on internal network, "Ask all users to authenticate " option is checked.
to me it looks like an authentication issue.
I would welcome if anyone has any thoughts to share.
|
|
|
|
|
RE: FTP access issue with ISA 2006 proxy - 20.Apr.2007 4:50:34 AM
|
|
|
abdulaziz
Posts: 21
Joined: 15.Mar.2007
Status: offline
|
Hi everyone,
I am facing critical problem with downloading some ftp sites such as:
http://download.fedora.redhat.com/pub/fedora/linux/core/6/x86_64/iso/
My ISA Server version is 2006, SP1 Enterprise Edition
I am using Proxy for browsing setting. Attempts tried to solve this problem including from IE - Enable Folder view for FTP sites.
ISA Server firewall policy defined to allow FTP from Internal to External with NO luck.
Please i need your support guys.
Thanks,
Abdulaziz
|
|
|
|
|
RE: Microsoft ISA Server 2006 doesn't work with FTP sites - 21.Apr.2007 5:05:55 PM
|
|
|
abdulaziz
Posts: 21
Joined: 15.Mar.2007
Status: offline
|
Dear all,
I finally conclude that with Proxy firewall ISA Server 2006 not possible to get through with FTP downloads or upload.
With all suggestions you have provided FTP is not working to my Internal Network.
I have been playing with registry changing like experts here you have suggested but still no luck.
My error is still persis " ISA Server Extended Error" this means ISA Server doesnt know to resolve the FTP protocols while all have been defined from Internal to External.
FTP is a big problem especially with Proxy Firewall.
Thanks,
Abdulaziz
|
|
|
|
|
RE: Microsoft ISA Server 2006 doesn't work with FTP sites - 22.Apr.2007 1:36:11 PM
|
|
|
spouseele
Posts: 12782
Joined: 1.Jun.2001
From: Belgium
Status: offline
|
Hi Abdulaziz,
quote:
I finally conclude that with Proxy firewall ISA Server 2006 not possible to get through with FTP downloads or upload.
That's definitely a wrong conclusion! ISA server does support fully the FTP protocol.
I strongly suggest you re-read the posted links. Also, if you want us to help further, you'll have to give us *exact* information about your specific network and ISA configuration.
HTH,
Stefaan
|
|
|
|
|
RE: Microsoft ISA Server 2006 doesn't work with FTP sites - 22.Apr.2007 3:54:56 PM
|
|
|
abdulaziz
Posts: 21
Joined: 15.Mar.2007
Status: offline
|
hi,
My network is very simple. I have two NIC inside ISA Server 2006, with one pointing to Outside with Public IP Address provided by ISP.
The other card pointing to Internal Network where all my machine stay behind it.
ISA Server Management configured to allow FTP protocol from External to Internal and From Internal to Local host and External as well.
DNS protocols has been allowed as well together with HTTP, HTTPS, SMTP, POP3.
Behind ISA Server I can browse fine but not ftp any sites. It gives me ISA Server Extended error. Permission etc.
My browser is using Proxy which is an IP Address of ISA Internal IP Address.
I thought by just allowing FTP protocol is enough to allow me performing FTP downloading but not the case.
I have done all possibility including changing DWORD from registry, Enable Folder view FTP sites no luck yet.
Funny enough even inside ISA Server trying accessing ftp sites not allowing.
What else can be done!!!
|
|
|
|
|
RE: Microsoft ISA Server 2006 doesn't work with FTP sites - 22.Apr.2007 4:24:11 PM
|
|
|
spouseele
Posts: 12782
Joined: 1.Jun.2001
From: Belgium
Status: offline
|
Hi Abdulaziz,
could you post some *exact* info about your specific configuration (ipconfig /all, route print)? Also, what network definitions and network rules do you have in place?
Did you ever try an FTP session from a command prompt with he standard Microsoft FTP command line client?
Thanks,
Stefaan
|
|
|
|
|
RE: Microsoft ISA Server 2006 doesn't work with FTP sites - 23.Apr.2007 3:20:34 AM
|
|
|
abdulaziz
Posts: 21
Joined: 15.Mar.2007
Status: offline
|
hi,
Network Rules:
Localhost Access - Route
Internet Access - NAT
VPN - Route
ftp from command line is working fine.
External NIC -
IP = 213.128.126.18
Subnet Mask = 255.255.255.248
Gateway = 213.128.126.17
DNS Server 82.206.47.2
Internal NIC
IP = 192.168.10.1
Subnet Mask = 255.255.255.0
No gateway
No DNS
route print captured couldn't posted because i dont how to add attachment over here. But it looks very ok
Anything else
|
|
|
|
|
RE: Microsoft ISA Server 2006 doesn't work with FTP sites - 24.Apr.2007 2:08:19 AM
|
|
|
abdulaziz
Posts: 21
Joined: 15.Mar.2007
Status: offline
|
Hi stefaan,
I am glad now to say problem solved. Thank you very much for your untired effort in supporting me.
What i did was to add a rule that allowing FTP Server protocol. Earlier the firewall policy was allowing only FTP Protocol.
After doing that, FTP is working fine.
Abdulaziz
|
|
|
|
|
RE: Microsoft ISA Server 2006 doesn't work with FTP sites - 24.Apr.2007 2:24:57 PM
|
|
|
spouseele
Posts: 12782
Joined: 1.Jun.2001
From: Belgium
Status: offline
|
Hi Abdulaziz,
that make no sense! The FTP Server protocol is for inbound access; in other words when you server publish an internal FTP server!
HTH,
Stefaan
|
|
|
|
|
RE: Microsoft ISA Server 2006 doesn't work with FTP sites - 25.Apr.2007 2:12:44 AM
|
|
|
abdulaziz
Posts: 21
Joined: 15.Mar.2007
Status: offline
|
True,
The problem resume again I can't open ftp sites. For unknown reason last time after adding FTP Server Protocol it works right now stop.
One thing I have notice, may be could be the problem. ISA Server that I have in my network is not connected with DNS Server.
In fact I dont have DNS Server. I have been provided by ISP the IP Address, Subnet Mask and Default Gateway.
It seems the problem is DNS because when I am trying to ping www.google.com
its not resolving - I was expecting ISA to resolve the DNS from External NIC which has public IP's and DNS IP provided by ISP.
Is it possible for ISA Server to resolve DNS from ISP DNS IP Address??
My ISA Server has two NIC : One connected External - pointing to ISP settings
One connected to Internal behind my Network.
With this Architecture do you think ISA Server can resolve Internal Network DNS queries??
If possible how because i have allowed DNS protocols from Internal - to - External and opposite way. But with NO success.
Help me please
|
|
|
|
|
RE: Microsoft ISA Server 2006 doesn't work with FTP sites - 25.Apr.2007 4:45:36 PM
|
|
|
spouseele
Posts: 12782
Joined: 1.Jun.2001
From: Belgium
Status: offline
|
Hi Abdulaziz,
quote:
Is it possible for ISA Server to resolve DNS from ISP DNS IP Address? Yes, this should work and is controlled by a system policy rule.
quote:
With this Architecture do you think ISA Server can resolve Internal Network DNS queries? Yes, this should work also, assuming the internal clients has the ISP DNS server configured on their NIC, and they are configured as a SecureNAT client, and there is a rule allowing the DNS protocol from Internal to External (or the ISP DNS server) forall users.
HTH,
Stefaan
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
