Welcome to ISAserver.org

Problem Accessing FTP Sites

Users viewing this topic: none

Logged in as: Guest

Printable Version

All Forums >> [ISA Server 2000 Firewall] >> General >> Problem Accessing FTP Sites

Page: [1]

Message

<< Older Topic Newer Topic >>

Problem Accessing FTP Sites - 21.Jan.2008 7:55:13 AM

tanvir

Posts: 42
Joined: 5.Mar.2003
Status: offline

Hi All,

I have ISA 2000 SE on Win 2003 (w/ SP2 and Windows 2003 patch) deployed in following scenario.

Internet ---> (Public IP) Cisco ASA 5510 (192.168.3.1) ---> (192.168.3.2) ISA 2000 (192.168.2.208) ---> Internal Network

My question is, when i stop isa related services, ftp sites were access on isa pc itself, but not when isa services are started. (This means FTP access is allowed on ASA 5510).

I check my rules on isa and found nothing. Anyone have any idea what happened ?

Thanks,

Tanvir

Post #: 1

Featured Links*

RE: Problem Accessing FTP Sites - 21.Jan.2008 8:15:10 PM

AHIT

Posts: 1559
Joined: 22.Jul.2002
From: Sydney, Australia
Status: offline

sorry, is your problem accessing external FTP sites from the ISA server itself, or on internal clients BEHIND ISA?
The 2 can and will behave very differently as the ISA server itself requires IP packet filters to allow the inbound/outbound access whereas the internal clients will use protocol and/or web-proxy rules to allow/deny access.

and is this within a browser (web-proxy clients) or 'command line/application' type access so either SecureNAT or firewall client?
Again, different rules for different types of access. If its web-proxy then the web proxy logs will always log what was denied and what rule did it so easy to check.

_____________________________

http://www.ahit.com.au/isa
(Previous nick: Tolk)

(in reply to tanvir)

Post #: 2

RE: Problem Accessing FTP Sites - 22.Jan.2008 2:38:31 AM

tanvir

Posts: 42
Joined: 5.Mar.2003
Status: offline

Hi AHIT, thanks for reply. Actually I want to access external public FTP sites behind ISA and then ASA. These sites are accessed on ISA machine when ISA services are off, means ASA is clear.

My ISA clients are SecureNAT clients, and here are the web proxy logs of client pc and isa machine (both have no FTP access when ISA services are running).

ISA Machine Log:
192.168.1.208 anonymous Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.2; .NET CLR 1.1.4322; .NET CLR 2.0.50727) 2008-01-22 04:21:40 DC2 - ftp.software.ibm.com - 21 - - 825 ftp GET ftp://ftp.software.ibm.com/ - 407

Client PC Log:
192.168.1.237 domain\user Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; IEMB3; IEMB3) 2008-01-22 05:41:41 DC2 - ftp.software.ibm.com 207.25.253.40 21 147594 202 - ftp GET ftp://ftp.software.ibm.com/ Inet 10054

AHIT, hope you got enough information to solve this issue, waiting for reply.

Tanvir

(in reply to AHIT)

Post #: 3

RE: Problem Accessing FTP Sites - 30.Jan.2008 4:25:53 AM

tanvir

Posts: 42
Joined: 5.Mar.2003
Status: offline

Please check Firewall Client Section for my new post...

< Message edited by tanvir -- 30.Jan.2008 11:13:45 PM >

(in reply to tanvir)

Post #: 4

RE: Problem Accessing FTP Sites - 15.Feb.2008 2:07:08 AM

AHIT

Posts: 1559
Joined: 22.Jul.2002
From: Sydney, Australia
Status: offline

For others who may come across this thread in future and try to continue to follow the bread crumbs......
http://forums.isaserver.org/Could_not_Access_External_FTP_Sites_Behind_ISA/m_2002061456/tm.htm

_____________________________

http://www.ahit.com.au/isa
(Previous nick: Tolk)

(in reply to tanvir)

Post #: 5