I want be able to externally access an FTP server that is located on a network at my friends company. It is so easy in theory but not working for me.
The server is running SBS 2003 with the original ISA (2000 I think) - I am aware this is quite outdated but upgrade is not an option right now!
So in theory the FTP request will come hit the ISA and be passed through to another internal server running FTP off IIS (A new W2K3 server)
The server has the common setup of 2 network cards, one for the external facing internet and one for internal network. The FTP site works fine internally both on the machine and from other machines.
I can access the ISA server itself remotely via a url mail.xxxx.xxxx and also get to the server on its IP ... 203.x.x.x etc - can log in and can do admin stuff etc etc
I must be doing something wrong with the config of inbound FTP on the ISA.
A 'shields up' test says the port is there, closed and not accepting connections.
I have tried a 'Server publishing rule' with no luck. I aren't even sure if this is set up right. I have the IP address of the internal as the IP of the FTP server and the external address using its external IP .. The mapped server protocol is "FTP server protocol"
The IP packet filters for FTP are all enabled.
Alot of the documentation I read on the web is slightly different to what I see in the ISA admin so it hard to gauge if I am covering it all.
From: Taylorville, IL
When you configure something and it doesn't work you have to put everything back the way it was beofre you started or you will have a really big mess.
If the FTP site is on the LAN behind the ISA and the user accessing the site is on the outside of the ISA then you have to use a Server Publishing Rule. That is the way,...there is no other way,...anything else is just going to be wrong.
If the FTP Server is on the outside of the ISA and the user in on the LAN behind the ISA then it requires a Protocol Rule for the FTP Protocol and it will require a Site and Content Rule for the Source, Destination, and User. IF authentication is required then the FWC Software must be installed on the users machine. If authentication is not required then the user's machine can operate as a SecureNAT Client.
I don't have an ISA2000 to look at,...haven't for a long time,...but there is probably two FTP Protocols. One is the inbound Protocol used for Publishing Rules,...then there is the outbound Protocol for user outbound access.