I am running ISE Enterprise 2004 FW Client and I'm getting the following error when using a command line FTP:
"ftp: bind :Can't assign requested address"
when attempting to list the directory contents of the server. This occurs whether in active or passive mode.
The problem doesn't exist when using a GUI based FTP Client such as WS-FTP or Windows Commander.
The problem is exactly the same when using the 2004 client against ISA 2000 or 2004 Server. Using the 2000 FW Client works fine with the same 2000 Server.
After a little experimenting I was able to get the FWC 2000 working with the 2004 ISA Enterprise Server. A complete ftp script to get the latest antivirus defs from Symantec is once again possible, although I would much rather prefer to use FWC 2004.
The FWC 2004 Client still has problems with command line FTP directory and list commands. With GUI based FTP clients all commands function properly.
Can someone please do an FTP directory listing (ftp.symantec.com) to verify that there is nothing wrong with DOS oriented sessions.
here is what I get on my ISA 2004 lab (ISA 2004 SE SP1, XP SP2 with FWC2004):
quote:C:\>ftp ftp.symantec.com Connected to ftp.symantec.speedera.net. 220- 220- This system is for the use of authorized users only. Individuals using 220- this computer system without authority, or in excess of authority, are 220- subject to having all of their activities on this system monitored and 220- recorded by system personnel. In the course of monitoring individuals 220- improperly using this system, or in the course of system maintenance, 220- the activities of authorized users may also be monitored. Anyone using 220- this system expressly consents to such monitoring and is advised that 220- if such monitoring reveals possible evidence of criminal activity, system 220- personnel may provide the evidence of such monitoring to law enforcement 220 officials. User (ftp.symantec.speedera.net:(none)): anonymous 331 Password required for USER. Password: 230 User anonymous logged in. ftp> dir 200 PORT command successful. 150 Opening ASCI mode data connection for /. lrwxrwxrwx 1 0 0 9 Feb 8 2005 AVDEFS -> ../AVDEFS drwxrwxrwx 2 10574 99 4096 Aug 17 2003 comwrap drwxrwxrwx 2 10574 99 76 Aug 17 2003 etc drwxrwxrwx 10 10574 99 4096 Jul 19 2004 misc drwxrwxrwx 25 10574 99 4096 Aug 17 2003 public drwxrwxrwx 4 10574 99 62 Aug 17 2003 usr 226 Transfer Complete ftp: 384 bytes received in 0,02Seconds 19,20Kbytes/sec. ftp> literal pasv 227 Entering Passive Mode. (64,15,229,69,24,42) ftp> dir 200 PORT command successful. 150 Opening ASCI mode data connection for /. lrwxrwxrwx 1 0 0 9 Feb 8 2005 AVDEFS -> ../AVDEFS drwxrwxrwx 2 10574 99 4096 Aug 17 2003 comwrap drwxrwxrwx 2 10574 99 76 Aug 17 2003 etc drwxrwxrwx 10 10574 99 4096 Jul 19 2004 misc drwxrwxrwx 25 10574 99 4096 Aug 17 2003 public drwxrwxrwx 4 10574 99 62 Aug 17 2003 usr 226 Transfer Complete ftp: 384 bytes received in 0,02Seconds 19,20Kbytes/sec. ftp> bye 221 Goodbye.
C:\>
BTW --- thanks for the tip! I didn't knew the FTP command line client could do passive mode FTP with the 'literal pasv' command.
Make sure you exclude the external IPs of your ISA servers from the LAT (local address table). I had the same problem and this resolution works. Here's MS solution... http://support.microsoft.com/kb/164395
i have exaclty the same problem as described by sicka02. the thing is that i use isa 2006 with only one NIC card in edge firewall mode. can it be an issue?
ISA server is a full blown firewall by design and should therefore be used as such. So, make sure it has at least 2 NICs and things will start working!
We're also having this problem. We have ISA2006 enterprise as a backend firewall so it's got cards on the internal network, inter array and DMZ. The DMZ nic IP is in the routing table on the ISA server but only with the loop back address so I'm assuming that this is automatically inserted?