I got an email about this same issue and thought it would be good to reply to the question in the forum as well as the email.
When I tested access to the FTP site at ftp.bir.gov.ph from a Web Proxy client, Netmon showed that the ISA Server issues a PORT, rather than a PASV, command to initiate the data transfer. The Web browser settings that control whether the browser is using PASV or PORT mode have no effect. Because the FTP server apparently supports only PASV mode for data transfers, the data transfer fails.
There are two workarounds that will enable the ISA Server to issue the PASV command on behalf of the Web client.
1) Configure the client computer as an SNAT client. ISA Server will then proxy the client request by using the PASV command. The Web browser settings that control whether to use the PASV or PORT command are not relevant.
2) Configure the client computer as a Web Proxy client, but in the Advanced settings configure an exception for ftp.bir.gov.ph. Even better, in the properties of the Internal network configure an exception for ftp.bir.gov.ph in the Domains tab and ensure that the Web Proxy clients are configured to use the automatic configuration script. Again, as with the previous solution, the Web browser settings that control whether use the PORT or the PASV commands are irrelevant because ISA will proxy the request by using the PASV command.
This behavior on the part of ISA Server 2004 is a little quirky. Some ISA Server 2004 documentation suggests that, by defautl, ISA Server will use PASV mode. However, this does not appear to be always the case. In some cases, ISA Server 2004 issues a PORT command command to change to the ftp directory and perform data transfer. In others, it uses the PASV command. The issue of when ISA Server will use the PORT or the PASV command should probably be looked into a little bit more than I have here to troubleshoot the problem.
BTW, for ISA Server 2000, you need to perform a registry hack to enable ISA Server 2000 to use PASV mode. To do this, navigate to HKLM\CCS\Services\W3Proxy\Paramaters and change the default DWORD value of NONPassiveFTPTransfer to 0. I am unaware of any comparable registry setting in ISA Server 2004 that allows you to toggle the mode between PASV and PORT. Of course, the Web Proxy service does not exist in ISA Server 2004 as it has been subsumed by the Firewall service.
I saw your response about the passive ftp in isa 2004. i try the procedures that you post but it's not working. I'm from the philippines and we need to access and download bir forms. please help. appreciate if you can send reply to my email email@example.com.