• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

passive ftp

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 Firewall] >> Access Policies >> passive ftp Page: [1]
Login
Message << Older Topic   Newer Topic >>
passive ftp - 15.Dec.2005 5:00:37 AM   
millcadz

 

Posts: 9
Joined: 15.Dec.2005
Status: offline
I cannot connect to ftp server that uses passive mode, here is the error 

message: 

ISA Server: extended error message : 

200 Switching to Binary mode. 

200 PORT command successful. Consider using PASV. 

425 Failed to establish connection. 


anybody encounter this prob and was able to solve, i need your help.

thank you

best regards

mr. mills
Post #: 1
RE: passive ftp - 15.Dec.2005 6:51:31 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Mill,

What site?

Thanks!
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to millcadz)
Post #: 2
RE: passive ftp - 15.Dec.2005 7:38:24 AM   
millcadz

 

Posts: 9
Joined: 15.Dec.2005
Status: offline
hello tom;

the site is http://www.bir.gov.ph/birforms/form_pay.htm#1604CF

hyperlinked to ftp://ftp.bir.gov.ph/webadmin1.....

thank you for your reply tom;

i appreciate it so much.

regards


(in reply to tshinder)
Post #: 3
RE: passive ftp - 17.Dec.2005 5:55:42 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Mill,

OK, got it.

Let me see if I can find out how to fix this.

Thanks!
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to millcadz)
Post #: 4
RE: passive ftp - 6.Jan.2006 11:26:32 PM   
marting

 

Posts: 2
Joined: 17.Dec.2003
Status: offline
Hi all,

I got an email about this same issue and thought it would be good to reply to the question in the forum as well as the email.

When I tested access to the FTP site at ftp.bir.gov.ph from a Web Proxy client, Netmon showed that the ISA Server issues a PORT, rather than a PASV, command to initiate the data transfer. The Web browser settings that control whether the browser is using PASV or PORT mode have no effect. Because the FTP server apparently supports only PASV mode for data transfers, the data transfer fails.

There are two workarounds that will enable the ISA Server to issue the PASV command on behalf of the Web client.

1) Configure the client computer as an SNAT client. ISA Server will then proxy the client request by using the PASV command. The Web browser settings that control whether to use the PASV or PORT command are not relevant.

2) Configure the client computer as a Web Proxy client, but in the Advanced settings configure an exception for ftp.bir.gov.ph. Even better, in the properties of the Internal network configure an exception for ftp.bir.gov.ph in the Domains tab and ensure that the Web Proxy clients are configured to use the automatic configuration script.  Again, as with the previous solution, the Web browser settings that control whether use the PORT or the PASV commands are irrelevant because ISA will proxy the request by using the PASV command.

This behavior on the part of ISA Server 2004 is a little quirky. Some ISA Server 2004 documentation suggests that, by defautl, ISA Server will use PASV mode. However, this does not appear to be always the case. In some cases, ISA Server 2004 issues a PORT command command to change to the ftp directory and perform data transfer. In others, it uses the PASV command. The issue of when ISA Server will use the PORT or the PASV command should probably be looked into a little bit more than I have here to troubleshoot the problem.

BTW, for ISA Server 2000, you need to perform a registry hack to enable ISA Server 2000 to use PASV mode. To do this, navigate to HKLM\CCS\Services\W3Proxy\Paramaters and change the default DWORD value of NONPassiveFTPTransfer to 0.  I am unaware of any comparable registry setting in ISA Server 2004 that allows you to toggle the mode between PASV and PORT. Of course, the Web Proxy service does not exist in ISA Server 2004 as it has been subsumed by the Firewall service.

HTH,

Martin

(in reply to tshinder)
Post #: 5
RE: passive ftp - 7.Jan.2006 3:42:57 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Martin,

Thanks!!!

Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to marting)
Post #: 6
RE: passive ftp - 12.Apr.2007 6:56:54 AM   
nyokie

 

Posts: 17
Joined: 22.Mar.2005
From: Philippines
Status: offline
Hi Marting,

I saw your response about the passive ftp in isa 2004. i try the procedures that you post but it's not working. I'm from the philippines and we need to access and download bir forms. please help. appreciate if you can send reply to my email ricky_pc2119@yahoo.com.

Thanks,
Ricky

(in reply to tshinder)
Post #: 7
RE: passive ftp - 15.May2008 5:48:14 AM   
mmbalmes

 

Posts: 1
Joined: 15.May2008
Status: offline
Hi to all,

I also from the philippines, i have encountered this error....and found a soulution from Microsoft technet....please refer to this link

http://support.microsoft.com/Default.aspx?kbid=300641


Thank You,
Marlon

(in reply to nyokie)
Post #: 8
RE: passive ftp - 15.May2008 6:32:30 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Marlon,

Thanks!
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to mmbalmes)
Post #: 9

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 Firewall] >> Access Policies >> passive ftp Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts