Announcement

Collapse
No announcement yet.

Cannot access FTP site with ISA 2004

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Cannot access FTP site with ISA 2004

    Hello all! I could not find an ISA server forum on here, I hope I have posted in the correct spot, sorry if I have not. Here is my issue: I have a server running Microsoft ISA 2004 as well as Websense proxy software. Users cannot access ftp sites from within the office, when I try to access the FTP sites from home I have no problems. There error I get in Internet Explorer is:
    "Windows cannot access this folder. Make sure that you typed the file name correctly and that you have permission to access the folder details: The connection with the server was reset"

    Firefox gives me this error:

    "ISA Server: extended error message :
    200 Type set to IMAGE.
    200 command successful
    550 permission denied"

    From what I can tell I have ISA configured to allow FTP access from the Internal network to External networks. I have removed the read only option from the FTP options in ISA server.

    All client machines are running Windows XP SP2 and IE 6. The ISA server is running Windows Server 2003 Standard Edition and ISA 2004. Any help would be greatly appreciated. Thank you so much!
    Justin
    A+ Net+ MCP

  • #2
    Re: Cannot access FTP site with ISA 2004

    We too are using ISA and Websense - authentication is done via ISA. If our users want to access external FTP sites, they have to install the Microsoft firewall client.


    Tom
    For my own and your protection, I do not provide support by private message under any circumstances. All such messages will be deleted and ignored.

    Anything you say will be misquoted and used against you

    Comment


    • #3
      Re: Cannot access FTP site with ISA 2004

      Thanks for the quick response! I am not too familiar with ISA server. I will try installing the client to see if that fixes the problem.
      Justin
      A+ Net+ MCP

      Comment


      • #4
        Re: Cannot access FTP site with ISA 2004

        Well installing the firewall client did not work. I could not even get the client to connect up to the ISA server. I did notice however that we are able to access the site in one specific VLAN. I did some packet sniffing and found that my machine would send out a SYN packet to the FTP server on port 1379 however it never received the SYN ACK packet. I am guessing that we have inbound port 1379 blocked some where. I have to get with our "head admin" to have him take a look (he does not like anyone but himself touching the firewalls)
        Justin
        A+ Net+ MCP

        Comment


        • #5
          Re: Cannot access FTP site with ISA 2004

          I've just a couple of questions:

          does the syn packet arrived on the ISA server?
          What does the ISA server says in the logging?
          What is you're default Gateway?
          If not ISA, is the Default Gateway on the same segment as the ISA server
          If not ISA what is the default route?
          If not ISA and you use cisco as gateway, do you have enabled ICMP redirects?
          Where does the FTP server stands?
          Can you post a drawing of you're network setup?
          Can you access the FTP server from the ISA server?
          Marcel
          Technical Consultant
          Netherlands
          http://www.phetios.com
          http://blog.nessus.nl

          MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
          "No matter how secure, there is always the human factor."

          "Enjoy life today, tomorrow may never come."
          "If you're going through hell, keep going. ~Winston Churchill"

          Comment


          • #6
            Re: Cannot access FTP site with ISA 2004

            Dumber,
            I am new to ISA server and will have to get back to you on some of this stuff. There is no drawing completed as of right now (That is one of my many projects). FTP sites are accesible from the ISA server and everything else on that VLAN. I am working on tracking down our network admin as he is the only one that is suppose to configure the ISA server.

            Our default gateway is a Cisco 4507R Layer 3 switch. that switch then forwards to a Cisco router then to our ISP. I believe this is the case, I have not been working here two long and am still trying to learn everything on this network.

            default route is:
            Network Destination Netmask Gateway Interface Metric
            0.0.0.0 0.0.0.0 10.232.8.254 10.232.8.20 20

            When I run a real-time query on the ISA server and attempt to connect to the FTP site the connection attempt does not show up in the ISA server logging console.

            I do not know if ICMP redirects are enabled, what command do I issue on router to find that? would it be in the running-config if I issued a show run command?
            Thanks for the help
            Justin
            A+ Net+ MCP

            Comment


            • #7
              Re: Cannot access FTP site with ISA 2004

              This problem has been solved. We restarted the ISA firewall services and it cleared things up. Thanks for the help and troubleshooting tips!
              Justin
              A+ Net+ MCP

              Comment

              Working...
              X