FTP through ISA server then through ASA to the internet
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-30-2006 07:11 AM - edited 02-21-2020 01:16 AM
I'm having problems to configure a host in the internal network to access FTP servers outside the company, the topology is the following
[]--------------> []---------->[]-------->[]
Internal - ISA - ASA - FTP
I have configured the ISA as default gateway for the host, and trying to access with no Proxy setings, but after the authentication on the FTP server the connection is dropped.
I have configured the ISA to NAT and route the packts from this host, but still not working...
Any idea?
- Labels:
-
Other Network Security Topics
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-30-2006 08:10 AM
Disable FTP inspection and try again. When the connection is dropped what is the error message?
Another advice to segement the problem is to put a machine between the ISA and the ASA (Behind the ASA directly) and try to FTP and see if it works. If yes then your porblem is on the ISA if not we have to keep troubleshooting on the ASA side.
Let me know if this helps,
(please rate if I was helpful)
Regards,
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-30-2006 08:30 AM
Hi,
also make sure the client is using passive FTP, because otherwise you need port forwarding or FTP inspection by both the ASA and the ISA server. If passive FTP is used (can be configured through Internet Explorer in a MS host) basic internet access with NAT should be sufficient. Is it possible from the client to ping the FTP server or any other host in the internet for that matter?
If not, the problem is not directly FTP related but rather a NAT problem - assuming a private IP on the client.
Regards, Martin
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-10-2006 11:17 AM
Thank you for the reply. The problem was in the Microsoft ISA configuration, I have to configure "MS client firewall" in the host to allow it to access no HTTP traffic outside the ISA, and configure the ISA to allow it too.
regards.
