Apologies, I got my wording wrong, I have two rules created, one an Access rule which I use for outbound ftp access (this was purely to test to see if I could run an FTP client within the virtual network to an external source), and I have a publishing rule for the ftp server located within the virtual network. Hope that clears up what I have configured. Unfortunately I still haven't managed to figure out why it won't allow me to download from the virtual network (from the physical side), yet it allows me to upload ok.. (I've double checked the 'read only' ftp option, and that is not checked, though it shouldn't affect what I'm trying to do anyways) Cheers Surago -----Original Message----- From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] Sent: Tuesday, 11 October 2005 02:48 To: [ISAserver.org Discussion List] Subject: [isalist] RE: FTP Access problem from internal host to development net behind ISA 2004 http://www.ISAserver.org If you do have the default installation, you can't use access rules to allow inbound access. You *must* use publishing rules. -----Original Message----- From: Surago Jones [mailto:surago@xxxxxxxxxxxx] Sent: Sunday, October 09, 2005 11:28 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: FTP Access problem from internal host to development net behind ISA 2004 http://www.ISAserver.org In regards to not seeing anything in the ISA monitor that is denied, I meant in regards to the FTP access, as with only the 2 Access rules, there are a heap of denied messages, but they appear to be related to Windows networking. ________________________________ From: Surago Jones [mailto:surago@xxxxxxxxxxxx] Sent: Monday, 10 October 2005 19:25 To: [ISAserver.org Discussion List] Subject: [isalist] FTP Access problem from internal host to development net behind ISA 2004 http://www.ISAserver.org HI All, I have a problem with FTP access, I have configured a virtual network with VMWare, with an ISA2004 server used to firewall the virtual network, however I am unable to download from a FTP server on the virtual network (behind the ISA server), yet I can upload ok. Here is what I have.. PC1 (Physical Machine) IP: 192.168.1.65 Mask: 255.255.255.0 GW: 192.168.1.2 PC2 (Virtual Machine, Win2k3, ISA2k4) Nic1 IP: 192.168.1.20 External Nic Connected to physical lan Mask: 255.255.255.0 GW: 192.168.1.2 Nic2 IP: 192.168.10.2 Internal Nic Connected to virtual lan Mask: 255.255.255.0 GW: <blank> PC3 (Virtual Machine, Win2k3, holds ftp server) IP: 192.168.10.1 Mask: 255.255.255.0 GW: 192.168.10.2 On PC2 I have setup ISA2004 with a default installation, and it is configured as an edge firewall. I have configured 2 access rules, one of which publishes the ftp service on PC3, and a second one that allows for FTP client access from PC3 to PC1 (This second rule was purely for testing, I don't need it for the FTP Service.) PC1 will connect to PC3 via FTP with no problems, I can get the directory lists, am able to upload files, however I am not able to download files. (It basically just times out). Also... PC3 is able to connect to PC1 via FTP with no problems, I can download files from PC1, however I can't upload files to PC1, which is interesting as it appears the network access is the same direction as the transfers that worked in the previous example. I have checked in the ISA monitor, and I don't see anything that appears to be denied. On a side note, if I open up complete access I am able to use Windows networking for transferring files across windows shares without any problems, but still am unable to get FTP to work correctly. Any suggestions or ideas would be appreciated, as previously I had an ISA2000 server in place of the ISA2004 server and it worked without any problems for the network setup. Cheers. Surago. ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: surago@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx All mail to and from this domain is GFI-scanned. ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: surago@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx