Outbound FTP Connections failing at ISA Server 2004
- From: "Mark Davies" <mdavies@xxxxxxxxxxxxxxxx>
- To: isalist@xxxxxxxxxxxxx
- Date: Sun, 27 Feb 2005 22:57:54 -0700
I have a problem with outbound ftp connections appearing to fail at the
firewall.
I have an ISA Server 2004 Firewall running on Win2003. The cleints are
set-up as Secure Nat clients and they are running WinXP SP2.
There is a firewall rule configured for the clients to connect to the
external network using ftp. The Read only configuration is unchecked.
When I try to connect using command line ftp from a client:
C:\>ftp [fqdn]
Connected to [fqdn]
Then after a while it returns
Connection closed by remote host.
The sites concerned require authentication so I was expecting a response
requesting a username and password.
Running netstat on the same client at the same time shows:
TCP [Client Name]:2186 [FTP Server].[ISP].co.nz:ftp
ETABLISHED
So it appears to me the connection is being made, but it times out.
However when I enable logging of that client on the ISA Server:
Destination IP|Destination Port|Protocol|Action|Client IP|Client
Username|Source Network|Destination Network
203.96.16.8|0|Unidentified IP Traffic|Failed Connection Attempt|
192.168.1.2|SYSTEM (?)|Internal|External
The interesting elements from my perspective are that the Firewall is
immediately showing a failed connection attempt for "Unidentified IP
Traffic" - and no destination port, it appears the traffic is not being
identified as FTP traffic and this is causing the connection to fail. From
the client perspective it thinks it is opening an FTP connection and it is
using port 21 on the destination address.
I've tried enabling an All Outbound rule - but the issue still occurs, I
have also enabled and disabled the FTP Access Filter and checked that All
Source Ports are enabled in the Rule, but to no avail.
The Error being logged by the Firewall does not have a Rule, it appears to
be unable to understand the traffic so just refuses the traffic.
How does ISA Server determine what sort of traffic it's receiving so as to
apply the appropriate rules? Can someone suggest what I can try next in
order to troubleshoot this?
Thanks
Mark Davies
Other related posts:
- » Outbound FTP Connections failing at ISA Server 2004
