FTP server uploads with ISA server 2004

[GigaG]

I am trying to get the ability for my users to upload files to an FTP server. I have ISA server 2004 set up as their gateway address. I have also assigned a rule for allowing the proper Ports (20 and 21) from the internal network and to that specific FTP server. The condition is set for all users, and I have other rules and policies set for the same "All users" and they work fine. I have also made sure that the FTP access filter is enabled. i attempted to set a NATtransport registry entry that was suggested in a TechBullitin, but this did not work either.

The error I get is "Access Denied" whenever using a FTP program to access the site. i am able to log in fine and if I log in from another network, I can upload just fine... so it is not permissions. i have tried active and passive... neither seems to work... The odd thing is when I monitor the traffic, i see it use my FTP rule and it Initiates connection and Closes fine, but i keep getting the Access denied error on the client end...

Any help would be appreciated,

MCP ACA-I CTP

 

[rubbaninja]

Is the "Access Denied" message from the ISA server or is it from the FTP server? Can you connect to any other ftp like ftp.microsoft.com if you include ftp.microsoft.com in your existing rule set?

 

[GigaG]

The access denied is from the FTP server... as I mentioned, the ISA server just shows the Initiated connection and closed connection. This happens with any ftp server... and works from outside the network fine

MCP ACA-I CTP

 

[rubbaninja]

Is it possible that the FTP server you are connecting to is denying the client based on the IP address hitting the FTP server (or allowing only certain IP's?
If you are getting access denied from the FTP server then it's the only thing that could be the problem.

For example;
I connect to a somewhat private web site. From home I can connect fine, from my Sprint evdo connection I connect fine, from anyplace but work I connect fine. The website denies the subnet my company is on. (this is a torrent indexing site, basic port 80 connection to a webpage with links to torrent files). It's possible that the site is denying your companies range.
Best bet is to contact the FTP provider.
Next best bet is to connect directly through your firewall to the FTP site bypassing the proxy server.
If you cannot do that or if ISA is your only "firewall" then the only thing you can really do is contact the FTP provider and ask.

 

[GigaG]

No... I have bypassed the ISA server and was able to connect and upload files, so it is not the server blocking it... Besides, as I mentioned, I can connect fine, it's uploading I'm having an issue with and using the same username and password outside out the ISA server works like a charm. Trust me I tried with multiple sites and I highly doubt every FTP server in the world is not blocking our IP address.

Thanks for trying to help anyways

MCP ACA-I CTP

 

[stephenprice]

In case you haven't yet found a solution:

In ISA Server 2004, under Firewall Policy, locate the rule which allows FTP Outbound Access (defaults to "SBS FTP Outbound Access Rule" on my SBS machine). Right click and select Configure FTP. Uncheck the Read Only option, which will then allow FTP uploads once applied.

I encountered the same problem a while ago and this was the solution - hope it works for you!