When trying to establish a connection to either ftp://ftp.hp.com, microsoft.com or dell.com etc, I receive this error:
ISA Server: extended error message :
200 Type set to A
500 Illegal PORT Command
The FTP rule on the ISA is not read only. Note I am not trying to upload only download. The error is received on IE and Firefox but not on Chrome browser which can view the website (it uses the same web proxy as IE and FF). Any ideas what the issue can be? Any help will be appreciated.
which type of ISA client are you uisng (Webproxy, Firewall Client, Secure NAT?)
The FTP filter is bound to the FTP protocol?
FTP download woks with a classic FTP client?
regards Marc Grote aka Jens Baier - www.it-training-grote.de - www.forefront-tmg.de - www.nt-faq.de
Thank you for the post.
Please refer to this thread: http://social.technet.microsoft.com/Forums/en-US/ForefrontedgeIA/thread/b0900d7e-0782-4332-b6fc-6f48543e10ef.
Do you use WPAD file to connect to the ISA server? If yes, please make sure the WPAD file is download successfully, see: http://blogs.msdn.com/b/nitinsingh/archive/2010/02/09/isa-is-not-always-at-fault-when-ftp-is-not-working.aspx.
Nick Gu - MSFT
- Proposed as answer by Nick Gu - MSFTMicrosoft contingent staff, Moderator Monday, June 20, 2011 9:23 AM
- Marked as answer by Nick Gu - MSFTMicrosoft contingent staff, Moderator Monday, July 11, 2011 2:38 AM
- Unmarked as answer by Strav2011 Tuesday, July 12, 2011 8:06 PM
The one site we were trying to reach was www.hp.com and searching for a device driver. When we press download it gives us the ISA server extended message however when we replace ftp://ftp.hp....... to http://ftp.hp......... in the url it will download the file. What is that trying to tell us?
I regards to the above propsed answers is this: What we are seeing on the ISA when we go through the firewall through windows explorer we see port 21 then it elevating to a higher port number and letting the connection through. What is missing going through IE or Firefox is the bump up to the higher port number unless that not the way FTP behaves going through the web proxy. The ASA is showing the traffic coming back being rejected by the ASA because it is expecting the traffic to come through at the higher port.