Clients Are Unable to Connect to an FTP Server that Is Published on the Secondary IP Address of ISA Server (301575)
The information in this article applies to:
- Microsoft Internet Security and Acceleration Server 2000
This article was previously published under Q301575 SYMPTOMS
Clients that are behind firewalls may not be able to download files from an FTP server that is:
- Server published by an Internet Security and Acceleration (ISA) Server-based server.
- On an IP address that is not the primary IP address.
CAUSE
This problem occurs during server publishing for an FTP server on an
ISA Server-based computer that has multiple IP addresses on the external interface and the server publishing rule is set to use an address other than the default address (second, third, and so on).
When the client makes a PORT request and provides an IP address and port to connect to, ISA Server creates a secondary connection by using the default IP address. This is rejected by firewalls, including ISA Server (if the remote client was behind ISA Server).
Note that clients that are directly connected to the Internet do not have a problem when they connect to an FTP server that is published in the preceding manner.
RESOLUTION
To resolve this problem, obtain and install the latest service pack for ISA Server 2000.
For additional information about how to obtain and install the latest ISA Server service pack, click the article number below
to view the article in the Microsoft Knowledge Base:
313139 How to Obtain the Latest Internet Security and Acceleration Server 2000 Service Pack
WORKAROUND
To work around this problem, only publish on the first bound IP address.
STATUSMicrosoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article.
| Modification Type: | Major | Last Reviewed: | 5/8/2002 |
|---|
| Keywords: | kbenv kbISAServ2000sp1fix kbnetwork kbprb KB301575 |
|---|
|