FTPS on Port 990 Thru ISA Server 2000

I am trying to access a remote secure ftp site using Secure FTP 2.5. I hvae configured the client to use port 990 for implicit communication. I have all of the typical ISA rules enabled. Is there something else I should be checking. I receive 'Connection Failed' everytime I attempt to connect.
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Keith AlabasterEnterprise ArchitectCommented:
What do you mean by 'the typical isa rules enabled'? The default install blocks all traffic so I am not clear on your statement.
Have you installed the service packs for ISA? In the early days, ISA proxies could be a little 'unorthodox'...

Are you trying the connection from a client or from the ISA server itself?
Have you installed the ISA Firewall client on your work stations or are you using SecureNAT?
What are you seeing in the ISA logs?
chantalcookwareAuthor Commented:
All service packs are installed. There are many protocol definitions and ip packet filters in place. Regular FTP works thru port 21, but my secure FTP thru 990 doesn't work. I don't see anything in the logs which would indicate the problem in ISA. I am attempting to connect from a machine on the internal network. The same machine can ping the ftp site successfully, but can't negotiate thru Secure FTP. The firewall client is not installed on this computer.
Keith AlabasterEnterprise ArchitectCommented:
So are you using Securenat? (Do you have your PC's default gateway pointed at the ISA servers internal interface?)
What is the secondary port number that you are using for the secure FTP? Regular FTP uses port 21 TCP with a secondary port of 20 on UDP. Does the secure FTP need a secondary port as well?

Introducing the "443 Security Simplified" Podcast

This new podcast puts you inside the minds of leading white-hat hackers and security researchers. Hosts Marc Laliberte and Corey Nachreiner turn complex security concepts into easily understood and actionable insights on the latest cyber security headlines and trends.

chantalcookwareAuthor Commented:
I don't think we are using Secure NAT, but default gateway is the internal interface address. The secondary port is between 3000 and 3200. I didn't set anything up for that. The primary port to connect on is 990. Thank you for all of your help
Keith AlabasterEnterprise ArchitectCommented:
If you are pointing to the inside ISA interface, that IS SecureNAT.
So, have created the secondary port on your 990 protocol? Does it now work OK?

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Keith AlabasterEnterprise ArchitectCommented:
Brilliant & thanks.

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Forefront ISA Server

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.