My ISA 2004 server is placed on the LAN side of a simple hardware firewall and NAT device that is connected to the Internet.
In between the hardware firewall and the ISA server is a Network Associates WebShield device that needs to make ftp connections to a server on the internet.
I cannot get this to work; this is what I see in the ISA logs:
Source network: DMZ (= 10.150.10.0 - 10.150.10.255)
Client IP: 184.108.40.206 (the ftp server)
Source Port: 21
Destination network: DMZ
Destination IP: 10.150.10.5 (my device)
Destination port: 35783 (this varies)
Protocol: Unidentified IP traffic
Action: Denied connection
I have tried allowing all incoming TCP connections on ports 1024-65534 to no avail.
This setup used to work with ISA server 2000.
Thanks in advance for your help.