Can't access external FTP sites using ISA 2004.

Posted on 2007-07-21
Last Modified: 2013-11-29
Dear all,

A customer is running 2 different ISA servers. Each ISA is dedicated to a different ISP.

1. ISA 2000 that allows some specific users to access everything. Doesn't filter any thing. traffic pass through Cisco pix firewall. users can access external FTP sites. that verifies that FTP traffic (port 20 and 21 ) is allowed from pix firewall.

2. MS ISA 2004 Standard edition with SP3 from here users can access HTTP,HTTPs but can't access external FTP sites. some ISA clients are web proxy and firewall. initially users can access ftp sites ie, now if a user try this IE returns following error.

Windows cannot access this folder. Make sure you typed the file name correctly and that you have permission to access the folder.
The server name or address could not be resolved

on isa 2004 a rule is made that allows external ftp traffic.

what could be the problem?

any suggestion would highly be appreciated!
Question by:Arabsoft
    LVL 29

    Accepted Solution

    Hi Arabsoft,

              What is the problem you encounter at the moment? You can not update symantec? Please do the following that I experienced in past and recognized the issue while monitoring syslogs
                    no fixup protocol dns maximum-length 512
                     If DNS length is a must, then increase it to at least 600, you can see which DNS length does the request for have if you check syslogs (i.e , length 566 discarded)



    Author Comment


    i quoted the example there as
    actually, users can not access any external ftp site. for example.,

    any other suggestion?
    LVL 29

    Expert Comment

    by:Alan Huseyin Kayahan
          Hi Arabsoft
                The issue I mentioned above may affect other ftp sites.
                You better post here the part of syslogs at the time of browsing an ftp site, so that we can see if it is PIX related or not.

    LVL 1

    Expert Comment

    Forced accept.

    EE Admin

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Highfive + Dolby Voice = No More Audio Complaints!

    Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

    Have you experienced traffic destined through a Cisco ASA firewall disappears and you do not know if the traffic stops in the firewall or somewhere else? The solution is the capture feature. This feature was released in 6.2(1) and works in all firew…
    SSL is a very common protocol used these days when browsing the web.  The purpose is to provide security to communication, but how does it do it?  There are several pieces at work that have to be setup before SSL will even work and it requires both …
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

    737 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    22 Experts available now in Live!

    Get 1:1 Help Now