Solved

Server 2008 R2 FTP server SNAFU

Posted on 2010-11-08
4
552 Views
Last Modified: 2012-05-10
I have an FTP server configured on an '08 R2 box behind a Cisco ASA 5505.  I have no problems accessing the server internally.  I can telnet from outside into the server on port 21.  When I try to use the web browser (IE8 or Firefox) it prompts me for the credentials and then fails to connect.  I have used both IIS7 and FileZilla (I even tried the FileZilla client) and nothing will connect.  To me, this thing is screaming firewall issue and I think NAT might be getting underfoot, but I cannot find any reason for it.  I have ports 20 and 21 open from outside and they are forwarded right to the server.  I have tried passive and active mode with no avail...any ideas?
0
Comment
Question by:219com
4 Comments
 
LVL 10

Expert Comment

by:jramsier
Comment Utility
i think firewall.  on the cisco you say you have it fwed.  On the outside try to tellnet port 21 and check the logs on the cisco to see if you got traffic.  If you do it might be the firewall on Windows 2008 R2, ensure that port 21 is open to the public firewall (windows 2008 have muiple section of the firewall)
0
 

Author Comment

by:219com
Comment Utility
I have disabled the Windows firewall all together.  When I check the ASA logs it is showing the inbound TCP connection to the correct port as does it when I try to connect with the web browser from outside.  It builds and instantly tears down the TCP connection.
0
 
LVL 3

Expert Comment

by:jeffmorlen
Comment Utility
Within Filezilla you will need to configure the PASV ports to be used.
On the firewall you will need to map those back to the server.

Usually when you get "part" of an FTP server running, it is the firewall that is blocking the communications.  In this case, possibly TCP/UDP traffic on port 20 or PASV ports.
0
 
LVL 9

Accepted Solution

by:
gavving earned 500 total points
Comment Utility
The ASA needs to have "inspect ftp" enabled.  You might also need the command "ftp mode passive".  \

Have you checked the Windows 2008 FTP server config to ensure that it's setup to allow FTP connections from non-local IP addresses?  

This walkthrough may not completely apply to you, but has some good information:
http://learn.iis.net/page.aspx/309/configuring-ftp-firewall-settings/

0

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

From Cisco ASA version 8.3, the Network Address Translation (NAT) configuration has been completely redesigned and it may be helpful to have the syntax configuration for both at a glance. You may as well want to read official Cisco published AS…
Outsource Your Fax Infrastructure to the Cloud (And come out looking like an IT Hero!) Relative to the many demands on today’s IT teams, spending capital, time and resources to maintain physical fax servers and infrastructure is not a high priority.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now