Improve company productivity with a Business Account.Sign Up

x
?
Solved

Server 2008 R2 FTP server SNAFU

Posted on 2010-11-08
4
Medium Priority
?
578 Views
Last Modified: 2012-05-10
I have an FTP server configured on an '08 R2 box behind a Cisco ASA 5505.  I have no problems accessing the server internally.  I can telnet from outside into the server on port 21.  When I try to use the web browser (IE8 or Firefox) it prompts me for the credentials and then fails to connect.  I have used both IIS7 and FileZilla (I even tried the FileZilla client) and nothing will connect.  To me, this thing is screaming firewall issue and I think NAT might be getting underfoot, but I cannot find any reason for it.  I have ports 20 and 21 open from outside and they are forwarded right to the server.  I have tried passive and active mode with no avail...any ideas?
0
Comment
Question by:219com
4 Comments
 
LVL 10

Expert Comment

by:jramsier
ID: 34086853
i think firewall.  on the cisco you say you have it fwed.  On the outside try to tellnet port 21 and check the logs on the cisco to see if you got traffic.  If you do it might be the firewall on Windows 2008 R2, ensure that port 21 is open to the public firewall (windows 2008 have muiple section of the firewall)
0
 

Author Comment

by:219com
ID: 34086951
I have disabled the Windows firewall all together.  When I check the ASA logs it is showing the inbound TCP connection to the correct port as does it when I try to connect with the web browser from outside.  It builds and instantly tears down the TCP connection.
0
 
LVL 3

Expert Comment

by:Jeff Morlen
ID: 34093123
Within Filezilla you will need to configure the PASV ports to be used.
On the firewall you will need to map those back to the server.

Usually when you get "part" of an FTP server running, it is the firewall that is blocking the communications.  In this case, possibly TCP/UDP traffic on port 20 or PASV ports.
0
 
LVL 9

Accepted Solution

by:
gavving earned 2000 total points
ID: 34096711
The ASA needs to have "inspect ftp" enabled.  You might also need the command "ftp mode passive".  \

Have you checked the Windows 2008 FTP server config to ensure that it's setup to allow FTP connections from non-local IP addresses?  

This walkthrough may not completely apply to you, but has some good information:
http://learn.iis.net/page.aspx/309/configuring-ftp-firewall-settings/

0

Featured Post

The Firewall Audit Checklist

Preparing for a firewall audit today is almost impossible.
AlgoSec, together with some of the largest global organizations and auditors, has created a checklist to follow when preparing for your firewall audit. Simplify risk mitigation while staying compliant all of the time!

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

OnPage has always empowered IT teams but also amplify alerting capabilities. In the following slides you will see 5 features of OnPage that act as important tools for any IT team to resolve incidents faster
This article is about building a site to site VPN tunnels in Cisco CSR1000V router with IOS XE. There are two Policy Based IPsec VPN tunnels configured on CSR1000V router one with NAT and another without NAT.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …

608 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question