enable FTP access from ISA 2006

HI All,

  I have Mac client that wants to access outside FTP to download some data, the mac is connected to VLAN and its not in the same subnest as ISA 2006, I need to create a rule to enable it to access the FTP site wthout using secureNAT or ISA clint FW.

Please assist
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

You could either create a proxy rule to allow the Mac user/pc to access FTP sites using the ISA Server as its proxy, or if you wish to pass traffic you could add a packet filtering rule to allow the Mac user/pc to directly access outside sites using the ISA server as its gateway for those sites (eg. with a route)

The first option would be preferable as the latter is more complicated and would require additional ports for data transfers.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
ITMaster1979Author Commented:
Thanks, I have created the ISA rule with the FTP protocol but still they can not access, any changes I need to do

Try setting up the log viewer filtering the client IP of the Mac to ensure that the machine is using the proxy as expected, and to see how the ISA Server is handling it.

There could be a few things at play, depending on if the rule requires authentication to the proxy, if the ISA Server can access the FTP site ok, that the Mac is honouring proxy settings, so on and so forth.
SolarWinds® IP Control Bundle (IPCB)

Combines SolarWinds IP Address Manager and User Device Tracker to help detect IP conflicts, quickly identify affected systems, and help your team take near instantaneous action. Help improve visibility and enhance reliability with SolarWinds IP Control Bundle.

Leon FesterSenior Solutions ArchitectCommented:
Can you ping the ISA server from the MAC?
If yes then check that you internal networks are configured correctly.
You may need to include the IP range where the MAC is running as part of the internal network.

FTP rule should then be configured to with the other network listed in the allowed connections list.
Suliman Abu KharroubIT Consultant Commented:
First of all, are this VLAN network addresses listed in addresses under internal network properties of the  ISA server ? if not ISA server will detect that traffic is spoofed traffic.

then please create an access rule to allow ftp from that client ip address to external. if you create an local user and remove all users for authentication tab, this will prevent him/her from accessing ftp using secure NAT but still can access it as client FW and webproxy.

as I know, you can disable client FW for all users, not for a specific user --> this can be done from internal network properties.
ITMaster1979Author Commented:
Good answer
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Forefront ISA Server

From novice to tech pro — start learning today.