After a great deal of effort I have set up an IIS 7.5 FTPS server in my DMZ. I am using User Isolation to keep things a little more secure and each user has their own virtual server.
During the build I had to configure FTP Firewall Support. I entered a port range and then the external address of my FTP server. Everything works great from the outside now. Problem is I need people on the inside to get vendor that was placed on the FTP site. The plan was to have employees on the inside login to the FTP server (from the inside network) with the same ID and pull data that was placed by the vendors.
Employees can connect to the FTP server in the DMZ fine but I get the following error:
Error: Connection timed out
Error: Failed to retrieve directory listing
We had the same error when connecting from the outside but it was resolved by:
1. Using Active instead of Passive
2. Putting the correct IP address in the FTP Firewall Support section of IIS - I had incorrectly put the DMZ address and when I put the external address fo the FTP server in everything went fine
So now we have the issue when connecting from the inside (can't list) but I can't change firewall settings beause it breaks the outside.
Anyone had this issue before or have a good article they know of?
We have a rule set in the Cisco ASA that basically duplicates the ports and access to the FTP server.