Article ID: 313343 - View products that this article applies to.
This article was previously published under Q313343
This article has been archived. It is offered "as is" and will no longer be updated.
Application filter functions allow the filters to specify the destination IP address for which a packet filter opens a secondary connection. The FTP application filter uses this functionality to open packet filters only for the IP address of the destination FTP server. This works correctly unless you are using firewall chaining. If you are using firewall chaining, packets that are received on the external network adapter of the downstream Internet Security and Acceleration (ISA) Server-based computer have a source IP address that is not of the FTP server, but is of the internal IP address of the upstream ISA Server-based computer. Therefore, ISA Server drops the packets.
To resolve this problem, obtain latest service pack for ISA Server 2000. For additional information about the latest service pack, click the article number below to view the article in the Microsoft Knowledge Base:
(http://support.microsoft.com/kb/313139/EN-US/ )How to Obtain the Latest Internet Security and Acceleration Server 2000 Service Pack
Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article.
This problem was corrected in ISA Server 2000 SP1.