On a Windows Vista-based computer, you use an FTP client to connect to a remote FTP server that requires a user name and a password to log on. When you use some FTP commands, such as dir, ls, and get, you may receive an error message after a long pause.
Note The IPsec policies on the Windows Vista-based computer require IPsec on incoming connections. However, the policies do not allow for IPsec on outgoing connections to the remote server.
For example, when you use the ls command, you may receive an error message that resembles the following:
200 PORT command successful. 150 Opening ASCII mode data connection for file list. Aborting any active data connections... 425 Can't open data connection. Connection closed by remote host.
The cause is the interplay that occurs among the IPsec policies, the operating mode of the FTP client, and the IPsec capabilities of the remote server. The FTP client operates in passive mode. For some commands, such as dir and get, the client's operation in passive mode means that the client opens a new listening endpoint. Then, the remote server must connect to this new endpoint, and the remote server must fulfill the command. The new connection cannot be established if the following conditions are true:
IPsec policies allow for the original outgoing connection from the client to the server to succeed in the clear.
IPsec policies require Authentication Header (AH) or Encapsulating Security Payload (ESP) on the new incoming connection from the server to the client.
The server does not support AH or ESP to the client.
To work around this issue, use one of the following methods:
Enable IPsec on the server.
Disable IPsec on the client.
Use Windows Explorer to connect to the remote FTP server because Window Explorer supports active mode.
Use a third-party FTP client that supports active mode to connect to the FTP server.