PIX 7.0(2) and FTP

Unanswered Question
Apr 19th, 2007
User Badges:

Dear friends,


I'm having a issue with my PIX 515E. I'm trying to connect to a external FTP server from a host located on my inside network. The problem is I can connect and authenticate, but no commands work. I got "Invalid Port Command".

I tried both with "ftp mode passive" and "no ftp mode passive", with no results. What could be happening?


Thanks,

Mauricio

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Tshi M Thu, 04/19/2007 - 12:32
User Badges:
  • Silver, 250 points or more

Did you check your global_policy map? make sure that inspect ftp is listed. This could well be the configuration on the other side. you can check from another location as well.

mauricioharley Thu, 04/19/2007 - 12:50
User Badges:

Etienne,


Yes. My configuration has "inspect ftp" and the problem happens with any FTP site. There's no problem of connecting from a Linux box with a DSL access located besides my firewall. So, the problem is PIX. What could be?


Regards,

Mauricio

Tshi M Thu, 04/19/2007 - 12:54
User Badges:
  • Silver, 250 points or more

could you post your configuration? and also try to capture a syslog output when trying to access the ftp site.

Anand Narayana Fri, 04/20/2007 - 04:52
User Badges:
  • Silver, 250 points or more

Hi Mauri,

i had similar kind of issue with what u hav pointed out, but i end up with simple solution, i had cisco ASA 5510, in that there is a option called allowing the passive ftp mode, i just enabled that & it started working, so try the same in PIX, i tried using ASDM.


hope this helps.


rate this post if satisfied.

mauricioharley Fri, 04/20/2007 - 05:11
User Badges:

Hi, friend,


I already have tested this. I put it on my original post. I appreciate the help anyway. I guess there is a bug in my version, but I'm needing a correct answer to solve this.


Thanks,

Mauricio

Tshi M Fri, 04/20/2007 - 05:39
User Badges:
  • Silver, 250 points or more

what do you see in your syslog? do you mind posting the config, you can remove relevant IP information.

Actions

This Discussion