FTP broken pipe with Cisco PIX 525

Unanswered Question
May 10th, 2007

Hello,

our customer has a problem with ftp protocol: when he try to GET-FTP from DMZ to INSIDE network after few seconds he received ftp broken pipe!

I have done several tests inserting the PERMIT IP ANY ANY rule but the problem has remained. the PIX was initially equipped with the release 6.3(3): I replaced it with release 6.3(5) as shown in the CSCeg52090 Bug but the problem remains.

Can you help me?

Thanks

Massimiliano

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
orovanziv Thu, 05/10/2007 - 02:54

Check if he use Passive ftp or active FTP. and what client he is using, most client knows how to handle this automatically.

sema-atos Thu, 05/10/2007 - 09:51

Hi,

we have done test using several ftp client in passive and active mode but the result is always "broken pipe"; further tests have been executed using the ftp directly from the DOS command .... After few seconds the FTP goes down.

Now I think that the only solution is upgrade to 7 software version; what do you think?

Thanks

Massimiliano

sema-atos Fri, 05/11/2007 - 00:32

Hi,

I am using ftp without strict; when I put packet analyzer on Inside network I see TCP/IP RST PACKET with IP source FTP server after few ACK PACKET FROM FTP client to FTP server. When I put packet analyzer on DMZ network I have the same situation: ACK from FTP server and after RST packet from FTP client to FTP server. I don't think that there is TCP windows problem: when I excluded the pix and I execute ftp lan to lan there is not problem. What do you think?

Actions

This Discussion