FTP Issue with ASA 5520

Unanswered Question
Jun 11th, 2007

Hi,

My ftp customers are facing an issue while uploading files on to my FTP server.

From my outside Interface, I am able to download files, but while uploading it gives this error:

"Netout: Software caused connection abort. Connection closed by remote host".

I have filtered the debug log based on the IP address. Pls find the log below:

************** Debug Log***********

4|Jun 08 2007 14:15:22|106023: Deny tcp src outside:<IP Add>/5255 dst inside:<IP Add>/24781 by access-group "outside_access_in" [0x7576eee4, 0x0]

7|Jun 08 2007 14:15:22|609002: Teardown local-host outside:<IP Add>duration 0:02:26

6|Jun 08 2007 14:15:22|302014: Teardown TCP connection 58273 for outside:<IP Add>/5255 to inside:<Hostname>/24781 duration 0:01:52 bytes 4200 Parent flow is closed

6|Jun 08 2007 14:15:22|302014: Teardown TCP connection 57985 for outside:< IP Add>/5252 to inside:<Hostname>/21 duration 0:02:26 bytes 797 TCP FINs

6|Jun 08 2007 14:13:30|303002: <IP Add> Stored <IP Add>:aceftp3free.exe

6|Jun 08 2007 14:13:30|302013: Built inbound TCP connection 58273 for outside:<IP Add>/5255 (<IP Add>/5255) to inside:<Hostname>/24781 (<IP Add>/24781)

6|Jun 08 2007 14:12:58|302014: Teardown TCP connection 57990 for outside:<IP Add>/5253 to inside:<Hostname>/15303 duration 0:00:00 bytes 1309 TCP FINs

6|Jun 08 2007 14:12:57|302013: Built inbound TCP connection 57990 for outside:21<IP Add>/5253 (<Ip Add>/5253) to inside:<Hostname>/15303 (<IP Add>/15303)

6|Jun 08 2007 14:12:56|302013: Built inbound TCP connection 57985 for outside:<IP Add>/5252 (<IP>/5252) to inside:<Hostname>/21 (<IP>/21)

7|Jun 08 2007 14:12:56|609001: Built local-host outside:< IP Add >

*************** End **************

Any idea why am i getting this error.

Thanks,

Jayanth

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
vitripat Tue, 06/12/2007 - 10:04

Please refer to following log messages-

6|Jun 08 2007 14:15:22|302014: Teardown TCP connection 58273 for outside:/5255 to inside:/24781 duration 0:01:52 bytes 4200 Parent flow is closed

6|Jun 08 2007 14:15:22|302014: Teardown TCP connection 57985 for outside:< IP Add>/5252 to inside:/21 duration 0:02:26 bytes 797 TCP FINs

First teardown is tearing the connection to control channel of your FTP server. The reason, TCP FINs, now we need to find who is actually sending the FIN flag, client or server. For this purpose, you may set sniffer on your FTP server or on firewall to track down the exact sequence of the connection.

As control channel has been closed, your data connection is also torn down as control channel is the parent connection for data connection. Hence the reason "Parent flow is closed" for tearing the data connection.

We need to track the connection of control channel and find who and why is FINs being sent.

Regards,

Vibhor.

Actions

This Discussion