Hello, I am having a problem with a LAN to LAN VPN tunnel and a FTP client that is trying to go to passive mode communication while on the VPN. I'm stumped.
On our side we have a Cisco Concentrator 3060 and a FTP server running on a Unix server. The Unix server is NAT'd to a public IP on the 3060. We have no port filtering in place.
On the foreign network, not controlled by us, we have a Cisco PIX 535 and a XP machine that has a static IP. The XP machine has a NAT on the PIX to a public IP. I am told there is no port filtering of any kind for this tunnel. I am able to RDP to the XP machine over the LAN to LAN tunnel. The PIX 535 is running FTP fixup protocol.
The XP uses a FTP client (indyFTP) to connect to the Unix server over the VPN, and connects fine in active FTP mode. 3 way hand shake happens fine, FTP client logs in and passes auth fine.
Then the FTP client on XP machine sends a PASSV command to the Unix server to indicate that it is entering passive mode. The Unix server responds with the PASSV ok response, the ip of the Unix server, and the ephemeral port number (~53,000ish). Normally I would expect to see a 3 way handshake next on the new port but I see nothing. Eventually the Unix server repeats its PASSV OK packet as a retransmission. It does this twice and after not hearing from the XP machine again it sends a goodbye. Then that goodbye also retransmits a few times.
This whole setup works from when the VPN is removed and the XP and Unix servers are on the same subnet.
Any help is GREATLY appreciated.