Deny tcp src inside: WHY?????????????

Unanswered Question
Oct 29th, 2009

Dear ALL,

I have a PIX 515E 6.3 , a ftp server on windows 2000. A customer of me, sometimes esperinces ftp sessions hung without any particular reason. In the PIX's log I can find this error: Deny tcp src inside:192.168.0.239/20 dst outside: a.b.c.d/2435 by access-group "acl-outbound"

Why this behaviour since acl-outbound acl permit ftp sessions?

Regards

Alberto Brivio

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Panos Kampanakis Thu, 10/29/2009 - 10:09

You can check for ftp fixup. If it is enabled that could explain the behavior. If the fixed timed out then the pinholoe for ftp is no longer open.

I hope it helps.

PK

albertobrivio42 Fri, 10/30/2009 - 01:20

FTP fixup is enabled, but ftp session is no longer than 2 minutes so how can it timed out?

Panos Kampanakis Fri, 10/30/2009 - 13:51

Not likely.

Unless the inspection tears the data channel connection for some other reason.

PK

Actions

This Discussion