Deny tcp src inside: WHY?????????????

Unanswered Question
Oct 29th, 2009
User Badges:

Dear ALL,

I have a PIX 515E 6.3 , a ftp server on windows 2000. A customer of me, sometimes esperinces ftp sessions hung without any particular reason. In the PIX's log I can find this error: Deny tcp src inside:192.168.0.239/20 dst outside: a.b.c.d/2435 by access-group "acl-outbound"

Why this behaviour since acl-outbound acl permit ftp sessions?


Regards


Alberto Brivio

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Panos Kampanakis Thu, 10/29/2009 - 10:09
User Badges:
  • Cisco Employee,

You can check for ftp fixup. If it is enabled that could explain the behavior. If the fixed timed out then the pinholoe for ftp is no longer open.


I hope it helps.


PK


albertobrivio42 Fri, 10/30/2009 - 01:20
User Badges:

FTP fixup is enabled, but ftp session is no longer than 2 minutes so how can it timed out?

Panos Kampanakis Fri, 10/30/2009 - 13:51
User Badges:
  • Cisco Employee,

Not likely.


Unless the inspection tears the data channel connection for some other reason.


PK

Actions

This Discussion