cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2483
Views
0
Helpful
3
Replies

Deny tcp src inside: WHY?????????????

albertobrivio42
Level 1
Level 1

Dear ALL,

I have a PIX 515E 6.3 , a ftp server on windows 2000. A customer of me, sometimes esperinces ftp sessions hung without any particular reason. In the PIX's log I can find this error: Deny tcp src inside:192.168.0.239/20 dst outside: a.b.c.d/2435 by access-group "acl-outbound"

Why this behaviour since acl-outbound acl permit ftp sessions?

Regards

Alberto Brivio

3 Replies 3

Panos Kampanakis
Cisco Employee
Cisco Employee

You can check for ftp fixup. If it is enabled that could explain the behavior. If the fixed timed out then the pinholoe for ftp is no longer open.

I hope it helps.

PK

FTP fixup is enabled, but ftp session is no longer than 2 minutes so how can it timed out?

Not likely.

Unless the inspection tears the data channel connection for some other reason.

PK

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: