I thought I would run this by the forum in case there is someone out there who experienced the same issue. I have users behind an ASA5520 firewall running 8.x code who are unable to access a particular ftp site through a web browser or an ftp client such as FileZilla. Keep in mind that other ftp sites are accessible. I was notified of this as it worked in the morning of a particular day and then stopped working in the afternoon on the same day. Accessing the site from our guest network(different firewall) is possible. The SysAdmin insists it is a firewall issue. I have run the packet tracer on the firewall and the traffic is allowed. FTP inspection is configured. I get the same results when I try to access with IE or Firefox. Anyways, I thought I would post the questions to see if anyone has seen something like this before. If anyone is interested, the site is ftp://authordev.healthstream.com. TIA for any help or advice.
Seems to me that both of the captures show the same thing.
It shows first that the host forms the FTP Control connection (TCP/21) just fine and after that the server sends a TCP Reset for the connection immediately.
So TCP connections forms ok as we can see
- Initial TCP SYN from the client
- TCP SYN ACK from the Server
- TCP ACK from the Client
But then we see TCP Reset ACK from server.
I would suggest looking at the capture with Wireshark if you can see anything there.
But at the moment it seems that the TCP connection between the Client and Server forms just fine but for some reason the actual FTP server resets the connection.
I would probably ask the remote site information on what they see on their end with regards to the FTP server since it sends the TCP Reset.