active ftp connection

Benjamin Saito · ‎04-16-2014

Hello,

I have an issue where a customer is trying to connect to a FTP server sitting behind a cisco asa 5505 (version 8.4). I don't think there is an issue with the firewall, but wanted to see if someone out there could shed some light on what the problem could be. The traffic is coming over a site-to-site vpn and they have full ip access over the VPN. FTP packet inspection is enabled. I am not sure what else I can do here. When I look at the firewall logs this is what I see:

Apr 16 08:38:58 "ASA's IP" %ASA-6-302013: Built inbound TCP connection 27671729 for outside:x.x.x.x/60986 (x.x.x.x/60986) to inside:10.1.131.2/21 (y.y.y.y/21)
Apr 16 08:39:32 "ASA's IP" %ASA-6-302013: Built inbound TCP connection 27671751 for outside:x.x.x.x/60997 (x.x.x.x/60997) to inside:10.1.131.2/20 (y.y.y.y/20)
Apr 16 08:40:02 "ASA's IP" %ASA-6-302013: Built inbound TCP connection 27671765 for outside:x.x.x.x/61000 (x.x.x.x/61000) to inside:10.1.131.2/20 (y.y.y.y/20)
Apr 16 08:40:02 "ASA's IP" %ASA-6-302014: Teardown TCP connection 27671751 for outside:x.x.x.x/60997 to inside:10.1.131.2/20 duration 0:00:30 bytes 0 SYN Timeout
Apr 16 08:40:32 "ASA's IP" %ASA-6-302014: Teardown TCP connection 27671765 for outside:x.x.x.x/61000 to inside:10.1.131.2/20 duration 0:00:30 bytes 0 SYN Timeout
Apr 16 08:41:53 "ASA's IP" %ASA-6-302014: Teardown TCP connection 27671729 for outside:x.x.x.x/60986 to inside:10.1.131.2/21 duration 0:02:54 bytes 439 TCP FINs

Looks to me like all the traffic is allowed and timing out on port 20. Could the VPN tunnel be messing with this traffic? I am also seeing some "FIN Timeout" and some "Pinhole Timeout" messages. Can anyone think of anything that I could check on the ASA for this?

Thanks in advance!