cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
659
Views
0
Helpful
5
Replies

Problem with FTP that timeout after setting all the Cisco Pix 506E......

boliao7378
Level 1
Level 1

I'm having alot of problem with FTP......

This is how my network was setup. I have a firewall, Cisco Pix 506E which is connected to a Cisco 2950 switch.

I used NAT where it translate my Private IP to Public IP. I've open up Port 21 on my Firewall for FTP but it seem to give me problem......

Sometime I can connect and upload large files without any timeout, sometime, I can't upload files at all or it will timeout after 10% or 20% or whatever size.....

I've post in other forum and the expert told me it is due to the speed mismatch.

They ask me to ensure that my outside interface is set to 100BaseT FD.

I've done that. But I have this problem. I set my outside and inside interface to 1ooBaseT FD for the Firewall. Then I set the ports on my switch to 100Base T FD. When I do that, my server network card - eth0 show that it can only run on 100BaseT HD as is set a no autonegotiation. There is no way I can force the eth0 to run on 100BaseT FD.

But when I change the switch ports to 100 for speed but leave the Duplex as auto, my eth0 run on 100BaseT FD.

Basically I have confirmed that my firewall is connected to the router at 100BaseT FD (and my router is in 100Base).

I've set my firewall inside to connect at auto.

On my switch, I've set all the ports to run on 100 but leave Duplex setting to Auto.

My server eth0 is running on autonegotiation 100BaseT FD

But I still getting problem with my FTP. Sometime I can upload without problem, sometime I can't, it gets time out. I've tried using multiple FTP clients, I've tried connecting on ADSL and Cable on different venue. I've ask few of my friends to try and they too get the same problem.

I've very lost here. What is wrong here?

5 Replies 5

boliao7378
Level 1
Level 1

I've attached my latest firewall setting.

boliao7378
Level 1
Level 1

I did a show interface command and get the following:-

interface ethernet0 "outside" is up, line protocol is up

Hardware is i82559 ethernet, address is 0014.a807.610c

IP address x.x.x.36, subnet mask 255.255.255.224

MTU 1500 bytes, BW 100000 Kbit full duplex

4264126 packets input, 2654097766 bytes, 0 no buffer

Received 125257 broadcasts, 35 runts, 0 giants

45 input errors, 10 CRC, 0 frame, 0 overrun, 10 ignored, 0 abort

3568019 packets output, 1386361349 bytes, 0 underruns

0 output errors, 0 collisions, 0 interface resets

0 babbles, 0 late collisions, 0 deferred

1 lost carrier, 0 no carrier

input queue (curr/max blocks): hardware (128/128) software (0/42)

output queue (curr/max blocks): hardware (0/20) software (0/1)

interface ethernet1 "inside" is up, line protocol is up

Hardware is i82559 ethernet, address is 0014.a807.610d

IP address 192.168.0.254, subnet mask 255.255.255.0

MTU 1500 bytes, BW 100000 Kbit full duplex

3597617 packets input, 1381816950 bytes, 0 no buffer

Received 22224 broadcasts, 10 runts, 0 giants

41 input errors, 31 CRC, 0 frame, 0 overrun, 31 ignored, 0 abort

4018904 packets output, 2671865187 bytes, 0 underruns

0 output errors, 27 collisions, 0 interface resets

0 babbles, 5 late collisions, 59 deferred

25 lost carrier, 0 no carrier

input queue (curr/max blocks): hardware (128/128) software (0/31)

output queue (curr/max blocks): hardware (0/59) software (0/1)

the result of "sh int" indicates that 25 lost carrier, just wondering if the issue is related to the internet link. e.g. the office internet link went down when you were trying to upload a file.

to verify, you may do one of the followings when the issue occur:

ssh to the pix

establish a remote vpn tunnel to the pix

ping the x.x.x.34 or x.x.x.35

further, you may also want to verify whether the ftp server is functioning perfectly. to verify, simply play with the ftp server with a local pc.

Hi jackko,

I've check and that is not the problem. Can you tell me what do they mean by this:

45 input errors, 10 CRC, 0 frame, 0 overrun, 10 ignored, 0 abort

I seem to get alot of this under the outside but 0 on the inside.

I asked someone what does that mean and if I should be concern and I was informed that I should be very concern, they said that for outsider CRC error, it means there is something wrong with the cables connected from the IDC router to my firewall and I was advised to ask the IDC to change the cable that connect my firewall to their router.

What is your knowledge on CRC error?

crc basically is a mean for a device verifying the received data if there is any error during transmission.

according to cisco:

The number of Cyclical Redundancy Check errors. When a station sends a frame, it appends a CRC to the end of the frame. This CRC is generated from an algorithm based on the data in the frame. If the frame is altered between the source and destination, the security appliance notes that the CRC does not match. A high number of CRCs is usually the result of collisions or a station transmitting bad data.

i guess the issue is related to duplex mismatch between the pix and the outside interface connected device. also, verify the cable whether it's faulty or not.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: