My clients want to access an FTP server, via ACE, and I am having some issues. They can login and issue only one command... the second command will not be accepted an after a few seconds the prompt shows the message "connection closed by remote host".
I have sniffed traffic and I see that the connection between the client and the ACE has a strange behaviour because ACE open connection to data using an source port of 1039 (it should be 20, since we are usind an active mode client); between the ACE and the real server runs in active mode (I see normal ftp-data packets).
Other strange thing is that I have FWSM and they let traffic pass from ACE to client (they should expect traffic comming from port 20 and not 1039)
I am doing source NAT and ACE is doing all the necessary changes on source IP adresses.
Anyone has seen similar behaviour?
Any help would be appreciated.
In attach I send my config and traffic sniffing.
Thanks in advance.
P.S. - client is 10.1.44.98; VIP is 10.1.9.150; real server 10.1.36.124
I didn´t mentioned this before but the gateway of all my networks is an ACE that is loadbalancing traffic to two firewall clusters. I think this is not important because I have a "catch all" VIP in all my interfaces; I assume that ACE forwards traffic with no restrictions or inspections leaving the inspection job to the firewalls and to the ACE that I use to load balance services.
Don´t think this could be the problem but just to make sure I decided to post it.
P.S. - my configs on the ACE that loadbalance traffic to the firewalls are very straightforward. Serverfarms (interfaces of the firewalls), a class-map with a "catch-all" VIP, policy-map to for the serverfarm, a policy-map to tie the class to the serverfarm and finally a service-policy apllied to each interface.
Introduction This article will help you understand the steps on how to
download the UCS licenses from the Cisco Systems website and then
installing it on the UCS. The redacted (blue lines) just covers up
certain numbers for privacy please do not take them...
Introduction This article will help you understand and educate the
customer on how to clear their "expired licenses"
(license-graceperiod-expired) from their UCS-M. If a customer just
purchased a license and needs a step by step guide on how to download
==================== VIC FNIC driver does not support Virtual Volumes (
second level LUN ID ) An enhancement request has been created to track
this feature - CSCux64473 UPDATE - 12-14-2016 We made some traction on
the enhancement request - The Fix is in t...