I am unable to create passive mode FTP session on my ACE. My scenario is I have to connect the FTP servers through modems installed on outside network via GPRS network. My configuration for the same is as follows:
access-list PERMIT line 8 extended permit ip any any access-list PERMIT line 16 extended permit icmp any any
probe tcp AMRAPPFTP port 21 interval 4 faildetect 2 passdetect interval 4 passdetect count 2 receive 45 connection term forced open 1
rserver host AMRAPP3S1 ip address 10.96.7.161 inservice rserver host AMRAPP3S2 ip address 10.96.7.166 inservice
The configuration looks fine here and if you look at these two lines of "show conn" output,
881418 2 in TCP 20 172.20.66.139:55410 10.96.7.85:21 ESTAB 500123 2 out TCP 2 10.96.7.166:21 172.20.66.139:55410 ESTAB
The above shows that control connection between FTP server and client is successful. But i don't see data channel being established here. In passive FTP client initiates the DATA connection. Also, i see you have applied the service policy on both VLAN's. You just need that on client side VLAN and not server side. Can we take a pcap on client itself and see what is going on?
I see the packet#73 and it looks fine. I see server sending the port to client with it's own IP. Now due to "inspect FTP" ACE will look inside the packet and translate the server IP to VIP which in turn i guess would be natted on firewall etc and then goes to the client.
We shall have pcaps at front end as well as backend simultaneously to see what is going on. RST comes from ACE IP here in the backend. But it could be due to the fact that client sent the RST at the front end. Can you check on firewall if it is dropping any connection by any chance?
Why do you need native HA: The native HA feature allows two Cisco DCNM
appliances to run as active and standby applications, with their
embedded databases synchronized in real time. Therefore, when the active
DCNM is not functioning, the standby DCNM will...
This document will provide screenshots to outline the steps to setup
TACACS+ configuration to ACI and also the configuration required on
Cisco ACS server. Please find the official Cisco guide for configuring
TACACS+ Authentication to ACI:
Is it supported or NOT supported? It's a frequently asked question.
Before APIC, release 2.3(1f), transit routing was not supported within a
single L3Out profile. In APIC, release 2.3(1f) and later, you can
configure transit routing with a single L3Out pr...