Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA, Trouble with FTP Transfert

Hi all,

I have some trouble and I have no idea now ...

I have the following network :

------------------------|-------------| <-Inside-> Cisco 1800 <--> Private VPN <--> FTP Server

FTP Client <-DMZ-> | ASA 5510 |

------------------------|-------------| <-Outside-> Modem/router <--> Internet

When I make a FTP connection, authentication is good (and slow) but I can't put any file.

The transfert begin but stop at 130 072 octets and I have a connection timeout.

If I remove the ASA 5510 like this :

FTP Client <--> Cisco 1800 <--> Private VPN <--> FTP Server

The authentication and transfert is Ok ...

People who maintain the Cisco 1800 say that they haven't any problem ...

The FTP Server is in Active Mode, my client too.

Static on ASA work because i can authenticating (tcp/21).

Ip inspect ftp is on (must be because we are in Active Mode).

I test a lot of thing but nothing better.

Access-list permit any for the test.

Finally, I sniff the network between the ASA and the 1800 and I don't have any ACK (I think) and I have a lot of TCP RETRANSMISSION.

Have you an idea to resolve my problem ...? Do you think this problem come from the ASA ?

Thanks a lot,

Fred

PS : I forget to do one thing ... fixed the speed and the duplex, I do it soon.

Sorry for my bad english ...

6 REPLIES

Re: ASA, Trouble with FTP Transfert

Your configuration contains the following items?

class-map inspection_default

match default-inspection-traffic

policy-map asa_global_fw_policy

class inspection_default

inspect ftp

service-policy asa_global_fw_policy global

New Member

Re: ASA, Trouble with FTP Transfert

Yes, my configuration contains this items.

If I don't have the ASA, I have the following sequences (wireshark) :

ftp-data > 6049 [ACK] Seq=1 Ack=9577 Win=25992 Len=0 TSV=1675536326 TSER=23653399

FTP Data: 1368 bytes

FTP Data: 1368 bytes

ftp-data > 6049 [ACK] Seq=1 Ack=10945 Win=28728 Len=0 TSV=1675536334 TSER=23653399

FTP Data: 1368 bytes

FTP Data: 1368 bytes

With the asa :

ftp-data > 6051 [ACK] Seq=1 Ack=23353 Win=54720 Len=0 TSV=1675557559 TSER=23655526

FTP Data: 1368 bytes

FTP Data: 1368 bytes

[TCP Retransmission] FTP Data: 1368 bytes

[TCP Retransmission] FTP Data: 1368 bytes

ftp-data > 6051 [PSH, ACK] Seq=1 Ack=26089 Win=60192 Len=0

FTP Data: 1368 bytes

FTP Data: 1368 bytes

[TCP Retransmission] FTP Data: 1368 bytes

Finally, I have a connection timeout ...

New Member

Re: ASA, Trouble with FTP Transfert

A little update because I don't find any issue ...

If someone have a idea ... ?

New Member

Re: ASA, Trouble with FTP Transfert

I am seeing the same issue. Interested in response.

New Member

Re: ASA, Trouble with FTP Transfert

What version of ASA Code are you running? See following document

https://www.cisco.com/en/US/docs/security/asa/asa72/release/notes/asarn72.html

New Member

Re: ASA, Trouble with FTP Transfert

Following caveat from earlier post

CSCsc91450

Yes

FTP control channel timing out although data channel is active.

436
Views
0
Helpful
6
Replies