I have a frustrating problem with FTP across our ASA 5500 using OS 7.0.64.
When an internal user connects in active mode to an external ftp server and starts to download a large file, two connections are opened: one to port 21 of the FTP server and one to port 20 of the same server. During file transfer I can see that the byte count for connection to port 20 is increasing while byte count for connection to port 21 is not increasing and the idle time is growing. I believe this is a mistake and maybe a bug in the OS; in fact a user transferring a very large file can be disconnected during download because of connection timeout on port 21. The disconnect seems to consistently happen after 60 seconds into the FTP transfer.
Unfortunately, my FTP connection did not reach the global TCP timeout, which is set at 1 hour. The connection times out after 60 seconds every single time like clockwork. I checked all my configurations, but I do not have any idle-timeouts set for 60 seconds anywhere.
I placed sniffers in front and behind the ASA and noticed the connection was being closed by the server and not the ASA. However, when we open an FTP transfer between the FTP server and a client in front of the ASA, the transfer completes without a problem. I am completely baffled at what I am seeing. Can you suggest any commands I can issue on the ASA that would help with troubleshooting?
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :