Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Deny tcp src inside: WHY?????????????

Dear ALL,

I have a PIX 515E 6.3 , a ftp server on windows 2000. A customer of me, sometimes esperinces ftp sessions hung without any particular reason. In the PIX's log I can find this error: Deny tcp src inside:192.168.0.239/20 dst outside: a.b.c.d/2435 by access-group "acl-outbound"

Why this behaviour since acl-outbound acl permit ftp sessions?

Regards

Alberto Brivio

3 REPLIES
Cisco Employee

Re: Deny tcp src inside: WHY?????????????

You can check for ftp fixup. If it is enabled that could explain the behavior. If the fixed timed out then the pinholoe for ftp is no longer open.

I hope it helps.

PK

Community Member

Re: Deny tcp src inside: WHY?????????????

FTP fixup is enabled, but ftp session is no longer than 2 minutes so how can it timed out?

Cisco Employee

Re: Deny tcp src inside: WHY?????????????

Not likely.

Unless the inspection tears the data channel connection for some other reason.

PK

1348
Views
0
Helpful
3
Replies
CreatePlease to create content