Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member


We are trying to setup a FTPES connection through ASA 5520 and are having some issues. I have a test setup on a 5505 and it works using standard command port 21 and defining the data ports on both the server and the firewall. In our production environment everything has been defined but the one difference I see now is our Production team wants the prod server to listen on port 8021 for the command channel. I am not seeing any blocking in our logs. I believe it is the FTP inspection rule not realizing this is a FTP session. I am not able to connect from Inside to DMZ or from Outside to DMZ and the FTP inspect rule is global. Basically I recieve the cert and start TLS but I am not able to do a dir listing and when doing a packet capture while trying to upload a file I recieve "TCP Window is Full". Anyone have any suggestions?

CreatePlease to create content