Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

FWSM Blocking FTP

I have a FWSM running 3.1.4 that has an outside and inside interface. There is a server 146.22.x.x on the outside that needs to ftp to 146.27.y.y The FW buffer log shows access-list outside is denying the traffic. I look at access-list outside and the very first line allows 146.22.x.x to 146.27.y.y I add an ACE on top to allow any tcp from 146.22.x.x to 146.27.y.y but still gets the denies in the log. I pipe the hex number on the deny info and it shows that the ACL denying the traffic is my explicit deny ip any any on line 91 of access-list outside. I am using the default class-map and policy-map. FTP is being inspected under the default map. Nat control is turned off on this FWSM. Any suggestions on how to troubleshoot this issue? Thanks

Rommel

1 ACCEPTED SOLUTION

Accepted Solutions
Community Member

Re: FWSM Blocking FTP

Without seeing the logs, I can only hazard a guess.

What are the ports of the denied traffic?

2 REPLIES
Community Member

Re: FWSM Blocking FTP

Without seeing the logs, I can only hazard a guess.

What are the ports of the denied traffic?

Community Member

Re: FWSM Blocking FTP

Update: Received help from TAC and turns out to be an issue with 3.1(4) code. Upgraded to 4.0.4 code as TAC recommended which resolved the issue.

Rommel

145
Views
0
Helpful
2
Replies
CreatePlease to create content