Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

PIX 7.0(2) and FTP

Dear friends,

I'm having a issue with my PIX 515E. I'm trying to connect to a external FTP server from a host located on my inside network. The problem is I can connect and authenticate, but no commands work. I got "Invalid Port Command".

I tried both with "ftp mode passive" and "no ftp mode passive", with no results. What could be happening?

Thanks,

Mauricio

6 REPLIES
Bronze

Re: PIX 7.0(2) and FTP

Did you check your global_policy map? make sure that inspect ftp is listed. This could well be the configuration on the other side. you can check from another location as well.

New Member

Re: PIX 7.0(2) and FTP

Etienne,

Yes. My configuration has "inspect ftp" and the problem happens with any FTP site. There's no problem of connecting from a Linux box with a DSL access located besides my firewall. So, the problem is PIX. What could be?

Regards,

Mauricio

Bronze

Re: PIX 7.0(2) and FTP

could you post your configuration? and also try to capture a syslog output when trying to access the ftp site.

Re: PIX 7.0(2) and FTP

Hi Mauri,

i had similar kind of issue with what u hav pointed out, but i end up with simple solution, i had cisco ASA 5510, in that there is a option called allowing the passive ftp mode, i just enabled that & it started working, so try the same in PIX, i tried using ASDM.

hope this helps.

rate this post if satisfied.

New Member

Re: PIX 7.0(2) and FTP

Hi, friend,

I already have tested this. I put it on my original post. I appreciate the help anyway. I guess there is a bug in my version, but I'm needing a correct answer to solve this.

Thanks,

Mauricio

Bronze

Re: PIX 7.0(2) and FTP

what do you see in your syslog? do you mind posting the config, you can remove relevant IP information.

128
Views
0
Helpful
6
Replies