Cisco Support Community
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Pix515 FTP outside-to-inside fails from OS/390 Mainframe


we have customer attempting an FTP from a OS/390 V2R10 C/C++ 5647-A01 Mainframe out in the internet through to a Windows server on the inside interface of a PIX515E Ver 7.0(2).

Each time they attempt the FTP it fails. We can FTP from windows, and other FTP client applications outside-to-inside OK, its just the mainframe which fails. The customer has Checkpoint firewalls at another sites and FTP?s through these are fine.

They send 5 of 6 ASCII FTP files at a time, each file being only a few 100K. On the last attempt 2 out of 7 files made it through.

On the PIX you see the TCP connections torn down:

Teardown TCP connection 28746032 for IFT-OUTSIDE: to IFT-INSIDE:IFT-WEB-01/21 duration 0:02:00 bytes 286 TCP FINs

Dec 15 09:41:00 Dec 15 2006 09:08:32: %PIX-6-302014: Teardown TCP connection 28746033 for IFT-OUTSIDE: to IFT-INSIDE:IFT-WEB-01/20 duration 0:02:00 bytes 118680 Parent flow is closed

Dec 15 09:41:00 Dec 15 2006 09:08:32: %PIX-6-106015: Deny TCP (no connection) from to flags RST on interface IFT-OUTSIDE

We have tried enabling/disabling fixup, and enabling/disabling ?ftp mode passive?

Does anyone have any suggestions on how to resolved this?


Community Member

Re: Pix515 FTP outside-to-inside fails from OS/390 Mainframe

Can you capture and post PCAP's when the issue happens ?

CreatePlease to create content