Solved: Failed Active FTP connections through a PIX 7.2.1

neallewis · ‎09-21-2006

I have a PIX running version 7.2.1 and when users on the inside try to start FTP connections to FTP servers on the outside, they can only do so in FTP Passive mode, and not FTP Active (ports) mode.

What is the best way to fix this?

Thanks,

Neal.

todh · ‎09-21-2006

Do you have ftp inspection turned on? It sounds like ftp inspection is turned off which will allow passive to work but not active.

View solution in original post

todh · ‎09-21-2006

Do you have ftp inspection turned on? It sounds like ftp inspection is turned off which will allow passive to work but not active.

neallewis · ‎09-21-2006

I put this in the config, and it now works:

class-map inspection_default

match default-inspection-traffic

!

policy-map global_policy

class inspection_default

inspect dns maximum-length 512

inspect ftp

inspect h323 h225

inspect h323 ras

inspect http

inspect netbios

inspect rsh

inspect rtsp

inspect skinny

inspect esmtp

inspect sqlnet

inspect sunrpc

inspect tftp

inspect sip

inspect xdmcp

inspect pptp

!

service-policy global_policy global

Thanks for your help.

neallewis · ‎09-21-2006

Actually i pulled that default global policy from an older 7.0.x config that seemed to be there from the start. It wasn't in the fresh 7.2.1 configs at all? plus i can't seem to find it, or the options in ASDM 5.2.1. but it must be there i guess?

Problem solved anyway.