04-03-2006 09:18 AM - edited 02-21-2020 12:49 AM
I was under the impression that any session initiated from inside the PIX going out would allow that traffic to come back through the PIX without any additional ACL's. We are trying to access an FTP site from inside but cannot do so. When trying to connect to the same FTP site from a box outside our firewall, it works just fine.
Do I need to add an inbound ACL statement to allow this?
04-03-2006 09:29 AM
Hello,
you could try passive FTP with your client and this should solve the problem. Active FTP uses port 21 for accessing the server and port 20 for data transmission. As the server is sending with port 20 the PIX does not "know" what to do and then discards the packets.
With passive FTP both the control and the data connection are initiated by the client and should therefore be working.
Hope this helps! Please rate all posts.
Regards, Martin
04-03-2006 09:40 AM
Passive FTP is checked off in my browser options and it still doesn't work. I just added an ACL statement to our inbound ACL to allow all FTP traffic coming from our client and still nothing.
I'm not sure what else to try.
This is the error message I get when ever I try to run a command on their FTP site:
425 Can't build data connection: Cannot connect to dest socket xxx.xxx.xx.xx:1209 SSLTCP:380:connect tcp:113: No route to host.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: