Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

FTP Issues thru PIX 515

Looking for the most secure way to allow FTP transfers through our corporate Firewall.

Right now if an FTP is initiated from the inside network . . . we can connect to the FTP site and login but cannot execute commands like "ls -al" or actually move data.

I can see my firewall blocking inbound tcp connections from the FTP server on ports 20 and what appears to be a randomly generated tcp port.

4 REPLIES

Re: FTP Issues thru PIX 515

Hi,

is the ftp fixup protocol enabled?

Regards,

Tom

New Member

Re: FTP Issues thru PIX 515

Yes . . . I have fixup protocol ftp 21 configured on the PIX.

New Member

Re: FTP Issues thru PIX 515

I do not think port 20 is random it is ftp-data port you may need to open this up on the firewall... Also have you tried using passive mode in your ftp client

--Brian

New Member

Re: FTP Issues thru PIX 515

Here is what I see being blocked on the firewall for each command I try to issue once I am connected to the FTP server . . . my private network address is being xlated to 216.248.65.178.

106001: Inbound TCP connection denied from 207.177.41.14/6411 to 216.248.65.178/113 flags SYN on interface outside

106001: Inbound TCP connection denied from 207.177.41.14/20 to 216.248.65.178/1132 flags SYN on interfaceoutside

The 207.177.41.14 address is the address of the server I connect to via FTP. Connect works but no other commands work.

127
Views
0
Helpful
4
Replies
CreatePlease to create content