Cisco Support Community
Community Member

FTP not working thru PIX

Trying to FTP from inside to outside. It works with nat 0 but when I use a static mapping from a.b.c.148(inside address) to a.b.c.120(outside address) it will not work. They are in different subnets.

The PIX seems to just ignore the packet. There is no error message or denies!

fixup protocol ftp strict 21 (also tried with fixup protocol ftp 21)

global (outside) 1 netmask

nat (inside) 0 0 0

static (inside,outside) Workstation1 netmask 0 0

static (inside,outside) Workstation2 netmask 0 0

static (inside,outside) Workstation3 netmask 0 0

static (inside,outside) Workstation4 netmask 0 0

Connections to external ftp server (SYN timeout)

106100: access-list from-noc-lan permitted tcp inside/ -> outsi

de/ hit-cnt 1 (first hit)

302013: Built outbound TCP connection 7595411 for outside: (199.1.

1.200/21) to inside: (

710005: UDP request discarded from to inside:


302014: Teardown TCP connection 7595409 for outside: to inside:192

.1.3.148/1530 duration 0:02:01 bytes 0 SYN Timeout

Any ideas?

Community Member

Re: FTP not working thru PIX

Do a "show xlate local ip-workstation". You might need to execute a clear xlate for your inside hosts.

Also I'm missing the reason why you use a "global (outside) 1...". Do you also use have a "nat (inside) 1..." ?

Finally, what was the log looked before you use a static maping?

Community Member

Re: FTP not working thru PIX

I have the same problem. I tried adding service resetinbound and established permitto 113 as cisco's docs suggested.

CreatePlease to create content